This code is the official PyTorch implementation of the σ-zero: Gradient-based Optimization of ℓ0-norm Adversarial Examples.

The leftmost plot shows an instance of σ-zero’s execution on a two-dimensional problem. The initial point x (red dot) is modified via gradient descent to find the adversarial example x* (green star) while minimizing the number of perturbed features (i.e., the ℓ0 norm of the perturbation). The gray lines surrounding x demarcate regions where the ℓ0 norm is minimized. The rightmost plot shows the adversarial images (top row) and the corresponding perturbations (bottom row) found by σ-zero during the three steps highlighted in the leftmost plot, alongside their prediction and ℓ0 norm.

• Python ≥ 3.11.*
• PyTorch ≥ 2.0.*
• torchvision ≥ 0.15.*
• RobustBench ≥ 1.1
• adversarial-library ≥ 0.2.0
• torchattacks ≥ 3.5.1

In order to improve the reproducibility of our experiments, we released our anaconda environment, containing all dependencies and corresponding SW versions. The environment can be installed by running the following command:

conda env create -f env.yml

Once the environment is created, we can use it by typing conda activate sigmazero.

The code is structured as follows:

• configs/, where experimental configurations are stored.
• data/, where datasets are downloaded and stored.
• imagenet/val/, where the validation set of imagenet needs to be stored.
• models/, where models are downloaded and stored.
• results/, contains the results of the experiments created by the main script.
• utils/, contains wrappers for model and attacks.
• datasets.py, used to load datasets.
• model.py, used to download models to test.
• sigma_zero.py, contains the official implementation of σ-zero attack.
• utilities.py, contains useful function to run experiments.
• main.py, executes experiment in {args.config} on device {args.device}.

To execute an experiment where a number of attacks generate adversarial examples for a selected model, firstly a configuration must be created:

{
    "seed": 1233,
    "experiments": [
        {
            "attack": {
                "name": "sigma_zero",
                "params": {
                    "steps":100
                }
            },
            "dataset": "mnist",
            "model": "smallcnn_ddn",
            "n_samples": 100,
            "batch_size": 16
        }
    ]
}

Experiments is an array that can contain different attack configurations like the one above. Experiment are then run by calling the main function:

python main.py --device=cpu --config=configs/config_single_attack.json

After having executed the main function, a folder structure inside results/" will be created containing results, salient statistics and some resulting adversarial images.

The authors would like to thank:

• The contributors of adversarial-library, RobustBench and Torchattacks for having facilitated the development of this project;