This is the Tensorflow code for our paper Patch-wise Attack for Fooling Deep Neural Network, and Pytorch version can be found at here.
In our paper, we propose a novel patch-wise iterative Attack by using the amplification factor and guiding gradient to its feasible direction. Comparing with state-of-the-art attacks, we further improve the success rate by 3.7% for normally trained models and 9.1% for defense models on average. We hope that the proposed methods will serve as a benchmark for evaluating the robustness of various deep models and defense methods.
-
Tensorflow 1.14, Python3.7
-
Download the models
- Normlly trained models (DenseNet can be found in here)
- Ensemble adversarial trained models
- Feature Denoising
-
Then put these models into ".models/"
-
Run the code
python project_iter_attack.py
-
The output images are in "output/"
If you find this work is useful in your research, please consider citing:
@inproceedings{Zhang2020PatchWise,
title={Patch-wise Attack for Fooling Deep Neural Network},
author={Gao, Lianli and Zhang, Qilong and Song, jingkuan and Liu, Xianglong and Shen, Hengtao},
Booktitle = {European Conference on Computer Vision},
year={2020}
}