CamoPatch: An Evolutionary Strategy for Generating Camoflauged Adversarial Patches
Authors: Phoenix Williams, Ke Li
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we empirically evaluate our proposed method s effectiveness by attacking classifiers trained on the Image Net dataset [16]. The experimental setup is outlined in Section 4.1, followed by a comparative analysis with state-of-the-art adversarial patch methods, including Patch-RS [15], TPA [66], OPA [20], Adv-Watermark [27] and a black-box adaptation of LOAP [47] in Section 4.2. Last but not the least, Section 4.3 offers an ablation study that scrutinizes the significance of various components and parameters within our proposed method. |
| Researcher Affiliation | Academia | Phoenix Neale Williams Department of Computer Science University of Exeter Exeter, EX4 4RN pw384@exeter.ac.uk Ke Li Department of Computer Science University of Exeter Exeter, EX4 4RN k.li@exeter.ac.uk |
| Pseudocode | Yes | Algorithm 1: Evolutionary Strategy for Generating Disguised Adversarial Patches (Camo Patch) |
| Open Source Code | No | The paper does not contain an explicit statement about releasing its source code or a link to a code repository for the methodology described. |
| Open Datasets | Yes | For our experiments, we follow a similar setup to preceding works, conducting non-targeted and targeted attacks on DNN classifiers trained on the Image Net dataset [16]. |
| Dataset Splits | Yes | A subset of 1, 000 images, correctly classified by each classifier from the Image Net validation set, is chosen and resized to dimensions of 224 224 3. |
| Hardware Specification | Yes | All experiments were carried out on a system with an NVIDIA Ge Force RTX 2080Ti GPU. |
| Software Dependencies | No | The paper mentions software like 'Py Torch library [44]' and 'Robust Bench library [14]' but does not provide specific version numbers for these software dependencies. |
| Experiment Setup | Yes | Parameter Settings: To select the value of ϵ, we follow the approach of Croce et al., setting ϵ = 1600. This corresponds to a patch size of 40 40, which constitutes roughly 3.2% of the total pixel count. We assign a budget of 10, 000 queries for each attack. As discussed in Section 3, our proposed method entails four free parameters: σ, lit, t, and N. For these parameters, we set σ = 0.1, t = 300, lit = 4, and N = 100. |