Alan-Qin / Transfer_attack_RAP

Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation (NeurIPS 2022)
33 stars 0 forks source link
adversarial-attacks adversarial-machine-learning black-box-attack transfer-attack

Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation (NeurIPS 2022)

PyTorch implementation for the state-of-art transfer attack: Reverse Adversarial Perturbation (RAP).

Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation

Zeyu Qin, Yanbo Fan, Yi Liu, Li Shen, Yong Zhang, Jue Wang, Baoyuan Wu

In NeurIPS 2022.


Codes:

The examples:

The parameters of config:

- targeted attack or not : --targeted or None
- source model: -- source_model (resnet_50, densenet, inception, vgg16)
- random seed: --seed 1234
- interation number of outer minimization: --max_iterations 
- MI or not: --MI or None
- DI or not: --DI or None
- TI or not: --TI or None
- SI or not: (--SI and --m2 5) or None 
- Admix or not: 
  (--m1 3 an --m2 5) or None
  --strength 0.2
- transpoint:
  --transpoint 400: baseline method
  --transpoint 0: baseline+RAP
  --transpoint 100: baseline+RAP-LS
- loss function: --loss_function: CE or MaxLogit for outer minimization
- epsilon of attacks: --adv_epsilon: 16/255, the perturbation budget for - inner maximization
  --adv_steps: 8, the step for inner maximization

This code is based on source code from NeurIPS 2021 paper , "On Success and Simplicity: A Second Look at Transferable Targeted Attacks". The used dataset is also contained in their repository. Please consider leaving a :star: on their repository.