https://github.com/spencerwooo/torchattack

🛡 A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks.
https://github.com/spencerwooo/torchattack

adversarial-attacks adversarial-examples pytorch

Last synced: about 1 year ago
JSON representation

🛡 A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks.

Host: GitHub
URL: https://github.com/spencerwooo/torchattack
Owner: spencerwooo
License: mit
Created: 2023-01-26T08:14:58.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2025-03-09T08:09:00.000Z (over 1 year ago)
Last Synced: 2025-03-28T10:11:29.282Z (about 1 year ago)
Topics: adversarial-attacks, adversarial-examples, pytorch
Language: Python
Homepage: http://docs.swo.moe/torchattack/
Size: 1.94 MB
Stars: 53
Watchers: 1
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

torchattack banner

---

[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/refs/heads/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
[![pypi python versions](https://img.shields.io/pypi/pyversions/torchattack.svg?logo=pypi&logoColor=white&labelColor=2D3339)](https://pypi.python.org/pypi/torchattack)
[![pypi version](https://img.shields.io/pypi/v/torchattack.svg?logo=pypi&logoColor=white&labelColor=2D3339)](https://pypi.python.org/pypi/torchattack)
[![pypi weekly downloads](https://img.shields.io/pypi/dm/torchattack?logo=pypi&logoColor=white&labelColor=2D3339)](https://pypi.python.org/pypi/torchattack)
[![lint](https://github.com/spencerwooo/torchattack/actions/workflows/ci.yml/badge.svg)](https://github.com/spencerwooo/torchattack/actions/workflows/ci.yml)

🛡 **torchattack** - _A curated list of adversarial attacks in PyTorch, with a focus on transferable black-box attacks._

```shell
pip install torchattack
```

## Highlights

- 🛡️ A curated collection of adversarial attacks implemented in PyTorch.
- 🔍 Focuses on gradient-based transferable black-box attacks.
- 📦 Easily load pretrained models from torchvision or timm using `AttackModel`.
- 🔄 Simple interface to initialize attacks with `create_attack`.
- 🔧 Extensively typed for better code quality and safety.
- 📊 Tooling for fooling rate metrics and model evaluation in `eval`.
- 🔁 Numerous attacks reimplemented for readability and efficiency (TGR, VDC, etc.).

## Documentation

torchattack's docs are available at [docs.swo.moe/torchattack](https://docs.swo.moe/torchattack/).

## Usage

```python
import torch

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
```

Load a pretrained model to attack from either torchvision or timm.

```python
from torchattack import AttackModel

# Load a model with `AttackModel`
model = AttackModel.from_pretrained(model_name='resnet50').to(device)
# `AttackModel` automatically attach the model's `transform` and `normalize` functions
transform, normalize = model.transform, model.normalize

# Additionally, to explicitly specify where to load the pretrained model from (timm or torchvision),
# prepend the model name with 'timm/' or 'tv/' respectively, or use the `from_timm` argument, e.g.
vit_b16 = AttackModel.from_pretrained(model_name='timm/vit_base_patch16_224').to(device)
inv_v3 = AttackModel.from_pretrained(model_name='tv/inception_v3').to(device)
pit_b = AttackModel.from_pretrained(model_name='pit_b_224', from_timm=True).to(device)
```

Initialize an attack by importing its attack class.

```python
from torchattack import FGSM, MIFGSM

# Initialize an attack
adversary = FGSM(model, normalize, device)

# Initialize an attack with extra params
adversary = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)
```

Initialize an attack by its name with `create_attack()`.

```python
from torchattack import create_attack

# Initialize FGSM attack with create_attack
adversary = create_attack('FGSM', model, normalize, device)

# Initialize PGD attack with specific eps with create_attack
adversary = create_attack('PGD', model, normalize, device, eps=0.03)

# Initialize MI-FGSM attack with extra args with create_attack
attack_args = {'steps': 10, 'decay': 1.0}
adversary = create_attack('MIFGSM', model, normalize, device, eps=0.03, **attack_args)
```

Check out [examples/](examples/mifgsm_transfer.py) and [`torchattack.evaluate.runner`](torchattack/evaluate/runner.py) for full examples.

## Attacks

Name
Class Name
Publication
Paper (Open Access)

Gradient-based attacks

FGSM
FGSM

Explaining and Harnessing Adversarial Examples

PGD
PGD

Towards Deep Learning Models Resistant to Adversarial Attacks

PGD (L2)
PGDL2

Towards Deep Learning Models Resistant to Adversarial Attacks

MI-FGSM
MIFGSM

Boosting Adversarial Attacks with Momentum

DI-FGSM
DIFGSM

Improving Transferability of Adversarial Examples with Input Diversity

TI-FGSM
TIFGSM

Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks

NI-FGSM
NIFGSM

Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks

SI-NI-FGSM
SINIFGSM

Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks

DR
DR

Enhancing Cross-Task Black-Box Transferability of Adversarial Examples With Dispersion Reduction

VMI-FGSM
VMIFGSM

Enhancing the Transferability of Adversarial Attacks through Variance Tuning

VNI-FGSM
VNIFGSM

Enhancing the Transferability of Adversarial Attacks through Variance Tuning

Admix
Admix

Admix: Enhancing the Transferability of Adversarial Attacks

FIA
FIA

Feature Importance-aware Transferable Adversarial Attacks

PNA-PatchOut
PNAPatchOut

Towards Transferable Adversarial Attacks on Vision Transformers

NAA
NAA

Improving Adversarial Transferability via Neuron Attribution-Based Attacks

SSA
SSA

Frequency Domain Model Augmentation for Adversarial Attack

TGR
TGR

Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization

ILPD
ILPD

Improving Adversarial Transferability via Intermediate-level Perturbation Decay

MIG
MIG

Transferable Adversarial Attack for Both Vision Transformers and Convolutional Networks via Momentum Integrated Gradients

DeCoWA
DeCoWA

Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping

VDC
VDC

Improving the Adversarial Transferability of Vision Transformers with Virtual Dense Connection

BSR
BSR

Boosting Adversarial Transferability by Block Shuffle and Rotation

L2T
L2T

Learning to Transform Dynamically for Better Adversarial Transferability

ATT
ATT

Boosting the Transferability of Adversarial Attack on Vision Transformer with Adaptive Token Tuning

Generative attacks

CDA
CDA

Cross-Domain Transferability of Adversarial Perturbations

LTP
LTP

Learning Transferable Adversarial Perturbations

BIA
BIA

Beyond ImageNet Attack: Towards Crafting Adversarial Examples for Black-box Domains

GAMA
GAMA

GAMA: Generative Adversarial Multi-Object Scene Attacks

Others

DeepFool
DeepFool

DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks

GeoDA
GeoDA

GeoDA: A Geometric Framework for Black-box Adversarial Attacks

SSP
SSP

A Self-supervised Approach for Adversarial Robustness

## Development

On how to install dependencies, run tests, and build documentation. See [Development - torchattack](https://docs.swo.moe/torchattack/development/).

## License

[MIT](LICENSE)

## Related

- [Harry24k/adversarial-attacks-pytorch](https://github.com/Harry24k/adversarial-attacks-pytorch)
- [Trusted-AI/adversarial-robustness-toolbox](https://github.com/Trusted-AI/adversarial-robustness-toolbox)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/spencerwooo/torchattack

Awesome Lists containing this project

README