gongzhitaao / tensorflow-adversarial

Crafting adversarial images
MIT License
223 stars 70 forks source link
adversarial adversarial-images adversarial-texts deep-learning tensorflow

Craft Image Adversarial Samples with Tensorflow

THE CODE IS PROVIDED AS IT-IS, MAY NOT UPDATE IT ANYMORE. HOPEFULLY IT IS STILL HELPFUL.

DOI

Table of Contents

  1. API
  2. Dependencies
  3. The model
  4. How to Use
  5. Results
  6. More Attacks (outdated)
  7. Related Work
  8. Citation

This repo contains adversarial image crafting algorithms implemented in pure Tensorflow. The algorithms can be found in attacks folder. The implementation adheres to the principle tensor-in, tensor-out. They all return a Tensorflow operation which could be run through sess.run(...).

API

Dependencies

  1. Python3, samples codes uses many of the Python3 features.
  2. Numpy, only needed in sample codes.
  3. Tensorflow, tested with Tensorflow 1.4.

The model

Notice that we have model as the first parameter for every method. The model is a wrapper function to create the target model computation graph. The first parameter has to be the input x, other parameters may be added when necessary, but they need to have default values.

def model(x, logits=False):
  # x is the input to the network, usually a tensorflow placeholder
  ybar = ...                    # get the prediction
  logits_ = ...                 # get the logits before softmax
  if logits:
    return y, logits
  return y

How to Use

Implementation of each attacking method is self-contained, and depends only on TensorFlow. Copy the attacking method file to the same folder as your source code and import it.

The implementation should work on any framework that is compatible with Tensorflow. Examples are provided in examples folder, each example is self-contained.

Results

More Attacks

The list is outdated.

Related Work

Citation

You are encouraged to cite this code if you use it for your work. See the above Zenodo DOI link.