A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for spencerwoo from gravatar.com spencerwoo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: spencerwooo
  • Requires: Python <3.14, >=3.10
Classifiers
Report project as malware

Project description


torchattack banner

Ruff pypi python versions pypi version pypi weekly downloads lint

🛡 torchattack - A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks.

pip install torchattack

Highlights

  • 🛡️ A curated collection of adversarial attacks implemented in PyTorch.
  • 🔍 Focuses on gradient-based transferable black-box attacks.
  • 📦 Easily load pretrained models from torchvision or timm using AttackModel.
  • 🔄 Simple interface to initialize attacks with create_attack.
  • 🔧 Extensively typed for better code quality and safety.
  • 📊 Tooling for fooling rate metrics and model evaluation in eval.
  • 🔁 Numerous attacks reimplemented for readability and efficiency (TGR, VDC, etc.).

Documentation

torchattack's docs are available at docs.swo.moe/torchattack.

Usage

import torch

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')

Load a pretrained model to attack from either torchvision or timm.

from torchattack import AttackModel

# Load a model with `AttackModel`
model = AttackModel.from_pretrained(model_name='resnet50').to(device)
# `AttackModel` automatically attach the model's `transform` and `normalize` functions
transform, normalize = model.transform, model.normalize

# Additionally, to explicitly specify where to load the pretrained model from (timm or torchvision),
# prepend the model name with 'timm/' or 'tv/' respectively, or use the `from_timm` argument, e.g.
vit_b16 = AttackModel.from_pretrained(model_name='timm/vit_base_patch16_224').to(device)
inv_v3 = AttackModel.from_pretrained(model_name='tv/inception_v3').to(device)
pit_b = AttackModel.from_pretrained(model_name='pit_b_224', from_timm=True).to(device)

Initialize an attack by importing its attack class.

from torchattack import FGSM, MIFGSM

# Initialize an attack
attack = FGSM(model, normalize, device)

# Initialize an attack with extra params
attack = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)

Initialize an attack by its name with create_attack().

from torchattack import create_attack

# Initialize FGSM attack with create_attack
attack = create_attack('FGSM', model, normalize, device)

# Initialize PGD attack with specific eps with create_attack
attack = create_attack('PGD', model, normalize, device, eps=0.03)

# Initialize MI-FGSM attack with extra args with create_attack
attack_args = {'steps': 10, 'decay': 1.0}
attack = create_attack('MIFGSM', model, normalize, device, eps=0.03, **attack_args)

Check out examples/ and torchattack.evaluate.runner for full examples.

Attacks

Name Class Name Publication Paper (Open Access)
Gradient-based attacks
FGSM FGSM ICLR 2015 Explaining and Harnessing Adversarial Examples
PGD PGD ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks
PGD (L2) PGDL2 ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks
MI-FGSM MIFGSM CVPR 2018 Boosting Adversarial Attacks with Momentum
DI-FGSM DIFGSM CVPR 2019 Improving Transferability of Adversarial Examples with Input Diversity
TI-FGSM TIFGSM CVPR 2019 Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks
NI-FGSM NIFGSM ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks
SI-NI-FGSM SINIFGSM ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks
DR DR CVPR 2020 Enhancing Cross-Task Black-Box Transferability of Adversarial Examples With Dispersion Reduction
VMI-FGSM VMIFGSM CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning
VNI-FGSM VNIFGSM CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning
Admix Admix ICCV 2021 Admix: Enhancing the Transferability of Adversarial Attacks
FIA FIA ICCV 2021 Feature Importance-aware Transferable Adversarial Attacks
PNA-PatchOut PNAPatchOut AAAI 2022 Towards Transferable Adversarial Attacks on Vision Transformers
NAA NAA CVPR 2022 Improving Adversarial Transferability via Neuron Attribution-Based Attacks
SSA SSA ECCV 2022 Frequency Domain Model Augmentation for Adversarial Attack
TGR TGR CVPR 2023 Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization
ILPD ILPD NeurIPS 2023 Improving Adversarial Transferability via Intermediate-level Perturbation Decay
MIG MIG ICCV 2023 Transferable Adversarial Attack for Both Vision Transformers and Convolutional Networks via Momentum Integrated Gradients
DeCoWA DeCoWA AAAI 2024 Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping
VDC VDC AAAI 2024 Improving the Adversarial Transferability of Vision Transformers with Virtual Dense Connection
BSR BSR CVPR 2024 Boosting Adversarial Transferability by Block Shuffle and Rotation
L2T L2T CVPR 2024 Learning to Transform Dynamically for Better Adversarial Transferability
ATT ATT NeurIPS 2024 Boosting the Transferability of Adversarial Attack on Vision Transformer with Adaptive Token Tuning
Generative attacks
CDA CDA NeurIPS 2019 Cross-Domain Transferability of Adversarial Perturbations
LTP LTP NeurIPS 2021 Learning Transferable Adversarial Perturbations
BIA BIA ICLR 2022 Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains
GAMA GAMA NeurIPS 2022 GAMA: Generative Adversarial Multi-Object Scene Attacks
Others
DeepFool DeepFool CVPR 2016 DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks
GeoDA GeoDA CVPR 2020 GeoDA: A Geometric Framework for Black-box Adversarial Attacks
SSP SSP CVPR 2020 A Self-supervised Approach for Adversarial Robustness

Development

On how to install dependencies, run tests, and build documentation. See Development - torchattack.

License

MIT

Related

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for spencerwoo from gravatar.com spencerwoo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: spencerwooo
  • Requires: Python <3.14, >=3.10
Classifiers

Release history Release notifications | RSS feed

1.7.2

1.7.1

1.7.0

1.6.0

This version

1.5.1

1.5.0

1.4.0

1.3.0

1.2.1

1.2.0

1.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

torchattack-1.5.1.tar.gz (63.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

torchattack-1.5.1-py3-none-any.whl (94.3 kB view details)

Uploaded Python 3

File details

Details for the file torchattack-1.5.1.tar.gz.

File metadata

  • Download URL: torchattack-1.5.1.tar.gz
  • Upload date:
  • Size: 63.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for torchattack-1.5.1.tar.gz
Algorithm Hash digest
SHA256 f46fb5e31bfe82b4e5677d4ba5f5eea6dd2b9310d17ed598720b441a80618abe
MD5 b1fd11367cc69a126c407d6a5d2ed5be
BLAKE2b-256 df58a0704ec4691faf6c578b508c6929a2c3217266b8b9aac2781f651e87fb84

See more details on using hashes here.

Provenance

The following attestation bundles were made for torchattack-1.5.1.tar.gz:

Publisher: pypi-publish.yml on spencerwooo/torchattack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file torchattack-1.5.1-py3-none-any.whl.

File metadata

  • Download URL: torchattack-1.5.1-py3-none-any.whl
  • Upload date:
  • Size: 94.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for torchattack-1.5.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9b05363118eec92356c918b5af352054a1a6ab49f0a8bc97e043ae1e6e83e612
MD5 e2a860248d7bb928b385504f2f50ec49
BLAKE2b-256 2b3e6b854552502f8af3899aa20da8c20ade10d3cdd72730180862d6f8cbd5d7

See more details on using hashes here.

Provenance

The following attestation bundles were made for torchattack-1.5.1-py3-none-any.whl:

Publisher: pypi-publish.yml on spencerwooo/torchattack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page