This repository implements the logarithmic barrier adversarial attack, described in The LogBarrier adversarial attack: making effective use of decision boundary information.
The logarithmic barrier adversarial attack begins with a mis-classified image. It then iteratively minimizes distance to a clean unperturbed image, while enforcing model mis-classification, using the logarithmic barrier function. The strength of the LogBarrier attack is its ability to adversarially perturb all images with a relatively small norm, compared to other attack methods (say for example PGD). The LogBarrier attack works well in both the Euclidean and maximum norms.
Update 2019-08-21 We have updated the LogBarrier method for any non-smooth metric (including state-of-the-art L0 attacks). Please see the repo ProxLogBarrierAttack, and accompanying preprint.
Written in Python 3 and PyTorch 1.0.
An example attack, on a pretrained CIFAR10 model, is provided in
cifar10-example/run_attack.py
. The attack itself is implemented as a class in
logbarrier.py
.
If you find the LogBarrier attack useful in your scientific work, please cite as
@InProceedings{Finlay_2019_ICCV,
author = {Finlay, Chris and Pooladian, Aram-Alexandre and Oberman, Adam},
title = {The LogBarrier Adversarial Attack: Making Effective Use of Decision Boundary Information},
booktitle = {The IEEE International Conference on Computer Vision (ICCV)},
month = {October},
year = {2019}
}