Beyond imagenet attack (accepted by ICLR 2022) towards crafting adversarial examples for black-box domains.

Last update: Nov 23, 2022

Related tags

Overview

Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains (ICLR'2022)

This is the Pytorch code for our paper Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains). In this paper, with only the knowledge of the ImageNet domain, we propose a Beyond ImageNet Attack (BIA) to investigate the transferability towards black-box domains (unknown classification tasks).

Requirement

Python 3.7
Pytorch 1.8.0
torchvision 0.9.0
numpy 1.20.2
scipy 1.7.0
pandas 1.3.0
opencv-python 4.5.2.54
joblib 0.14.1
Pillow 6.1

Dataset

Download the ImageNet training dataset.
- ImageNet Training Set.
Download the testing dataset.
- ImageNet Validation Set. We also provide precomputed imagenet validation dataset in here (download it to imagenet folder and then run convert.py, thanks @aaron-xichen).
- CUB-200-2011
- Stanford Cars
- FGVC AirCraft
- CIFAR-10, CIFAR-100, STL-10 and SVHN can be automatically downloaded via torchvision.dataset

Note: After downloading CUB-200-2011, Standford Cars and FGVC Aircraft, you should set the "self.rawdata_root" (DCL_finegrained/config.py: lines 59-75) to your saved path.

Target model

The checkpoint of target model should be put into model folder.

CUB-200-2011, Stanford Cars and FGVC AirCraft can be downloaded from here.
CIFAR-10, CIFAR-100, STL-10 and SVHN can be automatically downloaded.
ImageNet pre-trained models are available at torchvision.

Pretrained-Generators

Adversarial generators are trained against following four ImageNet pre-trained models.

VGG19
VGG16
ResNet152
DenseNet169

After finishing training, the resulting generator will be put into saved_models folder. You can also download our pretrained-generator from here.

Train

Train the generator using vanilla BIA (RN: False, DA: False)

python train.py --model_type vgg16 --train_dir your_imagenet_path --RN False --DA False

your_imagenet_path is the path where you download the imagenet training set.

Evaluation

Evaluate the performance of vanilla BIA (RN: False, DA: False)

python eval.py --model_type vgg16 --RN False --DA False

Citing this work

If you find this work is useful in your research, please consider citing:

@inproceedings{Zhang2022BIA,
  author    = {Qilong Zhang and
               Xiaodan Li and
               Yuefeng Chen and
               Jingkuan Song and
               Lianli Gao and
               Yuan He and
               Hui Xue},
  title     = {Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains},
  Booktitle = {International Conference on Learning Representations},
  year      = {2022}
}

Acknowledge

Thank @aaron-xichen and @Muzammal-Naseer for sharing their codes.

You might also like...

This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

Black-Box-Defense This repository contains the code and models necessary to replicate the results of our recent paper: How to Robustify Black-Box ML M

2 Oct 5, 2022

This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

Black-Box-Defense This repository contains the code and models necessary to replicate the results of our recent paper: How to Robustify Black-Box ML M

2 Oct 5, 2022

Official PyTorch implementation of N-ImageNet: Towards Robust, Fine-Grained Object Recognition with Event Cameras (ICCV 2021)

N-ImageNet: Towards Robust, Fine-Grained Object Recognition with Event Cameras Official PyTorch implementation of N-ImageNet: Towards Robust, Fine-Gra

32 Dec 26, 2022

[ICLR 2022] Pretraining Text Encoders with Adversarial Mixture of Training Signal Generators

AMOS This repository contains the scripts for fine-tuning AMOS pretrained models on GLUE and SQuAD 2.0 benchmarks. Paper: Pretraining Text Encoders wi

22 Sep 15, 2022

Iterative Normalization: Beyond Standardization towards Efficient Whitening

IterNorm Code for reproducing the results in the following paper: Iterative Normalization: Beyond Standardization towards Efficient Whitening Lei Huan

21 Dec 27, 2022

Implementation of Geometric Vector Perceptron, a simple circuit for 3d rotation equivariance for learning over large biomolecules, in Pytorch. Idea proposed and accepted at ICLR 2021

Geometric Vector Perceptron Implementation of Geometric Vector Perceptron, a simple circuit with 3d rotation equivariance for learning over large biom

59 Nov 24, 2022

Seach Losses of our paper 'Loss Function Discovery for Object Detection via Convergence-Simulation Driven Search', accepted by ICLR 2021.

CSE-Autoloss Designing proper loss functions for vision tasks has been a long-standing research direction to advance the capability of existing models

54 Dec 17, 2022

This project is the official implementation of our accepted ICLR 2021 paper BiPointNet: Binary Neural Network for Point Clouds.

