Feature Space Targeted Attacks by Statistic Alignment
Authors: Lianli Gao, Yaya Cheng, Qilong Zhang, Xing Xu, Jingkuan Song
IJCAI 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments verify the effectiveness of our proposed method, and it outperforms the state-of-the-art algorithms by a large margin. |
| Researcher Affiliation | Academia | Center for Future Media, University of Electronic Science and Technology of China yaya.cheng@hotmail.com, qilong.zhang@std.uest.edu.cn, jingkuan.song@gmail.com |
| Pseudocode | No | The paper describes the attack algorithm using mathematical equations (e.g., Equation 7, 8, 9) in section 3.4 but does not provide a formal pseudocode block or algorithm listing. |
| Open Source Code | Yes | Our code is publicly available at https://github.com/yaya-cheng/PAA-GAA. |
| Open Datasets | Yes | Image Net models. For a better evaluation of transferability, four Image Net-trained models with different architectures are chosen: VGG-19 with batch-normalization (VGG19) [Simonyan and Zisserman, 2015], Dense Net-121 (Den121) [Huang et al., 2017], Res Net-50 (Res50) [He et al., 2016], Inception-v3 (Inc-v3) [Szegedy et al., 2016]. ... For each of all 1000 labels in the Image Net validation set, we randomly select five images (5,000 in total) to perturb, which are correctly classified by all the networks we considered. |
| Dataset Splits | No | The paper uses pre-trained ImageNet models and samples images from the ImageNet validation set for attack. It does not describe training/validation/test splits for its own experimental process of generating adversarial examples against these models. |
| Hardware Specification | No | The paper does not explicitly state the hardware specifications used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific version numbers for software dependencies. |
| Experiment Setup | Yes | To make a fair comparison, all methods are set to identical ℓ∞ constraint ϵ=0.07, the number of iterations T =20, and step size α=ϵ/T =0.0035. The gallery size is set to 20 × 1000. For PAAg, we set variance σ2 as the mean of squared ℓ2 distances of those pairs. For PAAp, we set bias c = 0, and only study the case of power d = 2. For TIFGSM, we adopt the default kernel length as 15. For MIFGSM, we set the decay factor as µ=1.0. |