This is the code for AAAI'20 paper https://arxiv.org/abs/1811.10828 "A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks" by Jinghui Chen, Dongruo Zhou, Jinfeng Yi, and Quanquan Gu.
- Python (3.6.9)
- Tensorflow (1.15.0)
- Inception/ResNet pre-trained model
- Download ImageNet validation set and put them in /imagenetdata/imgs/ folder
- Setup Inception V3 model:
- python3 setup_inception_v3.py- Setup ResNet model:
- python3 setup_resnet.pyarch: network architecture, e.g. "inception", "resnet"sample: number of samples to attackeps: epsilon, value 0.0 to enable grid searchatt_iter: maximum number of iterations per attackatt_lr: attack learning rate (step size)grad_est: zeroth-order gradient estimation batch sizesensing: type of sensing vectors, e.g. "gaussian", "sphere"beta1: mementum parameter for FWorder: attack threat model type ("2" or "inf")
- Run white-box attack on Inception V3 model:
- CUDA_VISIBLE_DEVICES=0 python3 test_attack.py --arch "inception" --method "FW" --order "inf" --sample 250 --eps 0.05 --att_lr 0.1 --beta1 0.9- Run black-box attack on ResNet V2 model:
- CUDA_VISIBLE_DEVICES=0 python3 test_attack_black.py --arch "resnet" --method "FW" --order "inf" --sample 1000 --eps 0.3 --att_lr 0.8 --grad_est 25 --sensing "sphere"