🛡 torchattack

A set of adversarial attacks in PyTorch.

# Install from github source
python -m pip install git+https://github.com/daisylab-bit/torchattack

# Install from gitee mirror
python -m pip install git+https://gitee.com/daisylab-bit/torchattack

Usage

import torch
from torchattack import FGSM, MIFGSM
from torchvision.models import resnet50
from torchvision.transforms import transforms

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')

# Load a model
model = resnet50(weights='DEFAULT')
model = model.eval().to(device)

# Define normalization (you are responsible for normalizing the data if needed)
normalize = transforms.Normalize(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225])

# Initialize an attack
attack = FGSM(model, normalize, device)

# Initialize an attack with extra params
attack = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)

Check out torchattack.runner.run_attack for a simple example.

Attacks

Gradient-based attacks:

Name	$\ell_p$	Paper	torchattack class
FGSM	$\ell_\infty$	Explaining and Harnessing Adversarial Examples	torchattack.FGSM
PGD	$\ell_\infty$	Towards Deep Learning Models Resistant to Adversarial Attacks	torchattack.PGD
PGD (L2)	$\ell_2$	Towards Deep Learning Models Resistant to Adversarial Attacks	torchattack.PGDL2
MI-FGSM	$\ell_\infty$	Boosting Adversarial Attacks with Momentum	torchattack.MIFGSM
DI-FGSM	$\ell_\infty$	Improving Transferability of Adversarial Examples with Input Diversity	torchattack.DIFGSM
TI-FGSM	$\ell_\infty$	Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks	torchattack.TIFGSM
NI-FGSM	$\ell_\infty$	Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks	torchattack.NIFGSM
SI-NI-FGSM	$\ell_\infty$	Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks	torchattack.SINIFGSM
VMI-FGSM	$\ell_\infty$	Enhancing the Transferability of Adversarial Attacks through Variance Tuning	torchattack.VMIFGSM
VNI-FGSM	$\ell_\infty$	Enhancing the Transferability of Adversarial Attacks through Variance Tuning	torchattack.VNIFGSM
Admix	$\ell_\infty$	Admix: Enhancing the Transferability of Adversarial Attacks	torchattack.Admix
FIA	$\ell_\infty$	Feature Importance-aware Transferable Adversarial Attacks	torchattack.FIA

Others:

Name	$\ell_p$	Paper	torchattack class
DeepFool	$\ell_2$	DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks	torchattack.DeepFool
GeoDA	$\ell_\infty$, $\ell_2$	GeoDA: A Geometric Framework for Black-box Adversarial Attacks	torchattack.GeoDA
SSP	$\ell_\infty$	A Self-supervised Approach for Adversarial Robustness	torchattack.SSP

Development

# Create a virtual environment
python -m venv .venv
source .venv/bin/activate

# Install deps with dev extras
python -m pip install -r requirements.txt
python -m pip install -e '.[dev]'

License

MIT

Related

• Harry24k/adversarial-attacks-pytorch
• Trusted-AI/adversarial-robustness-toolbox