Code Monkey home page Code Monkey logo

diff-pgd's Introduction

Diffusion-Based Adversarial Sample Generation for Improved Stealthiness and Controllability [NeurIPS'2023]

Haotian Xue 1, Alexandre Araujo 2, Bin Hu 3, and Yongxin Chen 1

1 GaTech, 2 NYU, 3 UIUC

Introduction

Diff-PGD utilizes strong prior knowledge of Diffusion Model to generate adversarial samples with higher steathiness and controllability. Diff-PGD has the following edges:

  • Generate adversarial samples with higher steathiness and controllability
  • Can be easily applied to different scenarios (e.g. global, region, style-based, physical world)
  • Higher transferability and anti-purification power

Content

News

⭐ [2023-09-21] Diff-PGD is accepted by NeurIPS 2023!

⭐ [2023-09-21] Accelerated version (v2) can be now used

⭐ [2023-06-03] We release the code!

⭐ [2023-05-25] Our paper is released: https://arxiv.org/abs/2305.16494

Envs

  1. Creat conda env using env.yml:
conda env create -f env.yml
  1. Activate conda env:
source activate diff-pgd

  1. Download [DM checkpoint] and put them into ckpt/

  2. Prepare imagenet dataset, and in code/dataset.py:17, replace it with:

os.environ['IMAGENET_LOC_ENV'] = YOUR_IMAGENET_PATH

Run Global Attack

Here we provide an example to run gobal attack for imagenet val set:

python code/attack_global.py

or you can import Attack_Global from code/attack_global.py to build your customized settings:

Attack_Global(classifier, device, respace, t, eps, iter, name, alpha, version, skip)

[classifier]:                                       target classifier to attack
[device]:                                                        device, gpu id
[respace]                              diffusion model accelerator, e.g. ddim10
[t]                                                      reverse step in SDEdit
[eps]                                                       l_inf budget of PGD
[iter]                                                 iterations number of PGD
[name]                                                          name of the exp
[alpha]                                                        step size of PGD
[version]                base version v1, v2 is a faster version to be released 
[skip]                                                 skip interval of dataset

Run Regional Attack

Here we provide an example to run gobal attack for imagenet val set:

python code/attack_region.py

similarly, we have the settings as:

Attack_Region(classifier, device, respace, t, eps, iter, name, skip, ratio):

[classifier]:                                       target classifier to attack
[device]:                                                        device, gpu id
[respace]                              diffusion model accelerator, e.g. ddim10
[t]                                                      reverse step in SDEdit
[eps]                                                       l_inf budget of PGD
[iter]                                                 iterations number of PGD
[name]                                                          name of the exp
[alpha]                                                        step size of PGD
[skip]                                                 skip interval of dataset
[ratio]                   ratio for masked square region, size ratio*H, ratio*W

Run Style-based Attack

We provide some examples of style-based adversarial attack (mostly from AdvCAM official repo) in data/advcam, include target image, style reference image and segmentation masks.

In the code example code/attack_style.py, we define some scenes like ['tra4', 'tra1', 'tra5', 'tra6', 'leaf', 'car', 'lamp', 'car'], we also encourage users to define their own stlye-based attack settings.

python code/attack_style.py

the core function has settings like:

Attack_Region_Style(exp_name, classifier, device, respace, t, eps, iter, name):


[exp_name]:                       defined name of example, e.g. tra5, tra4, car
[classifier]:                                       target classifier to attack
[device]:                                                        device, gpu id
[respace]                              diffusion model accelerator, e.g. ddim10
[t]                                                      reverse step in SDEdit
[eps]                                                       l_inf budget of PGD
[iter]                                                 iterations number of PGD
[name]                                                          name of the exp

Run Physical World Attack

We provide some physical world attack data in data/our_dataset, including background and pathes in the paper:

  • backbag attack background: data/our_dataset/bag
  • computer mouse attack background: dataset/our_dataset/computer_mouse
  • patches and masks: data/our_dataset/patches

to run example code:

python code/attack_physics.py

core function and settings for computer mouse as an example:

Attack_Physics(mode='diff-pgd', bkg_name='computer_mouse', patch_name='apple', classifier='resnet50', device=0, respace='ddim10', t=2, target=None, c_w=1, s_m=0.01, iter=4000, name='attack_physics')

Some other useful code descriptions

  • code/guided_diffusion/ : official implementation of guided_diffusion
  • code/dataset.py: load imagenet dataset
  • code/load_dm.py: load diffusion model used in Diff-PGD
  • code/attack_tools.py: some adversarial attack tools
  • code/stat.py: run statistics on success rate, transferability and anti-purification power [to be released]

Cited as:

@article{xue2023diffusion,
  title={Diffusion-Based Adversarial Sample Generation for Improved Stealthiness and Controllability},
  author={Xue, Haotian and Araujo, Alexandre and Hu, Bin and Chen, Yongxin},
  journal={arXiv preprint arXiv:2305.16494},
  year={2023}
}

diff-pgd's People

Contributors

xavihart avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.