Evading Forensic Classifiers with Attribute-Conditioned Adversarial Faces [CVPR 2023]

Fahad Shamshad, Koushik Srivatsan, Karthik Nandakumar
MBZUAI, UAE.

Updates :loudspeaker:

• 28-07-2023: Code released.

Attribute-conditioned adversarial face image generation

Intructions for Code usage

Setup

• Get code

  git clone https://github.com/koushiksrivats/face_attribute_attack.git

• Build environment

  cd face_attribute_attack
  # use anaconda to build environment 
  conda create -n faa python=3.8
  conda activate faa
  # install packages
  pip install -r requirements.txt

Dataset and pre-trained weights

1. Download the forensic classifier training data:
   • You can download the real FFHQ images here
   • You can download the fake (styleGAN generated) FFHQ images here
   • Re-arrange them into the following folder structure.

     data
     |__ train
             |__ fake
             |__ real
     |__ test
             |__ fake
             |__ real

2. Download the pre-trained StyleGAN2 weights:
   • Download the pre-trained StyleGAN2 weights from here.
   • Place the weights in the 'pretrained_models' folder.

Usage

Train forensic classifier

python classifier_training.py \
  --train_data data/train \
  --test_data data/test \
  --batch_size 128 \
  --epochs 10 \
  --classifier_name resnet50 \
  --output_path forensic_classifier_trained_models/resnet50/ \
  --wandb_project_name project_name \
  --experiment_name resnet50_forensic_classifier \
  --resume_training False

# Note: The trained model will be saved in the output_path under the name 'best_epoch.pt' 

Adversarial faces with text as reference

python text_as_reference.py --config_file configs/config_text_as_reference.ini

Adversarial faces with image as reference

python image_as_reference.py --config_file configs/config_image_as_reference.ini

Adversarial transferability with meta-optimization (Uses the text-as-reference method)

python adversarial_transferability.py --config_file configs/config_adversarial_transferrability.ini

# If you're using this work in your research or applications, please cite using this BibTeX:

@inproceedings{shamshad2023evading,
  title={Evading Forensic Classifiers With Attribute-Conditioned Adversarial Faces},
  author={Shamshad, Fahad and Srivatsan, Koushik and Nandakumar, Karthik},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={16469--16478},
  year={2023}
}