This repository is an official implementation of the paper Adaptive Image Transformations for Transfer-based Adversarial Attack, which has been accepted by ECCV2022.
Adversarial attacks provide a good way to study the robustness of deep learning models. One category of methods in transfer-based black-box attack utilizes several image transformation operations to improve the transferability of adversarial examples, which is effective, but fails to take the specific characteristic of the input image into consideration. In this work, we propose a novel architecture, called Adaptive Image Transformation Learner (AITL), which incorporates different image transformation operations into a unified framework to further improve the transferability of adversarial examples. Unlike the fixed combinational transformations used in existing works, our elaborately designed transformation learner adaptively selects the most effective combination of image transformations specific to the input image. Extensive experiments on ImageNet demonstrate that our method significantly improves the attack success rates on both normally trained models and defense models under various settings.
- python==
3.6.5 - tensorflow==
1.14 - numpy==
1.19.4 - imageio==
2.3.0 - pandas=
1.1.5 - stn==
1.0.1
-
Training set Download the images and the label file to
data/dev_imagesanddata/dev_dataset.csvrespectively -
Evaluation set Download the images and the label file to
data/val_rsanddata/val_rs.csvrespectively
-
Naturally trained models: Incv3, Incv4, IncResv2, Resv2-101, Resv2-152, Mobv2-1.0, Mobv2-1.4, PNASNet, NASNet
-
Adversarially trained models: Incv3_adv, Incv3_ens3, Incv3_ens4, IncResv2_ens
Download all the models to
model
bash train.sh gpu-id
The trained model will be saved in model/AITL_20_4
bash attack.sh gpu-id
The generated adversarial images and corresponding evaluation result will be saved in output
We've has provided an example of the generated adversarial images (e.g., 'AITL (ours)' in Table 3 in the paper) for evaluation.