Home

Awesome

This repository contains code for the ICML 2019 paper:

Chuan Guo, Jacob R. Gardner, Yurong You, Andrew G. Wilson, Kilian Q. Weinberger. Simple Black-box Adversarial Attacks. https://arxiv.org/abs/1905.07121

Our code uses PyTorch (pytorch >= 0.4.1, torchvision >= 0.2.1) with CUDA 9.0 and Python 3.5. The script run_simba.py contains code to run SimBA and SimBA-DCT with various options.

To run SimBA (pixel attack):

python run_simba.py --data_root <imagenet_root> --num_iters 10000 --pixel_attack  --freq_dims 224

To run SimBA-DCT (low frequency attack):

python run_simba.py --data_root <imagenet_root> --num_iters 10000 --freq_dims 28 --order strided --stride 7

For targeted attack, add flag --targeted and change --num_iters to 30000.

For the Inception-v3 model, we used --freq_dims 38 and --stride 9 due to the larger input size.

Update 2020/01/09: Due to changes in the underlying Google Cloud Vision models, our attack no longer works against them.

Update 2020/06/22: Added L_inf bounded SimBA-DCT attack. To run with L_inf bound 0.05:

python run_simba.py --data_root <imagenet_root> --num_iters 10000 --freq_dims 224 --order rand --linf_bound 0.05

Update 2021/03/10: Added code for running SimBA on CIFAR-10 using models from pytorch-cifar. To run targeted attack against a trained ResNet-18 model:

python run_simba_cifar.py --data_root <cifar_root> --model_ckpt <model_checkpoint> --model ResNet18 --targeted