BiPointNet: Binary Neural Network for Point Clouds Created by Haotong Qin, Zhongang Cai, Mingyuan Zhang, Yifu Ding, Haiyu Zhao, Shuai Yi, Xianglong Li

59 Dec 17, 2022

A Research-oriented Federated Learning Library and Benchmark Platform for Graph Neural Networks. Accepted to ICLR'2021 - DPML and MLSys'21 - GNNSys workshops.

FedGraphNN: A Federated Learning System and Benchmark for Graph Neural Networks A Research-oriented Federated Learning Library and Benchmark Platform

175 Dec 1, 2022

Comments

About the comparative methods

Thank you for your insightful work! In Table3, I want to know that how to perform PGD or DIM on CUB with source models pretrained on ImageNet. Thank you~

opened by lwmming 6
cursor already registered in Tk_GetCursor Aborted (core dumped)

python train.py --model_type vgg16 --RN False --DA False

I tried the above default training, but the error occurred at the end of the batch (epoch 1) training. Can you help debug this please?

opened by hoonsyang 2
missing file

https://github.com/Alibaba-AAIG/Beyond-ImageNet-Attack/blob/7e8b1b8ec5728ebc01723f2c444bf2d5275ee7be/DCL_finegrained/LoadModel.py#L6 NameError: name 'pretrainedmodels' is not defined`

opened by nkv1995 2
when computing cosine similarity
Hi! this is more of a question for the elegant work you have here but less of an issue.

So when you take cosine similarity (which is to be decreased during training) between two feature maps, you take,

loss = torch.cosine_similarity((adv_out_slice*attention).reshape(adv_out_slice.shape[0], -1), (img_out_slice*attention).reshape(img_out_slice.shape[0], -1)).mean()

and that's to compare two flatten vectors, each of which is the flattened feature maps of size (N feature channels, width, height).

I wonder why not comparing the flattened feature maps with respect to each channel, and then take the average across channels? To me, you're comparing two vectors that are (Nwidthheight)-dimensional, which is not so straightforward to me. Thanks in advance for any intuition behind!
opened by juliuswang0728 1

Releases(pretrained_models)

pretrained_models(Feb 5, 2022)

Source code(tar.gz)
Source code(zip)
saved_models.zip(333.72 MB)
precomputed_imagenet_validation(Feb 5, 2022)

Source code(tar.gz)
Source code(zip)
val224_compressed.pkl(1259.38 MB)
Pretrained_DCL_model(Feb 5, 2022)

Source code(tar.gz)
Source code(zip)
model.zip(1996.33 MB)

Owner

Alibaba-AAIG

Alibaba Artificial Intelligence Governance Laboratory

GitHub Repository

A small tool to joint picture including gif

README 做设计的时候遇到拼接长图的情况，但是发现没有什么好用的能拼接gif的工具。于是自己写了个gif拼接小工具。可以自动拼接gif、png和jpg等常见格式。效果从上至下从下至上从左至右从右至左使用克隆仓库 git clone https://github.com/Dels

3 Dec 15, 2021

Official codebase for Legged Robots that Keep on Learning: Fine-Tuning Locomotion Policies in the Real World

Legged Robots that Keep on Learning Official codebase for Legged Robots that Keep on Learning: Fine-Tuning Locomotion Policies in the Real World, whic

70 Dec 07, 2022

Graph Convolutional Networks for Temporal Action Localization (ICCV2019)

Graph Convolutional Networks for Temporal Action Localization This repo holds the codes and models for the PGCN framework presented on ICCV 2019 Graph

318 Dec 06, 2022

This is the official implementation of our proposed SwinMR

SwinMR This is the official implementation of our proposed SwinMR: Swin Transformer for Fast MRI Please cite: @article{huang2022swin, title={Swi

27 Nov 17, 2022

Official implementation of NeurIPS 2021 paper "Contextual Similarity Aggregation with Self-attention for Visual Re-ranking"

CSA: Contextual Similarity Aggregation with Self-attention for Visual Re-ranking PyTorch training code for CSA (Contextual Similarity Aggregation). We

19 Oct 21, 2022

Implementation of Segformer, Attention + MLP neural network for segmentation, in Pytorch

Segformer - Pytorch Implementation of Segformer, Attention + MLP neural network for segmentation, in Pytorch. Install $ pip install segformer-pytorch

208 Dec 25, 2022

code for `Look Closer to Segment Better: Boundary Patch Refinement for Instance Segmentation`

Look Closer to Segment Better: Boundary Patch Refinement for Instance Segmentation (CVPR 2021) Introduction PBR is a conceptually simple yet effective

143 Jan 05, 2023

An implementation of the [Hierarchical (Sig-Wasserstein) GAN] algorithm for large dimensional Time Series Generation

Hierarchical GAN for large dimensional financial market data Implementation This repository is an implementation of the [Hierarchical (Sig-Wasserstein

11 Nov 29, 2022

Python inverse kinematics for your robot model based on Pinocchio.

