Implementation of DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification [NeurIPS 2023].
Diffattack is a strong adversarial attack against diffusion-based purification defenses. We provide the following scripts for reproducing the results.
Please refer to requirement.txt for the required packages of running the codes in the repo.
Put the folder models and pretrained under DiffAttack_Score_Based/ and DiffAttack_DDPM_Based/.
Please refer to DiffPure for the adjattack against score-based diffusion purification defenses.
DiffAttack against score-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_rand_inf.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_rand_inf_70-16-dp.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_rand_L2.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_rand_L2_70-16-dp.sh SEED1 SEED2
DiffAttack against score-based purification on ImageNet with ResNet-50 under Linf attack:
sh run_in_rand_inf.sh SEED1 SEED2
DiffAttack against score-based purification on ImageNet with WideResNet-50-2 under Linf attack:
sh run_in_rand_inf_50-2.sh SEED1 SEED2
DiffAttack against score-based purification on ImageNet with DeiT-S under Linf attack:
sh run_in_rand_inf_deits.sh SEED1 SEED2
The scripts are provided in DiffAttack_DDPM_Based/run_scripts/cifar10/
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_ddpm_inf_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_ddpm_inf_70_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_ddpm_l2_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_ddpm_l2_70_bpda.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_ddpm_inf.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_ddpm_inf_70.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_ddpm_l2.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_ddpm_l2_70.sh SEED1 SEED2
The code base is built upon Auto-Attack and DiffPure.
If you consider our repo helpful, please consider citing:
@article{kang2024diffattack,
title={DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification},
author={Kang, Mintong and Song, Dawn and Li, Bo},
journal={Advances in Neural Information Processing Systems},
volume={36},
year={2024}
}