{"id":39143173,"url":"https://github.com/paulgavrikov/adversarial_solarization","last_synced_at":"2026-01-17T21:32:27.436Z","repository":{"id":190364647,"uuid":"672548298","full_name":"paulgavrikov/adversarial_solarization","owner":"paulgavrikov","description":"Official implementation of Don't Look into the Sun: Adversarial Solarization Attacks on Image Classifiers","archived":false,"fork":false,"pushed_at":"2023-11-20T22:18:50.000Z","size":14205,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-01-27T20:03:44.252Z","etag":null,"topics":["adversarial-attacks","deep-learning","deep-neural-networks","image-classification","image-processing","image-processing-python","pytorch","robustness"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulgavrikov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-07-30T13:11:13.000Z","updated_at":"2023-09-24T08:30:52.000Z","dependencies_parsed_at":"2023-08-24T10:11:35.311Z","dependency_job_id":"e3ee2ada-3ee1-47e1-b195-a1e8dc210bc3","html_url":"https://github.com/paulgavrikov/adversarial_solarization","commit_stats":{"total_commits":46,"total_committers":2,"mean_commits":23.0,"dds":"0.15217391304347827","last_synced_commit":"90b63f5e20ecf2ca2d9818b86efb4fc1c4138e86"},"previous_names":["paulgavrikov/adversarial_solarization"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/paulgavrikov/adversarial_solarization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulgavrikov%2Fadversarial_solarization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulgavrikov%2Fadversarial_solarization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulgavrikov%2Fadversarial_solarization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulgavrikov%2Fadversarial_solarization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulgavrikov","download_url":"https://codeload.github.com/paulgavrikov/adversarial_solarization/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulgavrikov%2Fadversarial_solarization/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28518627,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T18:55:29.170Z","status":"ssl_error","status_checked_at":"2026-01-17T18:55:03.375Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attacks","deep-learning","deep-neural-networks","image-classification","image-processing","image-processing-python","pytorch","robustness"],"created_at":"2026-01-17T21:32:26.035Z","updated_at":"2026-01-17T21:32:27.428Z","avatar_url":"https://github.com/paulgavrikov.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Don't Look into the Sun: \u003cbr\u003e Adversarial Solarization Attacks on Image Classifiers\nPaul Gavrikov, Janis Keuper\n\n[![CC BY-SA 4.0][cc-by-sa-shield]][cc-by-sa]\n\n\u003c!-- Presented at: [Conference] --\u003e\n\n\u003c!-- [Paper]() | --\u003e\n[ArXiv](https://arxiv.org/abs/2308.12661) \n\u003c!-- Presented at: | [HQ Poster]() | [Talk]() --\u003e\n\n\nAbstract: *Assessing the robustness of deep neural networks against out-of-distribution inputs is crucial, especially in safety-critical domains like autonomous driving, but also in safety systems where malicious actors can digitally alter inputs to circumvent safety guards. However, designing effective out-of-distribution tests that encompass all possible scenarios while preserving accurate label information is a challenging task. Existing methodologies often entail a compromise between variety and constraint levels for attacks and sometimes even both. In a first step towards a more holistic robustness evaluation of image classification models, we introduce an attack method based on image solarization that is conceptually straightforward yet avoids jeopardizing the global structure of natural images independent of the intensity. Through comprehensive evaluations of multiple ImageNet models, we demonstrate the attack's capacity to degrade accuracy significantly, provided it is not integrated into the training augmentations. Interestingly, even then, no full immunity to accuracy deterioration is achieved. In other settings, the attack can often be simplified into a black-box attack with model-independent parameters. Defenses against other corruptions do not consistently extend to be effective against our specific attack.*\n\n\n[cc-by-sa]: http://creativecommons.org/licenses/by-sa/4.0/\n[cc-by-sa-image]: https://licensebuttons.net/l/by-sa/4.0/88x31.png\n[cc-by-sa-shield]: https://img.shields.io/badge/License-CC%20BY--SA%204.0-lightgrey.svg\n\n![Hero Image](./assets/solarization_hero.jpg)\n\n\n## Use the attack\n\nWe provide code to evaluate our attack (RandSol) against ImageNet models loaded via *timm* (and some others) via PyTorch. Note that you must have ImageNet available on your system. Models must accept inputs in the [0, 1] range with (B, C, W, H) order - the code takes care of this when loading models from predefined sources. If you implement a different model source consider using the `NormalizedModel` class defined in `utils.py`.\n\n```bash\npython randsol.py --imagenet \u003cPATH TO IMAGENET\u003e --model resnet50 --target top1 --iterations 10\n```\n`--target` refers to the attack target and can be `top1` (effective in increasing top-1 error but less on top-5) or `top5` (effective in increasing top-5 error at some reduction in top-1 error).\n`--iterations` defines the number of iterations to run per batch. The more iterations the more effective the attack will be at the cost of a longer runtime.\nThe attack will autoselect the least busy and best device, but you can enforce this, e.g., `--device cuda:0`\n\n\nThis attack can be easily migrated to other datasets, by adding a different dataset loader in `utils.py`.\n\n## Citation \n\nIf you find our work useful in your research, please consider citing:\n\n```\n@misc{gavrikov2023dont,\n      title={Don't Look into the Sun: Adversarial Solarization Attacks on Image Classifiers}, \n      author={Paul Gavrikov and Janis Keuper},\n      year={2023},\n      eprint={2308.12661},\n      archivePrefix={arXiv},\n      primaryClass={cs.CV}\n}\n```\n\n### Legal\nThis work is licensed under a\n[Creative Commons Attribution-ShareAlike 4.0 International License][cc-by-sa].\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulgavrikov%2Fadversarial_solarization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulgavrikov%2Fadversarial_solarization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulgavrikov%2Fadversarial_solarization/lists"}