# VT

**Repository Path**: cuge1995/VT

## Basic Information

- **Project Name**: VT
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-05-31
- **Last Updated**: 2021-07-09

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

## to do
```
label smooth
larger iteration
```





## the results
```
#mi_fgsm
Attack Success Rate for inception_v3 : 100.0%
Attack Success Rate for inception_v4 : 43.3%
Attack Success Rate for inception_resnet_v2 : 43.0%
Attack Success Rate for resnet_v2 : 35.5%
Attack Success Rate for ens3_adv_inception_v3 : 12.8%
Attack Success Rate for ens4_adv_inception_v3 : 12.7%
Attack Success Rate for ens_adv_inception_resnet_v2 : 6.2%
Attack Success Rate for adv_inception_v3 : 19.5%

##dd_mi_fgsm 5
Attack Success Rate for inception_v3 : 100.0%
Attack Success Rate for inception_v4 : 43.2%
Attack Success Rate for inception_resnet_v2 : 42.7%
Attack Success Rate for resnet_v2 : 36.6%
Attack Success Rate for ens3_adv_inception_v3 : 13.1%
Attack Success Rate for ens4_adv_inception_v3 : 12.5%
Attack Success Rate for ens_adv_inception_resnet_v2 : 6.0%
Attack Success Rate for adv_inception_v3 : 19.2%

##dd_mi_fgsm 10
Attack Success Rate for inception_v3 : 100.0%
Attack Success Rate for inception_v4 : 44.1%
Attack Success Rate for inception_resnet_v2 : 42.7%
Attack Success Rate for resnet_v2 : 38.0%
Attack Success Rate for ens3_adv_inception_v3 : 15.1%
Attack Success Rate for ens4_adv_inception_v3 : 13.3%
Attack Success Rate for ens_adv_inception_resnet_v2 : 6.1%
Attack Success Rate for adv_inception_v3 : 18.6%


##dd_mi_fgsm 0.15 10
Attack Success Rate for inception_v3 : 100.0%
Attack Success Rate for inception_v4 : 43.3%
Attack Success Rate for inception_resnet_v2 : 42.6%
Attack Success Rate for resnet_v2 : 37.5%
Attack Success Rate for ens3_adv_inception_v3 : 13.1%
Attack Success Rate for ens4_adv_inception_v3 : 11.7%
Attack Success Rate for ens_adv_inception_resnet_v2 : 5.6%
Attack Success Rate for adv_inception_v3 : 18.0%







#mi_di_ti_si_fgsm
Attack Success Rate for inception_v3 : 99.2%
Attack Success Rate for inception_v4 : 85.5%
Attack Success Rate for inception_resnet_v2 : 81.4%
Attack Success Rate for resnet_v2 : 77.7%
Attack Success Rate for ens3_adv_inception_v3 : 67.1%
Attack Success Rate for ens4_adv_inception_v3 : 63.6%
Attack Success Rate for ens_adv_inception_resnet_v2 : 47.1%
Attack Success Rate for adv_inception_v3 : 64.4%

##dd_mi_di_ti_si_fgsm
Attack Success Rate for inception_v3 : 99.3%
Attack Success Rate for inception_v4 : 84.7%
Attack Success Rate for inception_resnet_v2 : 81.9%
Attack Success Rate for resnet_v2 : 76.4%
Attack Success Rate for ens3_adv_inception_v3 : 64.6%
Attack Success Rate for ens4_adv_inception_v3 : 61.5%
Attack Success Rate for ens_adv_inception_resnet_v2 : 45.6%
Attack Success Rate for adv_inception_v3 : 63.1%

##dd_mi_di_ti_si_fgsm +
Attack Success Rate for inception_v3 : 92.6%
Attack Success Rate for inception_v4 : 80.2%
Attack Success Rate for inception_resnet_v2 : 76.5%
Attack Success Rate for resnet_v2 : 72.5%
Attack Success Rate for ens3_adv_inception_v3 : 64.0%
Attack Success Rate for ens4_adv_inception_v3 : 60.4%
Attack Success Rate for ens_adv_inception_resnet_v2 : 44.5%
Attack Success Rate for adv_inception_v3 : 61.9%





##outputs_ni_di_ti_si_fgsm
Attack Success Rate for inception_v3 : 99.4%
Attack Success Rate for inception_v4 : 85.1%
Attack Success Rate for inception_resnet_v2 : 81.1%
Attack Success Rate for resnet_v2 : 76.9%
Attack Success Rate for ens3_adv_inception_v3 : 60.2%
Attack Success Rate for ens4_adv_inception_v3 : 55.1%
Attack Success Rate for ens_adv_inception_resnet_v2 : 39.8%
Attack Success Rate for adv_inception_v3 : 59.3%



```





# Variance Tuning

This repository contains code to reproduce results from the paper:

[Enhancing the Transferability of Adversarial Attacks through Variance Tuning](https://arxiv.org/abs/2103.15571) (CVPR 2021)

[Xiaosen Wang](https://xiaosen-wang.github.io/), Kun He

## Requirements

+ Python >= 3.6.5
+ Tensorflow >= 1.12.0
+ Numpy >= 1.15.4
+ opencv >= 3.4.2
+ scipy > 1.1.0
+ pandas >= 1.0.1
+ imageio >= 2.6.1

## Qucik Start

### Prepare the data and models

You should download the [data](https://drive.google.com/drive/folders/1CfobY6i8BfqfWPHL31FKFDipNjqWwAhS) and [pretrained models](https://drive.google.com/drive/folders/10cFNVEhLpCatwECA6SPB-2g0q5zZyfaw) and place the data and pretrained models in dev_data/ and models/, respectively.

### Variance Tuning Attack

All the provided codes generate adversarial examples on inception_v3 model. If you want to attack other models, replace the model in `graph` and `batch_grad` function and load such models in `main` function.

#### Runing attack

Taking vmi_di_ti_si_fgsm attack for example, you can run this attack as following:

```
CUDA_VISIBLE_DEVICES=gpuid python vmi_di_ti_si_fgsm.py 
```

The generated adversarial examples would be stored in directory `./outputs`. Then run the file `simple_eval.py` to evaluate the success rate of each model used in the paper:

```
CUDA_VISIBLE_DEVICES=gpuid python simple_eval.py
```

## Acknowledgments

Code refers to [SI-NI-FGSM](https://github.com/JHL-HUST/SI-NI-FGSM).

## Contact

Questions and suggestions can be sent to xswanghuster@gmail.com.