/AdvBox

Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.

Primary LanguageJupyter NotebookApache License 2.0Apache-2.0

Advbox Family

logo

Advbox Family is a series of AI model security tools set of Baidu Open Source,including the generation, detection and protection of adversarial examples, as well as attack and defense cases for different AI applications.

Our Work

AdvSDK

A Lightweight Adv SDK For PaddlePaddle to generate adversarial examples.

Homepage of AdvSDK

AdvBox

Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models.Advbox give a command line tool to generate adversarial examples with Zero-Coding.

Homepage of AdvBox

ODD(Object Detector Deception)

ODD is a tool-box for attacking object detectors with mainstream attack methods. It provides users with convenience on doing experiment and benchmark. Users can place modified OD model and customize attack cost function according to attack goal in the framework.

For now, ODD only has a yolo(faster-yolo v2) model to play with. We welcome contributions for more models and attack methods to go onto the stage.

Homepage of ODD

AdvDetect

AdvDetect is a toolbox to detect adversarial examples from massive data.

Homepage of AdvDetect

AdvPoison

Data poisoning

AI applications

Face Recogniztion Attack

Homepage of Face Recogniztion Attack

Stealth T-shirt

On defcon, we demonstrated T-shirts that can disappear under smart cameras. Under this sub-project, we open-source the programs and deployment methods of smart cameras for demonstration.

Homepage of Stealth T-shirt

pic1

Fake Face Detect

The restful API is used to detect whether the face in the picture/video is a false face.

Homepage of Fake Face Detect

pic2

Paper and ppt of Advbox Family

How to cite

If you instead use AdvBox in an academic publication, cite as:

@misc{advbox2018,
 author= {Goodman, Dou and Hao, Xin and Wang, Yang and Xiong, Junfeng and Wu, Yuesheng},
 title = {Advbox:a toolbox to generate adversarial examples that fool neural networks},
 month = mar,
 year  = 2018,
 url   = {https://github.com/baidu/AdvBox}
}

Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield

@inproceedings{goodman2019cloud,
  title={Cloud-based Image Classification Service is Not Robust to Affine Transformation: A Forgotten Battlefield},
  author={Goodman, Dou and Hao, Xin and Wang, Yang and Tang, Jiawei and Jia, Yunhan and Wei, Tao and others},
  booktitle={Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop},
  pages={43--43},
  year={2019},
  organization={ACM}
}

Who use/cite AdvBox

  • Pablo Navarrete Michelini, Hanwen Liu, Yunhua Lu, Xingqun Jiang; A Tour of Convolutional Networks Guided by Linear Interpreters; The IEEE International Conference on Computer Vision (ICCV), 2019, pp. 4753-4762
  • Ling, Xiang and Ji, Shouling and Zou, Jiaxu and Wang, Jiannan and Wu, Chunming and Li, Bo and Wang, Ting; Deepsec: A uniform platform for security analysis of deep learning model ; IEEE S&P, 2019
  • Deng, Ting and Zeng, Zhigang; Generate adversarial examples by spatially perturbing on the meaningful area; Pattern Recognition Letters[J], 2019, pp. 632-638

Issues report

https://github.com/baidu/AdvBox/issues

License

AdvBox support Apache License 2.0