This code contains implementation of the following papers in pytorch.
1) DeepFool : A batch deepfool version based on this github repository. 2) Universal Adverserial Perturbation: Based on this github repository 3) Fast Feature Fool: Based on this github repository
Universal Adverserial Perturbations are single perturbations of very small norm which are able to successfully fool networks. It is quite astonishing as it shows that a single directional shift in the image space can cause such huge errors.
This repository provides two types of Universal Adverserial Perturbations(UAPs), Data dependent(based on Universal Adverserial Perturbations) , and Data Independent(based on fast feature fool).
python find_uap model im_path im_list [options]Where,
model: is the network you want to find UAP for(currently 'vgg16' and 'resnet18', easily extendable)im_path: is the path to folder containing images to train perturbation on.im_list : is the path to file containing list of all images to train perturbation on.For more information, use python find_uap.py --h
test_uap.py <model> <im_path> <im_list> <perturbation_path> [options]Where,
model: is the network you want to evaluate UAP for(currently 'vgg16' and 'resnet18', easily extendable)im_path: is the path to folder containing images to evaluate perturbation on.im_list : is the path to file containing list of all images to evaluate perturbation on.For more information, use python test_uap.py --h
As models used in works Universal Adverserial Perturbation and Fast-feature-fool were on tensorflow, these model took input of range 0-255. However, in Pytorch, the models have a different input range. The input is processed in the following fashion:
Using this information, we can find out the input range:
(Lowest = min(-Channel_mean/Channel_std),Highest = max((1-Channel_mean)/ Channel_std))From this we calculate the input range to be 4.765. The norm limits for the perturbations have been shifted accordingly.
I would like to thank :
Also, a big thanks to Video Analytics Lab.