Patch-wise Iterative Attack (accpeted by ECCV2020)

This is the Tensorflow code for our paper Patch-wise Attack for Fooling Deep Neural Network, and Pytorch version can be found at here.

In our paper, we propose a novel Patch-wise Iterative Method by using the amplification factor and guiding gradient to its feasible direction. Comparing with state-of-the-art attacks, we further improve the success rate by 3.7\% for normally trained models and 9.1\% for defense models on average. We hope that the proposed methods will serve as a benchmark for evaluating the robustness of various deep models and defense methods.

In targeted attack case, we extend our Patch-wise iterative method to Patch-wise++ iterative method. More details can be found from here.

Implementation

• Tensorflow 1.14, gast 0.2.2, Python3.7

• Download the models

• Normlly trained models (DenseNet can be found in here)

• Ensemble adversarial trained models

• Feature Denoising

• Then put these models into ".models/"

• Run the code

python python project_iter_attack.py

• The output images are in "output/"

Results

Citing this work

If you find this work is useful in your research, please consider citing:

@inproceedings{GaoZhang2020PatchWise, author = {Lianli Gao and Qilong Zhang and Jingkuan Song and Xianglong Liu and Heng Tao Shen}, title = {Patch-Wise Attack for Fooling Deep Neural Network}, Booktitle = {European Conference on Computer Vision}, year = {2020} }