Skip to content

Our Team (green hand) 6th Solution for CVPR-2021 AIC-VI: Unrestricted Adversarial Attacks on ImageNet

Notifications You must be signed in to change notification settings

qilong-zhang/CVPR2021-Competition-Unrestricted-Adversarial-Attacks-on-ImageNet

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

  • Our method (Transfer-based attacks):

    • Dong et al. (TI-BIM) [1]
    • Zou et al. (DEM) [3], i.e., the variant of Xie et al. (DI-FGSM) [2]
    • Wang et al. (Pre-gradient I-FGSM) [4]
    • Ours works
      • PI-FGSM [5] & Our official repo
      • PI-FGSM++ [6] & Our official repo
      • 🚀Staircase sign method (SSM) [7] & Our official repo
        • A simple test: By replacing the Sign method of DI-TI-FGSM with our SSM , we significantly increase the score from ~8 to ~22 (full score is 100)
    • Pre-process tricks:
      • smooth the images firstly
      • resize to 256 instead of 500 before fed into DNNs at each iteration
  • Setting

    • Iteration T=40
    • Step size: ~ 0.6
  • Substitute models:

  • The cost of GPU memory: 12G on Titan xp (12G)

Implementation

Result

result2

Reference

[1] Yinpeng Dong, Tianyu Pang, Hang Su and Jun Zhu: Evading defenses to transferable adversarial examples by translation-invariant attacks, CVPR 2019

[2] Cihang Xie, Zhishuai Zhang, Yuyin Zhou, Song Bai, Jianyu Wang, Zhou Ren and Alan L Yuille: Improving Transferability of Adversarial Examples with Input Diversity, CVPR 2019

[3] Junhua Zou, Zhisong Pan, Junyang Qiu, Xin Liu, Ting Rui and Wei Lin: Improving the Transferability of Adversarial Examples with Resized-Diverse-Inputs,Diversity-Ensemble and Region Fitting, ECCV 2020

[4] Xiaosen Wang, Jiadong Lin, Han Hu, Jingdong Wang and Kun He: Boosting Adversarial Transferability through Enhanced Momentum, ArXiv 2021

[5] Lianli Gao, Qilong Zhang, Jingkuan Song, Xianglong Liu and Heng Tao Shen: Patch-wise attack for fooling deep neural network, ECCV 2020

[6] Lianli Gao, Qilong Zhang, Jingkuan Song and Heng Tao Shen: Patch-wise++ Perturbation for Adversarial Targeted Attacks, ArXiv 2020

[7] Lianli Gao, Qilong Zhang, Xiaosu Zhu, Jingkuan Song and Heng Tao Shen: Staircase Sign Method for Boosting Adversarial Attacks, ArXiv 2021

About

Our Team (green hand) 6th Solution for CVPR-2021 AIC-VI: Unrestricted Adversarial Attacks on ImageNet

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages