This repository contains the official PyTorch implementation of SparseFool algorithm described in [1].

To execute the code, please make sure that the following packages are installed:

• NumPy
• PyTorch and Torchvision (install with CUDA if available)
• matplotlib

A simple demo that computes the sparse adversarial perturbation of a test image.

A simple demo that controls the perceptibility of the resulted perturbation of a test image.

This function implements the algorithm proposed in [1] using PyTorch to find sparse adversarial perturbations.

The parameters of the function are:

• im: image (tensor).
• net: neural network.
• lb: the lower bounds for the adversarial image values.
• ub: the upper bounds for the adversarial image values.
• lambda_ : the control parameter for going further into the classification region, by default = 3.
• max_iter: max number of iterations, by default = 50.

This function implements the algorithm proposed in [1] for solving the linearized box-constrained problem. It is used by sparsefool.py for solving the linearized problem.

This function implements the algorithm proposed in [2] for computing adversarial perturbations. It is used by sparsefool.py for the linear approximation of the decision boundary.

Includes general functions

Contains some examples for the demos. The images where cropped to have square dimensions:

• cat.jpg(source): it is used by test_sparsefool.py.
• red_light.jpg(source): it is used by test_perceptibility.py.

[1] A. Modas, S. Moosavi-Dezfooli, P. Frossard: SparseFool: a few pixels make a big difference. In Computer Vision and Pattern Recognition (CVPR ’19), IEEE, 2019.

[2] S. Moosavi-Dezfooli, A. Fawzi, P. Frossard: DeepFool: a simple and accurate method to fool deep neural networks. In Computer Vision and Pattern Recognition (CVPR ’16), IEEE, 2016.