Giters

MILO-GRP / TRM-UAP

[ICCV 2023] "TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization", Yiran Liu, Xin Feng, Yunlong Wang, Wu Yang, Di Ming*

Home Page:https://github.com/RandolphCarter0/TRMUAP

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

adversarial-attacksdata-freeuniversal-adversarial-perturbation

Truncated Ratio Maximization UAP

[Paper] [Supp] [Poster] [Presentation]

Code for the method [ICCV 2023] "TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization", Yiran Liu, Xin Feng, Yunlong Wang, Wu Yang, Di Ming*.

A data-free universal attack to craft the universal adversarial perturbation (UAP) via truncated ratio maximization. This code depends on PyTorch.

Update

  • Apr 27, 2024: We updated the parameter set of the curriculum learning-based training strategy in the file strategy.py and revised the parameter set of the UAP training to help other researchers reproduce our paper's results. We also uploaded the pre-trained UAPs with different surrogate models in the folder perturbations.
  • Feb 29, 2024: We updated the curriculum learning-based training strategy in the file strategy.py to provide a comprehensive illustration of the optimal experiment setup. Besides, the performance of TRM-UAP, as proposed in our paper, could be improved with further exploration of experimental hyperparameters.

Dependencies

This repo is tested with pytorch=1.12.0, python=3.6.13. Install all python packages using following command:

pip install -r requirements.txt

Usage Instructions

1. Preparation

ImageNet validation set: Load the parameters of pretrained models with PyTorch, download ImageNet dataset from here.

  • TorchHub : the directory saves PyTorch pretrained model parameters.
  • dataset : the directory contains the datasets.
  • perturbations : the directory stores the UAP crafted by universal attacks.

2. Training

For example, run the following command:

python train.py --surrogate_model vgg16 --target_model vgg19 --val_dataset_name imagenet 
                --p_active --n_active --p_rate 0.8 --n_rate 0.7

This will start a training to craft a UAP from the surrogate model vgg16 and attack the target model vgg19 on ImageNet with the positive and negative truncated activations correspondingly.

3. Testing

After a UAP is generated and saved on the directory perturbations, you can also load the UAP to attack other models:

python attack_test.py --test_model vgg19 --val_dataset_name imagenet --uap_path perturbations/uap_vgg16.npy

This will load the UAP made by vgg16 from perturbations and attack the target model vgg19 on imagenet.

Acknowledgements

The code refers to GD-UAP, pytorch-gd-uap.

We thank the authors for sharing sincerely.

Citation

If you find this work is useful in your research, please cite our paper:

@InProceedings{Liu_2023_ICCV,
    author    = {Liu, Yiran and Feng, Xin and Wang, Yunlong and Yang, Wu and Ming, Di},
    title     = {TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization},
    booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)},
    month     = {October},
    year      = {2023},
    pages     = {4762-4771}
}

Contact

Yiran Liu: lyr199804@qq.com

Di Ming: diming@cqut.edu.cn

About

[ICCV 2023] "TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization", Yiran Liu, Xin Feng, Yunlong Wang, Wu Yang, Di Ming*

https://github.com/RandolphCarter0/TRMUAP

adversarial-attacksdata-freeuniversal-adversarial-perturbation

Languages

Language:Python 100.0%