Pytorch Implementation of "Cross-Domain Transferability of Adversarial Perturbations" (NeurIPS 2019) arXiv link.

1. Highlights
2. Usage
3. Pretrained-Generators
4. How to Set-Up Data
5. Training/Eval
6. Create-Adversarial-Dataset
7. Citation

1. The transferability of adversarial examples makes real-world attacks possible in black-box settings, where the attacker is forbidden to access the internal parameters of the model. we propose a framework capable of launching highly transferable attacks that crafts adversarial patterns to mislead networks trained on different domains. The core of our proposed adversarial function is a generative network that is trained using a relativistic supervisory signal that enables domain-invariant perturbation.
2. We mainly focus on image classfication task but you can use our pretrained adversarial generators to test robustness of your model regardless of the task (Image classification, Segmentation, Object Detection etc.)
3. You don't need any particular setup (label etc.) to generate adversaries using our method. You can generate adversarial images of any size for any image dataset of your choice (see how to set-up data directory below).

1. Install pytorch.
2. Install python packages using following command:

pip install -r requirements.txt

git clone https:https://github.com/Muzammal-Naseer/Cross-domain-perturbations.git
cd Cross-domain-perturbations

Download pretrained adversarial generators from here to 'saved_models' folder.

Adversarial generators are trained against following four models.

• ResNet152
• Inceptionv3
• VGG19
• VGG16

These models are trained on ImageNet and available in Pytorch.

• Training data:

  • ImageNet Training Set.
  • Paintings
  • Comics
  • Chexnet
  • You can try your own data set as well.

• Evaluations data:

  • ImageNet Validation Set (50k images).
  • Subset of ImageNet validation set (5k images).
  • NeurIPS dataset (1k images).
  • You can try your own dataset as well.

• Directory structure should look like this:

   |Root
       |ClassA
               img1
               img2
               ...
       |ClassB
               img1
               img2
               ...

Run the following command

  python train.py --model_type res152 --train_dir paintings --eps 10 --rl

This will start trainig a generator trained on Paintings (--train_dir) against ResNet152 (--model_type) under perturbation budget 10 (--eps) with relativistic supervisory signal.

Run the following command

  python eval.py --model_type res152 --train_dir imagenet --test_dir ../IN/val --epochs 0 --model_t vgg19 --eps 10 --measure_adv --rl

This will load a generator trained on ImageNet (--train_dir) against ResNet152 (--model_type) and evaluate clean and adversarial accuracy of VGG19 (--model_t) under perturbation budget 10 (--eps).

If you need to save adversaries for visualization or adversarial training, run the following command:

 python generate_and_save_adv.py --model_type incv3 --train_dir paintings --test_dir 'your_data/' --eps 255

You should see beautiful images (unbounded adversaries) like this:

@article{naseer2019cross,
  title={Cross-Domain Transferability of Adversarial Perturbations},
  author={Naseer, Muzammal and Khan, Salman H and Khan, Harris and Khan, Fahad Shahbaz and Porikli, Fatih},
  journal={Advances in Neural Information Processing Systems},
  year={2019}
}

Muzammal Naseer - [email protected]
Suggestions and questions are welcome!