Introduction
This is an official release of the paper "Frequency-driven Imperceptible Adversarial Attack on Semantic Similarity" (arxiv link). 
Abstract: Current adversarial attack research reveals the vulnerability of learning-based classifiers against carefully crafted perturbations. However, most existing attack methods have inherent limitations in cross-dataset generalization as they rely on a classification layer with a closed set of categories. Furthermore, the perturbations generated by these methods may appear in regions easily perceptible to the human visual system (HVS). To circumvent the former problem, we propose a novel algorithm that attacks semantic similarity on feature representations. In this way, we are able to fool classifiers without limiting attacks to a specific dataset. For imperceptibility, we introduce the low-frequency constraint to limit perturbations within high-frequency components, ensuring perceptual similarity between adversarial examples and originals. Extensive experiments on three datasets(CIFAR-10, CIFAR-100, and ImageNet-1K) and three public online platforms indicate that our attack can yield misleading and transferable adversarial examples across architectures and datasets. Additionally, visualization results and quantitative performance (in terms of four different metrics) show that the proposed algorithm generates more imperceptible perturbations than the state-of-the-art methods. Our code will be publicly available.
Requirements
- python ==3.6
- torch == 1.7.0
- torchvision >= 0.7
- numpy == 1.19.2
- Pillow == 8.0.1
- pywt
Required Dataset
- The data structure of Cifar10, Cifar100, ImageNet or any other datasets look like below. Please modify the dataloader at
SSAH-Adversarial-master/main.py/accordingly for your dataset structure.
/dataset/
├── Cifar10
│ │ ├── cifar-10-python.tar.gz
├── Cifar-100-python
│ │ ├── cifar-100-python.tar.gz
├── imagenet
│ ├── val
│ │ ├── n02328150
Experiments
We trained a resnet20 model with 92.6% accuracy with CIFAR1010 and a resnet20 model with 69.63% accuracy with CIFAR100. If you want to have a test, you can download our pre-trained models with the Google Drivers. If you want to use our algorithm to attack your own trained model, you can always replace our models in the file checkpoints.
(1)Attack the Models Trained on Cifar10
CUDA_VISIBLE_DEVICES=0,1 bash scripts/cifar/cifar10-r20.sh
(2)Attack the Models Trained on Cifar100
CUDA_VISIBLE_DEVICES=0,1 bash scripts/cifar/cifar100-r20.sh
(2)Attack the Models Trained on Imagenet_val
CUDA_VISIBLE_DEVICES=0,1 bash scripts/cifar/Imagenet_val-r50.sh
Examples
Results on CIFAR10 Here we offer some experiment results. You can get more results in our paper.
| Name | Knowledge | ASR(%) | L2 | Linf | FID | LF | Paper |
|---|---|---|---|---|---|---|---|
| BIM | White Box | 100.0 | 0.85 | 0.03 | 14.85 | 0.25 | ICLR2017 |
| PGD | White Box | 100.0 | 1.28 | 0.03 | 27.86 | 0.34 | arxiv link |
| MIM | White Box | 100.0 | 1.90 | 0.03 | 26.00 | 0.48 | CVPR2018 |
| AutoAttack | White Box | 100.0 | 1.91 | 0.03 | 34.93 | 0.61 | ICML2020 |
| AdvDrop | White Box | 99.92 | 0.90 | 0.07 | 16.34 | 0.34 | ICCV2021 |
| C&W | White Box | 100.0 | 0.39 | 0.06 | 8.23 | 0.11 | IEEE SSP2017 |
| PerC-AL | White Box | 98.29 | 0.86 | 0.18 | 9.58 | 0.15 | CVPR2020 |
| SSA | White Box | 99.96 | 0.29 | 0.02 | 5.73 | 0.07 | CVPR2022 |
| SSAH | White Box | 99.94 | 0.26 | 0.02 | 5.03 | 0.03 | CVPR2022 |
Citation
if the code or method help you in the research, please cite the following paper:
@article{luo2022frequency,
title={Frequency-driven Imperceptible Adversarial Attack on Semantic Similarity},
author={Luo, Cheng and Lin, Qinliang and Xie, Weicheng and Wu, Bizhu and Xie, Jinheng and Shen, Linlin},
journal={arXiv preprint arXiv:2203.05151},
year={2022}
}
87 Dec 21, 2022
17 Dec 11, 2022
2.8k Jan 08, 2023
123 Jan 05, 2023
428 Dec 28, 2022
17 Sep 08, 2022
95 Dec 24, 2022
17 Dec 12, 2022
39 Dec 08, 2022
2.4k Jan 04, 2023
13 Nov 03, 2022
270 Dec 24, 2022
21 Dec 19, 2022
3 Oct 17, 2021
47 Nov 06, 2022
1 Feb 26, 2022
0 Dec 10, 2021
893 Dec 28, 2022
7.1k Dec 29, 2022