This is the python implementation of our paper, "Diversified Adversarial Attacks based on Conjugate Gradient Method" , accepted to ICML2022. paper(arxiv)
Python | 3.9.8 | ||
PyTorch | 1.10.0+cu113 | ||
gcc | gcc version >= 5.4.0 | ||
CUDA | 11.5 |
- Install python libraries.
pip install -r requirements.txt
- Complie
.cpp
and.c
codes.
cd src/utils/cluster_coef_c
python setup.py build_ext -i
- Set ImageNet dataset.
The directory name is the same as auto-attack
After your download, ls
outputs the follow.
storage/ILSVRC2012/ILSVRC2012_img_val_for_ImageFolder/val
- Downloads the robsust models from RobustBench.
cd src
python get_models.py
export CUBLAS_WORKSPACE_CONFIG=:4096:8
- Fix
PYTHONHASHSEED
to 0.
export PYTHONHASHSEED=0
-
ImageNet
cd ../storage/ILSVRC2012
- Download
ILSVRC2012_img_val.tar
andILSVRC2012_devkit_t12.tar.gz
from ImageNet official site
$ ls ILSVRC2012_img_val.tar
-
mkdir val && tar -xf ILSVRC2012_img_val.tar -C ./val
-
tar -xzf ILSVRC2012_devkit_t12.tar.gz
-
python build_dataset.py
Attack on CIFAR-10
python -B run_cifar10_attack.py -o ../debug -g 0 --log_level 20 --param ./params/robustbench/cifar10/autoconjugate.yaml ./params/robustbench/cifar10/di.yaml --experiment -bs 10
Attack on ImageNet
python -B run_imagenet_attack.py -o ../debug -g 0 --log_level 20 --param ./params/robustbench/imagenet/autoconjugate.yaml ./params/robustbench/cifar10/di.yaml --experiment -bs 10
Attack on CIFAR-100
python -B run_cifar100_attack.py -o ../debug -g 0 --log_level 20 --param ./params/robustbench/cifar100/autoconjugate.yaml ./params/robustbench/cifar10/di.yaml --experiment -bs 10
(find ../result/ -maxdepth 7 |grep -e AUTOP -e AUTOC | xargs -L1 -P1 python run_evaluator_from_csv.py -ns 1 -r && find ../result/ -maxdepth 7 |grep AUTOC | xargs -L1 -P1 python run_evaluator_from_csv.py -ns 5 -r ) > cifar10_cw_result.csv
and open cifar10_cw_result.csv
Ding2020MMA,AUTOConjugaterestart-1,WideResNet-28-4,\cite{Ding2019},53.40,Wed Jan 26 10:59:21 2022
Ding2020MMA,AUTOConjugate,WideResNet-28-4,\cite{Ding2019},55.77,Wed Jan 26 10:59:21 2022
- 1st column: model name listed in RobustBench.
- 2nd column: the algorithm name.
AUTOConjugaterestart-1
mean ACG with one restart. - 3rd column: the architecture of model
- 4th column: the citation of the adversarial training method
- 5th column: the attack success rates
- 6th column: the execution start time
- Docker
https://www.docker.com/ - NVIDIA Container Toolkit
https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/overview.html
Build Docker Command
docker build --rm -t autocg:latest .
Create docker instance
docker run -it --gpus all -v $PWD/src:/AutoCG/src autocg /bin/bash
Start created container instance
docker start -ai [ContainerID]
Connect started container
docker attach [ContainerID]
Detach from Container
[control-P] [control-Q]
@inproceedings{yamamura2022,
title={Diversified Adversarial Attacks based on Conjugate Gradient Method},
author={Keiichiro Yamamura and Haruki Sato and Nariaki Tateiwa and Nozomi Hata and Toru Mitsutake and Issa Oe and Hiroki Ishikura and Katsuki Fujisawa},
booktitle={ICML},
year={2022}
}