Pytorch implementation of Blackbox Attacks via Surrogate Ensemble Search in NeurIPS 2022.
Blackbox Attacks via Surrogate Ensemble Search
Zikui Cai, Chengyu Song, Srikanth V. Krishnamurthy, Amit K. Roy-Chowdhury,
M. Salman Asif
UC Riverside
In this paper, we propose a novel method for blackbox attacks via surrogate ensemble search (BASES) that can generate highly successful blackbox attacks using an extremely small number of queries. We first define a perturbation machine that generates a perturbed image by minimizing a weighted loss function over a fixed set of surrogate models. To generate an attack for a given victim model, we search over the weights in the loss function using queries generated by the perturbation machine. Since the dimension of the search space is small (same as the number of surrogate models), the search requires a small number of queries.
See requirements.txt, some key dependencies are:
- python==3.8
- torch==1.11.0
# Query in a blackbox setting
python query_w_bb.py --n_wb 20 --victim densenet121
# Learn weights in a whitebox setting
python learn_w_wb.py
gcv_images.zip contains randomly selected images and responses from GCV
python gcv_attack.py
Go to comparison folder for more details