Demiguise Attack: Crafting Invisible Semantic Adversarial Perturbations with Perceptual Similarity
Authors: Yajie Wang, Shangbo Wu, Wenyi Jiang, Shengang Hao, Yu-an Tan, Quanxin Zhang
IJCAI 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments show that the proposed method not only outperforms various state-of-the-art attacks in terms of fooling rate, transferability, and robustness against defenses but can also improve attacks effectively. |
| Researcher Affiliation | Academia | Yajie Wang ,1 , Shangbo Wu ,1 , Wenyi Jiang1 , Shengang Hao1,3 , Yu-an Tan2 and Quanxin Zhang ,1 1School of Computer Science and Technology, Beijing Institute of Technology 2School of Cyberspace Science and Technology, Beijing Institute of Technology 3School of Computer Science and Technology, Nanyang Normal University {wangyajie19, shangbo.wu, jiangwenyi2000, haoshengang, tan2008, zhangqx}@bit.edu.cn |
| Pseudocode | Yes | Algorithm 1 Demiguise-C&W |
| Open Source Code | No | The paper mentions participation in a competition and refers to a benchmark link ([Dong et al., 2021] Alibaba security: Adversarial robustness benchmark. https://s. alibaba.com/benchmark), but does not explicitly provide a link to its own source code for the described methodology or state that it is being released. |
| Open Datasets | Yes | We randomly pick 1000 images of 10 separate classes from Image Net [Deng et al., 2009] that are all classified correctly by the models. |
| Dataset Splits | No | The paper mentions using a 'validation set' when evaluating adversarial strength, but does not specify the exact dataset splits (e.g., percentages or sample counts) for training, validation, and testing needed for reproduction. |
| Hardware Specification | Yes | Our experiments are run on Ubuntu 20.04 LTS with NVIDIA Ge Force RTX 3090 GPUs and 64GB of memory. |
| Software Dependencies | No | The paper mentions 'Py Torch s torchvision library' and 'Ubuntu 20.04 LTS' but does not specify exact version numbers for software dependencies like PyTorch or torchvision, which are necessary for full reproducibility. |
| Experiment Setup | Yes | In terms of attacks, we choose a learning rate of 0.2 and a maximum of 1000 iterations for Demiguise-C&W. For Demiguise-MI-FGSM, we choose an ϵ of 0.4, a max iteration of 70 rounds, and a decay factor of 1.0. For Demiguise HSJA, we choose a max iteration of 2000 queries. |