/torchattack

🛡 A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks.

Primary LanguagePythonMIT LicenseMIT

torchattack banner
Ruff Code style: black lint GitHub release (latest by date)

🛡 torchattack - A set of adversarial attacks in PyTorch.

Install from GitHub source -

python -m pip install git+https://github.com/spencerwooo/torchattack

Install from Gitee mirror -

python -m pip install git+https://gitee.com/spencerwoo/torchattack

Usage

import torch
from torchattack import FGSM, MIFGSM
from torchattack.eval import AttackModel

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')

# Load a model
model = AttackModel.from_pretrained(model_name='resnet50', device=device)
transform, normalize = model.transform, model.normalize

# Initialize an attack
attack = FGSM(model, normalize, device)

# Initialize an attack with extra params
attack = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)

Check out torchattack.eval.run_attack for a simple example.

Attacks

Gradient-based attacks:

Name $\ell_p$ Publication Paper (Open Access) Class Name
FGSM $\ell_\infty$ ICLR 2015 Explaining and Harnessing Adversarial Examples FGSM
PGD $\ell_\infty$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGD
PGD (L2) $\ell_2$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGDL2
MI-FGSM $\ell_\infty$ CVPR 2018 Boosting Adversarial Attacks with Momentum MIFGSM
DI-FGSM $\ell_\infty$ CVPR 2019 Improving Transferability of Adversarial Examples with Input Diversity DIFGSM
TI-FGSM $\ell_\infty$ CVPR 2019 Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks TIFGSM
NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks NIFGSM
SI-NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks SINIFGSM
VMI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VMIFGSM
VNI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VNIFGSM
Admix $\ell_\infty$ ICCV 2021 Admix: Enhancing the Transferability of Adversarial Attacks Admix
FIA $\ell_\infty$ ICCV 2021 Feature Importance-aware Transferable Adversarial Attacks FIA
PNA-PatchOut $\ell_\infty$ AAAI 2022 Towards Transferable Adversarial Attacks on Vision Transformers PNAPatchOut
SSA $\ell_\infty$ ECCV 2022 Frequency Domain Model Augmentation for Adversarial Attack SSA
TGR $\ell_\infty$ CVPR 2023 Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization TGR
DeCoWA $\ell_\infty$ AAAI 2024 Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping DeCoWA
VDC $\ell_\infty$ AAAI 2024 Improving the Adversarial Transferability of Vision Transformers with Virtual Dense Connection VDC

Others:

Name $\ell_p$ Publication Paper (Open Access) Class Name
DeepFool $\ell_2$ CVPR 2016 DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks DeepFool
GeoDA $\ell_\infty$, $\ell_2$ CVPR 2020 GeoDA: A Geometric Framework for Black-box Adversarial Attacks GeoDA
SSP $\ell_\infty$ CVPR 2020 A Self-supervised Approach for Adversarial Robustness SSP

Development

# Create a virtual environment
python -m venv .venv
source .venv/bin/activate

# Install deps with dev extras
python -m pip install -r requirements.txt
python -m pip install -e ".[dev]"

License

MIT

Related