Home

Awesome

🎃TePA (IEEE S&P 2024)

arXiv <a href="https://pytorch.org/get-started/locally/"><img alt="PyTorch" src="https://img.shields.io/badge/PyTorch-ee4c2c?logo=pytorch&logoColor=white"></a>

This repository contains the PyTorch implementation of the paper "Test-Time Poisoning Attacks Against Test-Time Adaptation Models" by Tianshuo Cong, Xinlei He, Yun Shen, and Yang Zhang. In particular, we propose the first test-time poisoning attack against four mainstream test-time adaptation methods, including TTT, DUA, TENT, and RPL. Here is the workflow of TePA:

<div align="center"> <img width="80%" alt="The workflow of TePA" src="fig/workflow.png"> </div>

Citation ☺️

Thanks for your interest in our paper, please feel free to leave a ⭐️ or cite us through:

@inproceedings{cong2024tepa,
  title={Test-Time Poisoning Attacks Against Test-Time Adaptation Models},
  author={Tianshuo Cong and Xinlei He and Yun Shen and Yang Zhang},
  booktitle={IEEE Symposium on Security and Privacy (S\&P)},
  year={2024}
}

Requirements 🔧

TePA depends on the following requirements:

Baseline 🎯

python TTT/utility.py
python DUA/utility.py
python TENT/utility.py --cfg cfgs/tent_sgd.yaml
python RPL/utility.py --cfg cfgs/rpl_sgd.yaml 

Poison TTA-models 🦠

Algorithm-1 is implemented in TTA/poigen.py, here we use DIM as the transfer-based adversarial attack method. After generating poisoned samples by poigen.py, we upload the poisoned samples to target TTA-models through running:

python TTT/poison_ttt.py
python DUA/poison_dua.py
python TENT/poison_tent.py --cfg cfgs/tent_sgd.yaml
python RPL/poison_rpl.py --cfg cfgs/rpl_sgd.yaml 

Then, we can get the results of Figure 5-8.

<div align="center"> <img width="80%" alt="The workflow of TePA" src="fig/poison_result.png"> </div>

Dataset 💾

Please download the following datasets through the official website and

Models 🕸

You can download the checkpoints here:

Acknowledgements 🌻

Our code is built upon the public code of the TTT, TENT, and DUA.