50 Dec 22, 2022

JumpDiff: Non-parametric estimator for Jump-diffusion processes for Python

jumpdiff jumpdiff is a python library with non-parametric Nadaraya─Watson estimators to extract the parameters of jump-diffusion processes. With jumpd

28 Dec 10, 2022

Patient-Survival - Using Python, I developed a Machine Learning model using classification techniques such as Random Forest and SVM classifiers to predict a patient's survival status that have undergone breast cancer surgery.

Patient-Survival - Using Python, I developed a Machine Learning model using classification techniques such as Random Forest and SVM classifiers to predict a patient's survival status that have underg

1 Dec 28, 2021

Beyond imagenet attack (accepted by ICLR 2022) towards crafting adversarial examples for black-box domains.

Related tags

Overview

Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains (ICLR'2022)

Requirement

Dataset

Target model

Pretrained-Generators

Train

Evaluation

Citing this work

Acknowledge

You might also like...

This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

Official PyTorch implementation of N-ImageNet: Towards Robust, Fine-Grained Object Recognition with Event Cameras (ICCV 2021)

[ICLR 2022] Pretraining Text Encoders with Adversarial Mixture of Training Signal Generators

Iterative Normalization: Beyond Standardization towards Efficient Whitening

Implementation of Geometric Vector Perceptron, a simple circuit for 3d rotation equivariance for learning over large biomolecules, in Pytorch. Idea proposed and accepted at ICLR 2021

Seach Losses of our paper 'Loss Function Discovery for Object Detection via Convergence-Simulation Driven Search', accepted by ICLR 2021.

This project is the official implementation of our accepted ICLR 2021 paper BiPointNet: Binary Neural Network for Point Clouds.

A Research-oriented Federated Learning Library and Benchmark Platform for Graph Neural Networks. Accepted to ICLR'2021 - DPML and MLSys'21 - GNNSys workshops.

Comments

About the comparative methods

cursor already registered in Tk_GetCursor Aborted (core dumped)

missing file

when computing cosine similarity

Releases(pretrained_models)

pretrained_models(Feb 5, 2022)

precomputed_imagenet_validation(Feb 5, 2022)

Pretrained_DCL_model(Feb 5, 2022)

Owner

Alibaba-AAIG

A small tool to joint picture including gif

Official codebase for Legged Robots that Keep on Learning: Fine-Tuning Locomotion Policies in the Real World

Graph Convolutional Networks for Temporal Action Localization (ICCV2019)

This is the official implementation of our proposed SwinMR

Official implementation of NeurIPS 2021 paper "Contextual Similarity Aggregation with Self-attention for Visual Re-ranking"

Implementation of Segformer, Attention + MLP neural network for segmentation, in Pytorch

code for `Look Closer to Segment Better: Boundary Patch Refinement for Instance Segmentation`

An implementation of the [Hierarchical (Sig-Wasserstein) GAN] algorithm for large dimensional Time Series Generation

Python inverse kinematics for your robot model based on Pinocchio.

JumpDiff: Non-parametric estimator for Jump-diffusion processes for Python

Patient-Survival - Using Python, I developed a Machine Learning model using classification techniques such as Random Forest and SVM classifiers to predict a patient's survival status that have undergone breast cancer surgery.

Brain tumor detection using Convolution-Neural Network (CNN)

Super-Fast-Adversarial-Training - A PyTorch Implementation code for developing super fast adversarial training

VGGVox models for Speaker Identification and Verification trained on the VoxCeleb (1 & 2) datasets

Training DALL-E with volunteers from all over the Internet using hivemind and dalle-pytorch (NeurIPS 2021 demo)

Face Mask Detection system based on computer vision and deep learning using OpenCV and Tensorflow/Keras

Repository for the paper titled: "When is BERT Multilingual? Isolating Crucial Ingredients for Cross-lingual Transfer"

A vision library for performing sliced inference on large images/small objects

A PyTorch Implementation of the Luna: Linear Unified Nested Attention

A developer interface for creating Chat AIs for the Chai app.