/nips17-adversarial-attack

Submission to Kaggle NIPS'17 competition on adversarial examples (non-targeted adversarial attack track)

Primary LanguagePythonMIT LicenseMIT

Kaggle NIPS'17 Competition

This repository contains the submission of team 'iwiwi' for the non-targeted adversarial attack track of Kaggle NIPS'17 competition on adversarial examples (https://www.kaggle.com/c/nips-2017-non-targeted-adversarial-attack).

Overview

Our approach is to produce adversarial examples by using fully-convolutional neural networks. The basic framework is the same as that of the Adversarial Transformation Networks paper (https://arxiv.org/pdf/1703.09387.pdf), but we used a much larger FCN model and stronger computation power, together with several new ideas such as multi-target training, multi-task training, and gradient hints. For details, we are preparing a technical report that describes our approach.

How to Run

docker pull iwiwi/nips17-adversarial
nvidia-docker run \
  -v ${INPUT_IMAGES}:/input_images \
  -v ${OUTPUT_IMAGES}:/output_images \
  -v ${SUBMISSION_DIRECTORY}:/code \
  -w /code \
  iwiwi/nips17-adversarial \
  ./run_attack.sh \
  /input_images \
  /output_images \
  ${MAX_PERTURBATION}

Examples

The following is the examples of our attack with MAX_PERTURBATION=16 (left: original image, middle: perturbated image, right: perturbation).

Example images

References

  • Shumeet Baluja, Ian Fischer. Adversarial Transformation Networks: Learning to Generate Adversarial Examples. CoRR, abs/1703.09387, 2017.
  • Alexey Kurakin, Ian J. Goodfellow, Samy Bengio, Yinpeng Dong, Fangzhou Liao, Ming Liang, Tianyu Pang, Jun Zhu, Xiaolin Hu, Cihang Xie, Jianyu Wang, Zhishuai Zhang, Zhou Ren, Alan L. Yuille, Sangxia Huang, Yao Zhao, Yuzhe Zhao, Zhonglin Han, Junjiajia Long, Yerkebulan Berdibekov, Takuya Akiba, Seiya Tokui, Motoki Abe. Adversarial Attacks and Defences Competition. CoRR, abs/1804.00097, 2018.

License

MIT License