Skip to content
/ torchattack Public

🛡 A set of adversarial attacks in PyTorch

License

MIT license
36 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spencerwooo/torchattack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

163 Commits
.github/workflows
.github/workflows
 
 
tests
tests
 
 
torchattack
torchattack
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🛡 torchattack - A set of adversarial attacks in PyTorch.

Install from GitHub source -

python -m pip install git+https://github.com/spencerwooo/[email protected]

Install from Gitee mirror -

python -m pip install git+https://gitee.com/spencerwoo/[email protected]

Usage

import torch

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')

Load a pretrained model to attack from either torchvision or timm.

from torchattack import AttackModel

# Load a model with `AttackModel`
model = AttackModel.from_pretrained(model_name='resnet50', device=device)
# `AttackModel` automatically attach the model's `transform` and `normalize` functions
transform, normalize = model.transform, model.normalize

Initialize an attack by importing its attack class.

from torchattack import FGSM, MIFGSM

# Initialize an attack
attack = FGSM(model, normalize, device)

# Initialize an attack with extra params
attack = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)

Initialize an attack by its name with create_attack().

from torchattack import create_attack

# Initialize FGSM attack with create_attack
attack = create_attack('FGSM', model, normalize, device)

# Initialize PGD attack with specific eps with create_attack
attack = create_attack('PGD', model, normalize, device, eps=0.03)

# Initialize MI-FGSM attack with extra args with create_attack
attack_cfg = {'steps': 10, 'decay': 1.0}
attack = create_attack('MIFGSM', model, normalize, device, eps=0.03, attack_cfg=attack_cfg)

Check out torchattack.eval.runner for a full example.

Attacks

Gradient-based attacks:

Name $\ell_p$ Publication Paper (Open Access) Class Name
FGSM $\ell_\infty$ ICLR 2015 Explaining and Harnessing Adversarial Examples FGSM
PGD $\ell_\infty$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGD
PGD (L2) $\ell_2$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGDL2
MI-FGSM $\ell_\infty$ CVPR 2018 Boosting Adversarial Attacks with Momentum MIFGSM
DI-FGSM $\ell_\infty$ CVPR 2019 Improving Transferability of Adversarial Examples with Input Diversity DIFGSM
TI-FGSM $\ell_\infty$ CVPR 2019 Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks TIFGSM
NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks NIFGSM
SI-NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks SINIFGSM
VMI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VMIFGSM
VNI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VNIFGSM
Admix $\ell_\infty$ ICCV 2021 Admix: Enhancing the Transferability of Adversarial Attacks Admix
FIA $\ell_\infty$ ICCV 2021 Feature Importance-aware Transferable Adversarial Attacks FIA
PNA-PatchOut $\ell_\infty$ AAAI 2022 Towards Transferable Adversarial Attacks on Vision Transformers PNAPatchOut
SSA $\ell_\infty$ ECCV 2022 Frequency Domain Model Augmentation for Adversarial Attack SSA
TGR $\ell_\infty$ CVPR 2023 Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization TGR
DeCoWA $\ell_\infty$ AAAI 2024 Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping DeCoWA
VDC $\ell_\infty$ AAAI 2024 Improving the Adversarial Transferability of Vision Transformers with Virtual Dense Connection VDC

Others:

Name $\ell_p$ Publication Paper (Open Access) Class Name
DeepFool $\ell_2$ CVPR 2016 DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks DeepFool
GeoDA $\ell_\infty$, $\ell_2$ CVPR 2020 GeoDA: A Geometric Framework for Black-box Adversarial Attacks GeoDA
SSP $\ell_\infty$ CVPR 2020 A Self-supervised Approach for Adversarial Robustness SSP

Development

# Create a virtual environment
python -m venv .venv
source .venv/bin/activate

# Install deps with dev extras
python -m pip install -r requirements.txt
python -m pip install -e ".[dev]"

License

MIT

Related

About

🛡 A set of adversarial attacks in PyTorch

Topics

pytorch adversarial-examples adversarial-attacks

Resources

Readme

License

MIT license
Activity

Stars

36 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases 15

v1.0.1 Latest
Nov 25, 2024
+ 14 releases

Sponsor this project

Contributors 9

Languages