Diffusion-Based Adversarial Sample Generation for Improved Stealthiness and Controllability
Authors: Haotian Xue, Alexandre Araujo, Bin Hu, Yongxin Chen
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | The experiment section aims to answer the following questions: (Q1) Is Diff-PGD/Diff-r PGD effective to generate adv-samples with higher realism? (Q2) Can Diff-PGD be easily applied to generate better style-customized adv-samples? (Q3) Can Diff-PGD be applied to physical world attacks? (Q4) Do adversarial samples generated by Diff-PGD show better properties like transferability and anti-purification ability? Datasets, Models, and Baselines. We use the validation dataset of Image Net [8] as our dataset to get some statistical results for global attacks and regional attacks. |
| Researcher Affiliation | Academia | Haotian Xue 1 Alexandre Araujo 2 Bin Hu 3 Yongxin Chen 1 1 Georgia Institute of Technology 2 New York University 3 University of Illinois Urbana-Champaign |
| Pseudocode | Yes | Algorithm 1 Diff-r PGD |
| Open Source Code | Yes | Code is available at https://github.com/xavihart/Diff-PGD |
| Open Datasets | Yes | We use the validation dataset of Image Net [8] as our dataset to get some statistical results for global attacks and regional attacks. [8] J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, pages 248 255. Ieee, 2009. |
| Dataset Splits | No | The paper mentions using the "validation dataset of Image Net" and sampling 250 images from it, but it does not specify the train/validation/test split percentages or sample counts for the overall dataset used in experiments. |
| Hardware Specification | Yes | All the experiments conducted in this research were carried out on a single RTX-A6000 GPU, housed within a Ubuntu 20.04 server. |
| Software Dependencies | No | The paper states "implemented using the Py Torch framework" but does not specify any version numbers for PyTorch or other software dependencies. |
| Experiment Setup | Yes | We begin with the basic global ℓ digital attacks, where we set ℓ = 16/255 for PGD and Diff-PGD, and # of iterations n = 10 and step size η = 2/255. For Diff-PGD, we use DDIM with timestep Ts = 50 (noted as DDIM50 for simplicity), and K = 3 for the SDEdit module. Here we use ϵ = 16/255, η = 2/255, n = 10 as our major settings (except for the ablation study settings) for both PGD and Diff-PGD. |