Skip to content

Latest commit

 

History

History
58 lines (46 loc) · 2.48 KB

README.md

File metadata and controls

58 lines (46 loc) · 2.48 KB

subspace-attack.pytorch

Code for our NeurIPS 2019 paper Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks.

Our paper is also available on arxiv.

Environments

  • Python 3.5
  • PyTorch 1.1.0
  • torchvision 0.2.2
  • glog 0.3.1

Datasets and Reference Models

We use CIFAR-10 and ImageNet in our experiment, and these two datasets should be prepared into the following structure:

subspace-attack.pytorch  
└───data
    ├── cifar10 
    │   ├── cifar-10-batches-py
    │   └── cifar-10-python.tar.gz
    └── imagenet 
        ├── train
        └── val

For reference models, please download at this link, extract and put them into data/ directory.

Usage

To mount an untargeted l-inf attack on a WRN victim model on CIFAR-10 using AlexNet+VGGNets as references (i.e., the CIFAR-10->WRN->Ours row in Table 1 of our paper)

python3 attack.py --arch wrn-28-10-drop --attack-type untargeted --norm-type linf --dataset cifar10 --ref-arch alexnet_bn vgg11_bn vgg13_bn vgg16_bn vgg19_bn --ref-arch-train-data cifar10.1

We also provide many logs for experiments used in our paper at this link.

Acknowledgements

The following resources are very helpful for our work:

Citation

Please cite our work in your publications if it helps your research:

@inproceedings{subspaceattack,
  title={Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks},
  author={Guo, Yiwen and Yan, Ziang and Zhang, Changshui},
  booktitle={Advances in Neural Information Processing Systems},
  pages={3820--3829},
  year={2019}
}