[Paper] [Supp] [Poster] [Presentation]
Code for the method [ICCV 2023] "TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization", Yiran Liu, Xin Feng, Yunlong Wang, Wu Yang, Di Ming*.
A data-free universal attack to craft the universal adversarial perturbation (UAP) via truncated ratio maximization. This code depends on PyTorch.
- Apr 27, 2024: We updated the parameter set of the curriculum learning-based training strategy in the file
strategy.py
and revised the parameter set of the UAP training to help other researchers reproduce our paper's results. We also uploaded the pre-trained UAPs with different surrogate models in the folderperturbations
. - Feb 29, 2024: We updated the curriculum learning-based training strategy in the file
strategy.py
to provide a comprehensive illustration of the optimal experiment setup. Besides, the performance of TRM-UAP, as proposed in our paper, could be improved with further exploration of experimental hyperparameters.
This repo is tested with pytorch=1.12.0, python=3.6.13. Install all python packages using following command:
pip install -r requirements.txt
ImageNet validation set: Load the parameters of pretrained models with PyTorch, download ImageNet dataset from here.
TorchHub
: the directory saves PyTorch pretrained model parameters.dataset
: the directory contains the datasets.perturbations
: the directory stores the UAP crafted by universal attacks.
For example, run the following command:
python train.py --surrogate_model vgg16 --target_model vgg19 --val_dataset_name imagenet
--p_active --n_active --p_rate 0.8 --n_rate 0.7
This will start a training to craft a UAP from the surrogate model vgg16 and attack the target model vgg19 on ImageNet with the positive and negative truncated activations correspondingly.
After a UAP is generated and saved on the directory perturbations
, you can also load the UAP to attack other models:
python attack_test.py --test_model vgg19 --val_dataset_name imagenet --uap_path perturbations/uap_vgg16.npy
This will load the UAP made by vgg16 from perturbations
and attack the target model vgg19 on imagenet.
The code refers to GD-UAP, pytorch-gd-uap.
We thank the authors for sharing sincerely.
If you find this work is useful in your research, please cite our paper:
@InProceedings{Liu_2023_ICCV,
author = {Liu, Yiran and Feng, Xin and Wang, Yunlong and Yang, Wu and Ming, Di},
title = {TRM-UAP: Enhancing the Transferability of Data-Free Universal Adversarial Perturbation via Truncated Ratio Maximization},
booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)},
month = {October},
year = {2023},
pages = {4762-4771}
}
Yiran Liu: [email protected]