{"id":28156110,"url":"https://github.com/igopalakrishna/adversarial-attacks-resnet-imagenet","last_synced_at":"2025-10-16T06:23:58.651Z","repository":{"id":293166720,"uuid":"983050814","full_name":"igopalakrishna/Adversarial-Attacks-ResNet-ImageNet","owner":"igopalakrishna","description":"Deep Learning Project - Jailbreaking ResNet-34 with FGSM, PGD, Patch Attacks ","archived":false,"fork":false,"pushed_at":"2025-05-14T01:36:32.000Z","size":78994,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-14T03:26:34.296Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/igopalakrishna.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-13T19:56:23.000Z","updated_at":"2025-05-14T01:36:35.000Z","dependencies_parsed_at":"2025-05-14T03:36:37.198Z","dependency_job_id":null,"html_url":"https://github.com/igopalakrishna/Adversarial-Attacks-ResNet-ImageNet","commit_stats":null,"previous_names":["igopalakrishna/adversarial-attacks-resnet-imagenet"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igopalakrishna%2FAdversarial-Attacks-ResNet-ImageNet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igopalakrishna%2FAdversarial-Attacks-ResNet-ImageNet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igopalakrishna%2FAdversarial-Attacks-ResNet-ImageNet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igopalakrishna%2FAdversarial-Attacks-ResNet-ImageNet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/igopalakrishna","download_url":"https://codeload.github.com/igopalakrishna/Adversarial-Attacks-ResNet-ImageNet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254292078,"owners_count":22046428,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-15T07:15:32.631Z","updated_at":"2025-10-16T06:23:53.606Z","avatar_url":"https://github.com/igopalakrishna.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Deep Learning Project: Jailbreaking Deep Models\n\n## Overview\n\nThis project explores the vulnerability of deep image classification models to adversarial attacks. We focus on ResNet-34 and DenseNet-121 pre-trained on ImageNet-1K, and evaluate their robustness to both pixel-wise (L∞) and patch-based (L0) adversarial perturbations. We design, implement, and compare multiple attack strategies including FGSM, PGD (with random start and momentum), targeted attacks, and patch-based attacks. We also evaluate attack transferability to DenseNet-121.\n\n## Tasks Implemented\n\n### Task 1: Baseline Evaluation on ResNet-34\n\n* Loaded pre-trained ResNet-34 model from torchvision.\n* Preprocessed test dataset using ImageNet normalization.\n* Evaluated model on 500 test images from 100 ImageNet classes.\n* Computed Top-1 and Top-5 accuracy.\n* Visualized correct and incorrect predictions.\n\n### Task 2: FGSM Attack (Adversarial Test Set 1)\n\n* Implemented Fast Gradient Sign Method with ε = 0.02.\n* Verified perturbation bounds (L∞ \u003c= 0.02).\n* Visualized adversarial examples and compared with originals.\n* Saved 500 adversarial images to `AdversarialTestSet1/`.\n* Observed significant drop in classification accuracy.\n\n### Task 3: Improved Pixel-wise Attacks (Adversarial Test Set 2)\n\n* Designed and compared three advanced attacks:\n\n  * Targeted PGD\n  * Untargeted PGD with random start\n  * Momentum PGD\n* Chose best-performing attack based on Top-1 accuracy degradation.\n* Saved best 500 adversarial samples to `AdversarialTestSet2/`.\n* Visualized differences and attack progression.\n\n### Task 4: Patch-based Attack (Adversarial Test Set 3)\n\n* Implemented targeted PGD within a 32x32 random patch.\n* Increased ε = 0.5, α = 0.05, steps = 40.\n* Saved 500 adversarial samples to `AdversarialTestSet3/`.\n* Visualized attack region and perturbation heatmap.\n* Evaluated impact on ResNet-34 accuracy.\n\n### Task 5: Transferability Evaluation on DenseNet-121\n\n* Evaluated DenseNet-121 on:\n\n  * Original test set\n  * Adversarial Set 1 (FGSM)\n  * Adversarial Set 2 (Improved PGD)\n  * Adversarial Set 3 (Patch Attack)\n* Reported Top-1 and Top-5 accuracy for all datasets.\n* Observed high transferability from pixel-wise attacks, reduced success from patch-based attack.\n\n## Accuracy Summary\n\nTop-1 Accuracy (Original ResNet-34): 70.40%\nTop-5 Accuracy (Original ResNet-34): 87.00%\n\nTop-1 Accuracy (DenseNet-121):\n- Original: 68.20%\n- Adversarial Set 1: 29.20%\n- Adversarial Set 2: 15.60%\n- Adversarial Set 3: 42.40%\n\n## Key Takeaways\n\n* Adversarial examples are effective even with imperceptible changes.\n* Multiple-step attacks (PGD, momentum) outperform FGSM.\n* Patch attacks are challenging but still degrade accuracy.\n* Adversarial examples can transfer across architectures.\n\n## Folder Structure\n\n```\nDL_Project/\n├── TestDataSet/\n│   └── TestDataSet/ (original test images)\n│   └── labels_list.json\n├── AdversarialTestSet1/ (FGSM outputs)\n├── AdversarialTestSet2/ (Improved attack outputs)\n├── AdversarialTestSet3/ (Patch attack outputs)\n├── DL_Project.ipynb\n└── README.md\n```\n\n## Requirements\n\nInstall dependencies:\n\n```bash\npip install torch torchvision matplotlib tqdm\n```\n\n## Citation\n\n* \\[Goodfellow et al., 2015] Explaining and Harnessing Adversarial Examples\n* \\[Kurakin et al., 2016] Adversarial Examples in the Physical World\n* \\[Xie et al., 2019] Improving Transferability of Adversarial Examples with Input Diversity\n\n---\nThank You!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figopalakrishna%2Fadversarial-attacks-resnet-imagenet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Figopalakrishna%2Fadversarial-attacks-resnet-imagenet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figopalakrishna%2Fadversarial-attacks-resnet-imagenet/lists"}