Our Team (green hand) 6th Solution for CVPR-2021 AIC-VI: Unrestricted Adversarial Attacks on ImageNet
-
Our method (Transfer-based attacks):
-
Setting
-
Substitute models:
-
The cost of GPU memory: 12G on Titan xp (12G)
-
Requirement
- Python 3.7
- Pytorch 1.8.0
- torchvision 0.9.0
- pandas 1.1.3
- matplotlib 3.3.4
- scipy 1.5.4
- timm 0.4.5
- tqdm 4.43.0
-
Download the dataset from here (or select one of the following datasets)
-
Unzip the downloaded dataset zip, and put 5K images into
"input_dir/images/"
file. -
Then run the code
python run.py
-
Finally, the adversarial examples will be saved at
"output_dir/"
[1] Yinpeng Dong, Tianyu Pang, Hang Su and Jun Zhu: Evading defenses to transferable adversarial examples by translation-invariant attacks, CVPR 2019
[2] Cihang Xie, Zhishuai Zhang, Yuyin Zhou, Song Bai, Jianyu Wang, Zhou Ren and Alan L Yuille: Improving Transferability of Adversarial Examples with Input Diversity, CVPR 2019
[3] Junhua Zou, Zhisong Pan, Junyang Qiu, Xin Liu, Ting Rui and Wei Lin: Improving the Transferability of Adversarial Examples with Resized-Diverse-Inputs,Diversity-Ensemble and Region Fitting, ECCV 2020
[4] Xiaosen Wang, Jiadong Lin, Han Hu, Jingdong Wang and Kun He: Boosting Adversarial Transferability through Enhanced Momentum, ArXiv 2021
[5] Lianli Gao, Qilong Zhang, Jingkuan Song, Xianglong Liu and Heng Tao Shen: Patch-wise attack for fooling deep neural network, ECCV 2020
[6] Lianli Gao, Qilong Zhang, Jingkuan Song and Heng Tao Shen: Patch-wise++ Perturbation for Adversarial Targeted Attacks, ArXiv 2020
[7] Lianli Gao, Qilong Zhang, Xiaosu Zhu, Jingkuan Song and Heng Tao Shen: Staircase Sign Method for Boosting Adversarial Attacks, ArXiv 2021