Perform White-Box and Black-Box adversarial attacks on images.
Project description
Adversarial_Attacks description
Create imperceptible pertubations on an input image to fool the model (here mobilenetv2 pretrained on imagenet) to misclassify it as another class (for example an image of a "pug" which is a dog breed at index 254).
repo: https://github.com/sifubro/Adversarial_Attacks
Usage
conda create --name virtenvname python=3.9
conda activate virtenvname
pip install adversarial-attacks-white-black-box==0.1.7
Experimentation
For all attacks and experimentation done please see the notebook adversarial_attack_experimentation.ipynb.
Main script
For a command line script do the following:
a) Targeted FGSM attack
This will run the simplest form of attack: Iterative FGSM targeted attack to fool the model into classifying an input image (here of a cat.jpg) to that of a pug (dog breed). The index 254 corresponds to the index of a "pug" in the imagenet dataset (see imagenet_class_list.md).
adversarial-attacks --input_img_path ./cat.jpg --output_path ./results_fgsm --target_class 254 --learning_rate 0.01 --sign_grad True --adv_iterations 30
Results will be saved in ./results_fgsm
Remark If you are having trouble just go in the subdirectory adversarial_attacks_white_black_box and run:
python main.py --input_img_path ./cat.jpg --target_class 254 --learning_rate 0.01 --sign_grad True --adv_iterations 30
(remember first to pip install the requirements.txt)
b) FGSM attack masking background
This will run FGSM only on the foregound object (main one) while masking the background during optimization
adversarial-attacks --input_img_path ./cat.jpg --output_path ./results_mask_background --attack_method FGSMMaskBackground --target_class 254 --mask_background True --learning_rate 0.05 --sign_grad True --adv_iterations 10
Results will be saved in ./results_mask_background
TODO: Do the reverse
c) Zeroth Order Optimization Strategy
This will run a Black Box attack without assuming we have access to the gradients of the model. We estimate the zeroth-order gradient by using 2 perturbed samples.
adversarial-attacks --input_img_path ./cat.jpg --output_path ./results_zoo --attack_method ZerothOrderOptimization --target_class 254 --epsilon 0.05 --learning_rate 0.1 --add_noise True --noise_max_val 0.01 --sign_grad True --adv_iterations 30
Results will be saved in ./results_zoo
d) Natural Evolution Strategies
TODO
This will run a Black Box attack without assuming we have access to the gradients of the model. We estimate the gradient by using a family of perturbations (e.g. Gaussian)
Results will be saved in ./results_nes
e) FGSM on superpixels
TODO
Results will be saved in ./results_fgsm_superpixel
For experimentation with more attacks see adversarial_attack_experimentation.ipynb
Module explanation
adversarial_attack_experimentation.ipynb: This is a un-cleaned development notebook containing basic ideas and code. Needs to be refactored. For clean scripts and command line interface see below!adversarial_attack_base.py: Defines Abstract class (TODO: to convert to ABC) so that each attack can inherit fromhelper_functions.py: Basic helper functions for preprocessing input, decoding predictions, postprocessing and visualization.imagenet_class_list.md: ImageNet classification indicies for each class (254=pug for example)main.py: Main script for command line usage
TODO list:
- Add additional abstract methods (convert AdversarialAttack class to ABC) so that each attack can inherit from
- experiment more with attacks (e.g. NES, modifying foreground/background and superpixels)
- Introduce
loggingmodule - Add
typingfor each function Dockerizeimplementation- create Dockerfile and run inside a container to ensure same packages
- serve the methods
Instructions on how to create the package
python setup.py sdist bdist_wheel
pip install twine
twine upload dist/*
if failed login to PyPI account https://pypi.org/account/login/
and the setting "Add API token" -> copy and configue twine as follows
[pypi]
username = your_username
password = API-token
(for windows under C:\Users\Username)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file adversarial_attacks_white_black_box-0.1.7.tar.gz.
File metadata
- Download URL: adversarial_attacks_white_black_box-0.1.7.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.8.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a66db6ac0c879665480663ab3752ec3534b3db42c77293449bde846a7d2bb203 |
|
| MD5 | 9aed8d9d605afa96634077cd004049c8 |
|
| BLAKE2b-256 | 47c1a1ebdeb50545c2b78f29927152e2c8fffeb83923832310feababb7c291e5 |
File details
Details for the file adversarial_attacks_white_black_box-0.1.7-py3-none-any.whl.
File metadata
- Download URL: adversarial_attacks_white_black_box-0.1.7-py3-none-any.whl
- Upload date:
- Size: 12.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.8.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | be7632d78b48f0f4068a11320821792195ea4785d3f7794da8dc629dbfb6f439 |
|
| MD5 | 26176a936b33767d96e2d10b247003f7 |
|
| BLAKE2b-256 | 7b62f607553d25ffe1254d1b02826061a14a1e91bc50c8547253b36e6ac25984 |
