DiffAttack
DiffAttack copied to clipboard
kangmintong
[NeurIPS 2023] Codes for DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification
DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification
Implementation of DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification [NeurIPS 2023].
Diffattack is a strong adversarial attack against diffusion-based purification defenses. We provide the following scripts for reproducing the results.
Environment and Pretrained models
Please refer to requirement.txt for the required packages of running the codes in the repo.
Put the folder models and pretrained under DiffAttack_Score_Based/ and DiffAttack_DDPM_Based/.
Attack against score-based purification
AdjAttack from DiffPure
Please refer to DiffPure for the adjattack against score-based diffusion purification defenses.
DiffAttack
The scripts are provided in DiffAttack_Score_Based/run_scripts/cifar10/ for CIFAR-10.
DiffAttack against score-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_rand_inf.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_rand_inf_70-16-dp.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_rand_L2.sh SEED1 SEED2
DiffAttack against score-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_rand_L2_70-16-dp.sh SEED1 SEED2
The scripts are provided in DiffAttack_Score_Based/run_scripts/imagenet/ for ImageNet.
DiffAttack against score-based purification on ImageNet with ResNet-50 under Linf attack:
sh run_in_rand_inf.sh SEED1 SEED2
DiffAttack against score-based purification on ImageNet with WideResNet-50-2 under Linf attack:
sh run_in_rand_inf_50-2.sh SEED1 SEED2
DiffAttack against score-based purification on ImageNet with DeiT-S under Linf attack:
sh run_in_rand_inf_deits.sh SEED1 SEED2
DiffAttack against DDPM-based purification
The scripts are provided in DiffAttack_DDPM_Based/run_scripts/cifar10/
Diff-BPDA attack
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_ddpm_inf_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_ddpm_inf_70_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_ddpm_l2_bpda.sh SEED1 SEED2
Diff-BPDA attack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_ddpm_l2_70_bpda.sh SEED1 SEED2
DiffAttack
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under Linf attack:
sh run_cifar_ddpm_inf.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under Linf attack:
sh run_cifar_ddpm_inf_70.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-28-10 under L2 attack:
sh run_cifar_ddpm_l2.sh SEED1 SEED2
DiffAttack against DDPM-based purification on CIFAR-10 with WideResNet-70-16 under L2 attack:
sh run_cifar_ddpm_l2_70.sh SEED1 SEED2
Acknowledgement
The code base is built upon Auto-Attack and DiffPure.
If you consider our repo helpful, please consider citing:
@article{kang2024diffattack,
title={DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification},
author={Kang, Mintong and Song, Dawn and Li, Bo},
journal={Advances in Neural Information Processing Systems},
volume={36},
year={2024}
}
Metadata
Owner
kangmintong
Metadata
[NeurIPS 2023] Codes for DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification