{"id":21389464,"url":"https://github.com/feifeibear/zoo-attack-8bit","last_synced_at":"2025-03-16T12:46:55.426Z","repository":{"id":85017037,"uuid":"103565581","full_name":"feifeibear/ZOO-attack-8bit","owner":"feifeibear","description":null,"archived":false,"fork":false,"pushed_at":"2017-09-14T18:10:56.000Z","size":155,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-23T00:41:16.107Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/feifeibear.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-14T18:08:32.000Z","updated_at":"2017-09-14T18:11:01.000Z","dependencies_parsed_at":"2023-04-14T16:41:57.093Z","dependency_job_id":null,"html_url":"https://github.com/feifeibear/ZOO-attack-8bit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feifeibear%2FZOO-attack-8bit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feifeibear%2FZOO-attack-8bit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feifeibear%2FZOO-attack-8bit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/feifeibear%2FZOO-attack-8bit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/feifeibear","download_url":"https://codeload.github.com/feifeibear/ZOO-attack-8bit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243871652,"owners_count":20361378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T12:26:37.735Z","updated_at":"2025-03-16T12:46:55.407Z","avatar_url":"https://github.com/feifeibear.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks \n=====================================\nThis a modified version for ZOO attack with 8-bit quantized DNN models.\n\nZOO is a **z**eroth **o**rder **o**ptimization based attack to attack deep\nneural networks (DNNs).  We propose an effective black-box attack that only\nrequires access to the input (images) and the output (confidence scores) of a\ntargeted DNN. We formularize the attack as an optimization problem (similar as\nCarlini and Wagner's attack), and propose a new loss function suitable for the\nblack-box setting.  We use zeroth order stochastic coordinate descent to\noptimize on the target DNN directly, along with dimension reduction,\nhierarchical attack and importance sampling techniques to make the attack\nefficient. No transferability or substitute model is required.\n\nThere are two variants of ZOO, ZOO-ADAM and ZOO-Newton, corresponding to\ndifferent solvers (ADAM and Newton) to find the best coordinate update.\nIn practice ZOO-ADAM usually works better with fine-tuned parameters,\nbut ZOO-Newton is more stable when close to the optimal solution.\n\nThe experiment code is based on Carlini and Wagner's L2 attack, with\nzeroth order optimizer added in `l2_attack_black.py`. The inception model\nis updated to a new version (`inception_v3_2016_08_28.tar.gz`), and \nan unified interface `test_all.py` is added.\n\nFor more details, please see our paper:\n\n[ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models](https://arxiv.org/abs/1708.03999)\nby Pin-Yu Chen\\*, Huan Zhang\\*, Yash Sharma, Jinfeng Yi, Cho-Jui Hsieh\n\n\\* Equal contribution\n\n\nSetup and train models\n-------------------------------------\n\nThe code is tested with python3 and TensorFlow v1.2 and v1.3. The following\npackages are required:\n\n```\nsudo apt-get install python3-pip\nsudo pip3 install --upgrade pip\nsudo pip3 install pillow scipy numpy tensorflow-gpu keras h5py\n```\n\nPrepare the MNIST and CIFAR-10 data and models for attack:\n\n```\npython3 train_models.py\n```\n\nTo download the inception model:\n\n```\npython3 setup_inception.py\n```\n\nTo prepare the ImageNet dataset, download and unzip the following archive:\n\n[ImageNet Test Set](http://jaina.cs.ucdavis.edu/datasets/adv/imagenet/img.tar.gz)\n\n\nand put the `imgs` folder in `../imagesnetdata`. This path can be changed\nin `setup_inception.py`.\n\nRun attacks\n--------------------------------------\n\nAn unified attack interface, `test_all.py` is provided. Run `python3 test_all.py -h`\nto get a list of arguments and help.\n\nThe following are some examples of attacks:\n\nRun ZOO black-box targeted attack, on the mnist dataset with 200 images, with\nZOO-ADAM solver, search for best regularization constant for 9 iterations, and\nsave attack images to folder `black_results`. To run on the CIFAR-10 dataset,\nreplace 'mnist' with 'cifar10'.\n\n```\npython3 test_all.py -a black -d mnist -n 200 --solver adam -b 9 -s \"black_results\"\n```\n\nRun Carlini and Wagner's white-box targeted attack, on the mnist dataset with\n200 images, using the Z (logits) value in objective (only available in\nwhite-box setting), search for best regularization constant for 9 iterations,\nand save attack images to folder `white_results`.\n\n```\npython3 test_all.py -a white -d mnist -n 200 --use_zvalue -b 9 -s \"white_results\"\n```\n\nRun ZOO black-box *untargeted* attack, on the imagenet dataset with 150 images, with ZOO-ADAM\nsolver, do not binary search the regularization parameter (i.e., search only 1\ntime), and set the initial regularization parameter to a fixed value (10.0). Use\nattack-space dimension reduction with image resizing, and reset ADAM states\nwhen the first attack is found.  Run a maximum of 1500 iterations, and print\nout loss every 10 iterations. Save attack images to folder `imagenet_untargeted`.\n\n```\npython3 test_all.py --untargeted -a black -d imagenet -n 150 --solver adam -b 1 -c 10.0 --use_resize --reset_adam -m 1500 -p 10 -s \"imagenet_untargeted\"\n```\n\nRun ZOO black-box targeted attack, on the imagenet dataset, with the 69th image\nonly.  Set the regularization parameter to 10.0 and do not binary search. Use\nattack-space dimension reduction and hierarchical attack with image resizing,\nand reset ADAM states when the first attack is found.  Run a maximum of 20000\niterations, and print out loss every 10 iterations. Save attack images to\nfolder `imagenet_all_tricks_img69`.\n\n\n```\npython3 test_all.py -a black --solver adam -d imagenet -f 69 -n 1 -c 10.0 --use_resize --reset_adam -m 20000 -p 10 -s \"imagenet_all_tricks_img69\"\n```\n\nImportance sampling is on by default for ImageNet data, and can be turned off by\n`--uniform` option. To change the hierarchical attack dimension scheduling,\nchange `l2_attack_black.py`, near line 580.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffeifeibear%2Fzoo-attack-8bit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffeifeibear%2Fzoo-attack-8bit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffeifeibear%2Fzoo-attack-8bit/lists"}