Giter Site home page Giter Site logo

bo_attack's Introduction

BayesOpt Attack

This is the code repository for the query-efficient black-box attack method proposed in our paper BayesOpt Adversarial Attack.

Setup

Install the required libraries:

pip install -r requirements.txt

Collect CIFAR10 data:

python setup_cifar.py

Download Inception-v3 model checkpoint:

python setup_inception.py

Download ImageNet test data: ImageNet test images and ImageNet test labels , and put them under folder BayesOpt_Attacks/objective_func/tf_models/

Usage:

Run BayesOpt Attack experiments: python run_bayesopt_attack.py followed by the following important arguments:

  • -f Attack target model/dataset: mnist, cifar10 or imagenet
  • -m BayesOpt attack method: GP for GP-BO, ADDGPLD for ADDGP-BO or GPLDR for GP-BO-auto-dr
  • -ld Reduced dimension. =196 for MNIST and CIFAR10, =2304 for ImageNet. Not applicable when use GP-BO-auto-dr as it learns the reduced dimension automatically
  • -rd Upsampling method. Default =BILI for bilinear resizing
  • -nsub Number of subspaces from decomposing the image dimensions. Only applicable when use ADDGP-BO: =14 for MNIST, =12 for CIFAR10 or =27 for ImageNet.

Other arguments are described in run_bayesopt_attack.py.

Examples

Case 1: GP-BO attack on trained MNIST classifier for 900 iterations with reduced dimension of 14x14x1. Attack 1 correctly classified image with ID=0 on the other 9 class labels:

python run_bayesopt_attack.py -f='mnist' -m='GP' -nitr=900 -rd='BILI' -ld=196 -i=0 -ntg=9

Case 2: GP-BO-auto-dr attack on trained CIFAR10 classifier for 900 iterations. Attack 1 correctly classified image with ID=0 on the other 9 class labels:

python run_bayesopt_attack.py -f='cifar10' -m='GPLDR' -nitr=900 -i=0 -ntg=9

Case 3: ADDGP-BO attack on trained ImageNet classifier for 2000 iterations with reduced dimension of 48x48x1 and 27 subspaces. Attack 1 correctly classified image with ID=0 on a random class label:

python run_bayesopt_attack.py -f='imagenet' -m='ADDGPLD' -nitr=2000 -rd='BILI' -ld=2304 -nsub=27 -i=0 -ntg=1

Citation

Please cite our paper if you would like to use the code.

@inproceedings{
Ru2020BayesOpt,
title={BayesOpt Adversarial Attack},
author={Binxin Ru and Adam Cobb and Arno Blaas and Yarin Gal},
booktitle={International Conference on Learning Representations},
year={2020},
url={https://openreview.net/forum?id=Hkem-lrtvH}
}

bo_attack's People

Contributors

rubinxin avatar ajaysub110 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.