trustworthy-ai-group / transferattack Goto Github PK
View Code? Open in Web Editor NEWTransferAttack is a pytorch framework to boost the adversarial transferability for image classification.
License: MIT License
TransferAttack is a pytorch framework to boost the adversarial transferability for image classification.
License: MIT License
Excuse me, I have recently been borrowing your framework to test my method. I have noticed that in terms of improving transferability based on input diversity, your evaluation data for various methods below are all based on resnet18 as a proxy model. When I When using resnet101 as a proxy model to evaluate the following method, for the white box model, its effect is very low, only about 80%. I have not found the cause of the problem. I hope you can answer it.
想问一下,如何证明data数据被所选的网络预测正确呢?
我的方法: 直接对data数据进行eval测试,网络的攻击成功率应该是0?因为全部预测正确。但是得到的结果不为0啊?
Thanks for providing this useful work.
The function of init_delta in transferattack/attack.py seems questionable.
TransferAttack/transferattack/attack.py
Lines 130 to 143 in a81bee4
delta
may be initialized by N(0,1).And, the L136 also seems problematic, which may be delta.normal_(). Besides, why the norm scaler
nis constrained with
dim=10` in L138?
If there are indeed bugs, I'm happy to create a PR as
def init_delta(self, data, **kwargs):
delta = torch.zeros_like(data).to(self.device)
if self.random_start:
if self.norm == 'linfty':
delta.uniform_(-self.epsilon, self.epsilon)
else:
delta.normal_()
n = torch.norm(delta.view(delta.size(0), -1), dim=1).view(-1, 1, 1, 1)
r = torch.zeros_like(data).uniform_(0,1).to(self.device)
delta *= r/n*self.epsilon
delta = clamp(delta, img_min-data, img_max-data)
delta.requires_grad = True
return delta
I would like to ask whether the code of BSR and Admix method is consistent with the description in the paper. For example, in the code of BSR,I did not see the part of rotation operation for blocks mentioned in the paper. Also, I am confused about the Admix code "return torch.concat([admix_images / (2 ** i) for i in range(self.num_scale)])", is it scaling the blended image? I follow the given code and get the result is changing the brightness of the image. Thank you for your answer.
``
Thank you for your great work, this framework has been really helpful to me. Do you have any plans to reproduce the code of this paper into your framework? "Transferable Adversarial Attack for Both Vision Transformers and Convolutional Networks via Momentum Integrated Gradients" in 2023 ICCV.
In fact, I have some issues with MIG's approach, so that I can't reproduce its results. For example, the loss function in IG is the logits of the corresponding category or cross entropy, etc.
Hello, authors! Thank you for your excellent work. Notice that you report the performances of BPA on ViTs. However, only the open-source code of BPA for CNNs is provided. Would you mind releasing the relevant code for ViTs?
Thank you very much!
Look forward to your reply.
As the the name suggested, FFT work in the way of fine-tuning a given Adversarial example crafted with a baseline attack, such as CE, PO+Trip, Logit, logitMargin. It is transferability is heavily determined by the baseline attack. In other words, FFT is orthogonal to baselines, not comparable directly.
Our submit code is based on CE, which is the weakest. Hence, comparing FFT(CE) with other methods may not make sense.
Thank you for your excellent and solid work. I would like to ask when the related paper will be released. We would like to cite this paper in our recent submission.
look forward to your response.
您好!首先表达一下感谢,这个仓库的存在帮我节省了不少跑代码和查文献的时间。然后是我的问题,我在尝试复现 L2T 的结果时发现 TransferAttack 上的评估结果和其开源的仓库上的评估结果在 cnn 模型上有明显差异(单卡, batchsize=2 下测试),具体结果如下:
模型名称 | ASR in TransferAttack (%) | ASR in L2T |
---|---|---|
resnet18 | 100.0 | 100.0 |
resnet101 | 87.7 | 96.2 |
resnext50_32x4d | 89.7 | 97.2 |
denssenet121 | 98.8 | 98.4 |
vit_base_patch16_224 | 51.4 | 48.2 |
pit_b_224 | 64.7 | 64.0 |
visformer_small | 80.0 | 78.0 |
swin_tiny_patch4_window7_224 | 82.5 | 80.4 |
我注意到 L2T 的代码这里,和 TransferAttack 的这里 对 cnn 模型权重设置不同,将其设置为 DEFAULT 后的结果为:
模型名称 | ASR under DEFAULT (%) |
---|---|
resnet18 | 100.0 |
resnet101 | 87.6 |
resnext50_32x4d | 88.6 |
denssenet121 | 98.4 |
vit_base_patch16_224 | 48.2 |
pit_b_224 | 64.0 |
visformer_small | 80.4 |
swin_tiny_patch4_window7_224 | 82.5 |
我想 README 中所报告的结果可能需要更新一下,另外还应该补充一下这篇论文的链接 https://arxiv.org/abs/2405.14077 。此外,在 ir.py 的这里给的链接是一篇差分隐私的论文,我想正确的链接应该是这个:https://arxiv.org//abs/2009.11729
作者您好
请问这篇论文的pytorch的代码能实现到存储库吗? 非常感谢!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.