https://github.com/ermongroup/ods

Code for "Diversity can be Transferred: Output Diversification for White- and Black-box Attacks"
https://github.com/ermongroup/ods

Last synced: 4 months ago
JSON representation

Code for "Diversity can be Transferred: Output Diversification for White- and Black-box Attacks"

• Host: GitHub
• URL: https://github.com/ermongroup/ods
• Owner: ermongroup
• Created: 2020-02-12T01:20:44.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-11-02T08:34:54.000Z (almost 5 years ago)
• Last Synced: 2025-06-20T03:03:22.075Z (4 months ago)
• Language: Python
• Homepage:
• Size: 1.73 MB
• Stars: 53
• Watchers: 8
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Output Diversified Sampling (ODS)

This is the github repository for the NeurIPS 2020 paper "[Diversity can be Transferred: Output Diversification for White- and Black-box Attacks](https://arxiv.org/abs/2003.06878)".

## Requirement

Please install PyTorch, pickle, argparse, and numpy

## Running experiments

### ODS for score-based black-box attacks

The following experiments combine ODS with [Simple Black-Box Attack (SimBA)](https://arxiv.org/abs/1905.07121).

#### Evaluation:

The evaluation is held for 5 sample images on ImageNet (images are already resized and cropped).

```shell

# untargeted settings with ODS:

python blackbox_simbaODS.py --num_sample 5 --ODS 

# targeted settings with ODS:

python blackbox_simbaODS.py --num_sample 5 --num_step 30000 --ODS --targeted

```

___

### ODS for decision-based black-box attacks

The following experiments combine ODS with [Boundary Attack](https://arxiv.org/abs/1712.04248).

#### Additional Requirement

Please install Foolbox, Python>=3.6

#### Evaluation:

The evaluation is held for 5 sample images on ImageNet (images are already resized and cropped).

```shell

# untargeted settings with ODS:

python blackbox_boundaryODS.py --num_sample 5 --ODS 

# targeted settings with ODS:

python blackbox_boundaryODS.py --num_sample 5 --ODS --targeted

# untargeted settings with random sampling:

python blackbox_boundaryODS.py --num_sample 5 

# targeted settings with random sampling:

python blackbox_boundaryODS.py --num_sample 5 --targeted

```

#### Acknowledgement

Our codes for Boundary Attack are based on [Foolbox repo](https://github.com/bethgelab/foolbox).

___

### ODS for initialization of white-box attacks (ODI)

The following experiments combine ODI with PGD attack.

#### Training of target model (Adversarial Training):

```shell

python whitebox_train_cifar10.py --model-dir [PATH_TO_SAVE_FOLDER] --data-dir [PATH_TO_DATA_FOLDER]

```

#### Evaluation PGD attack with ODI:

```shell

# Evaluate PGD attack with ODI:

python whitebox_pgd_attack_cifar10_ODI.py --ODI-num-steps 2 --model-path [PATH_TO_THE_MODEL] --data-dir [PATH_TO_DATA_FOLDER] 

# Evaluate PGD attack with naive random initialization (sampled from a uniform distribution):

python whitebox_pgd_attack_cifar10_ODI.py --ODI-num-steps 0 --model-path [PATH_TO_THE_MODEL] --data-dir [PATH_TO_DATA_FOLDER]

```

#### Acknowledgement

Our codes for white-box attacks are based on [TRADES official repo](https://github.com/yaodongyu/TRADES).

## Citation

If you use this code for your research, please cite our paper:

```

@inproceedings{tashiro2020ods,

  title={Diversity can be Transferred: Output Diversification for White- and Black-box Attacks},

  author={Tashiro, Yusuke and Song, Yang and Ermon, Stefano},

  booktitle={Advances in Neural Information Processing Systems},

  year={2020}

}

```