Advbox Family is a series of AI model security tools set of Baidu Open Source,including the generation, detection and protection of adversarial examples, as well as attack and defense cases for different AI applications.
-
COMMSEC: Tracking Fake News Based On Deep Learning. HITB GSEC 2019
-
COMMSEC: Hacking Object Detectors Is Just Like Training Neural Networks. HITB GSEC 2019
-
COMMSEC: How to Detect Fake Faces (Manipulated Images) Using CNNs. HITB GSEC 2019
-
Attacking and Defending Machine Learning Applications of Public Cloud. Blackhat Asia 2020
A Lightweight Adv SDK For PaddlePaddle to generate adversarial examples.
Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models.Advbox give a command line tool to generate adversarial examples with Zero-Coding.
ODD is a tool-box for attacking object detectors with mainstream attack methods. It provides users with convenience on doing experiment and benchmark. Users can place modified OD model and customize attack cost function according to attack goal in the framework.
For now, ODD only has a yolo(faster-yolo v2) model to play with. We welcome contributions for more models and attack methods to go onto the stage.
- It is Open Source for COMMSEC: Hacking Object Detectors Is Just Like Training Neural Networks. HITB GSEC 2019
- Recorded Video from 6:00:00
AdvDetect is a toolbox to detect adversarial examples from massive data.
Data poisoning
Homepage of Face Recogniztion Attack
On defcon, we demonstrated T-shirts that can disappear under smart cameras. Under this sub-project, we open-source the programs and deployment methods of smart cameras for demonstration.
The restful API is used to detect whether the face in the picture/video is a false face.
If you instead use AdvBox in an academic publication, cite as:
@misc{advbox2018,
author= {Goodman, Dou and Hao, Xin and Wang, Yang and Xiong, Junfeng and Wu, Yuesheng},
title = {Advbox:a toolbox to generate adversarial examples that fool neural networks},
month = mar,
year = 2018,
url = {https://github.com/baidu/AdvBox}
}
Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield
@inproceedings{goodman2019cloud,
title={Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield},
author={Goodman, Dou and Hao, Xin and Wang, Yang and Tang, Jiawei and Jia, Yunhan and Wei, Tao and others},
booktitle={Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop},
pages={43--43},
year={2019},
organization={ACM}
}
- Pablo Navarrete Michelini, Hanwen Liu, Yunhua Lu, Xingqun Jiang; A Tour of Convolutional Networks Guided by Linear Interpreters; The IEEE International Conference on Computer Vision (ICCV), 2019, pp. 4753-4762
- Ling, Xiang and Ji, Shouling and Zou, Jiaxu and Wang, Jiannan and Wu, Chunming and Li, Bo and Wang, Ting; Deepsec: A uniform platform for security analysis of deep learning model ; IEEE S&P, 2019
- Deng, Ting and Zeng, Zhigang; Generate adversarial examples by spatially perturbing on the meaningful area; Pattern Recognition Letters[J], 2019, pp. 632-638
https://github.com/baidu/AdvBox/issues
AdvBox support Apache License 2.0