Imperceptible Adversarial Attack via Invertible Neural Networks
Authors: Zihan Chen, Ziyue Wang, Jun-Jie Huang, Wentao Zhao, Xiao Liu, Dejian Guan
AAAI 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on CIFAR-10, CIFAR-100, and Image Net-1K demonstrate that the proposed Adv INN method can produce less imperceptible adversarial images than the state-of-the-art methods and Adv INN yields more robust adversarial examples with high confidence compared to other adversarial attacks. |
| Researcher Affiliation | Academia | College of Computer Science, National University of Defense Technology, Changsha, Hunan, China {chenzihan21, wangzy13, jjhuang, wtzhao, liuxiao13a, guandejian20}@nudt.edu.cn |
| Pseudocode | No | No pseudocode or clearly labeled algorithm blocks were found in the paper. |
| Open Source Code | Yes | Code is available at https://github.com/jjhuangcs/Adv INN. |
| Open Datasets | Yes | We evaluate the performance of the comparison methods on Image Net-1K dataset which contains 1000 images sampled from the Image Net-1K validation set (Russakovsky et al. 2015). We have also evaluated the performance of all comparison methods on the testing set of CIFAR-10 and CIFAR100. |
| Dataset Splits | Yes | We evaluate the performance of the comparison methods on Image Net-1K dataset which contains 1000 images sampled from the Image Net-1K validation set (Russakovsky et al. 2015). |
| Hardware Specification | Yes | All experiments were performed on a computer with a NVIDIA RTX 3090 GPU with 24 GB memory. |
| Software Dependencies | No | No specific version numbers for software dependencies (e.g., Python 3.x, PyTorch 1.x) were found in the paper, only mentions of models like VGG16. |
| Experiment Setup | Yes | The optimizer for optimizing the learning objective of Adv INN in (1) is set to Adam (Kingma and Ba 2014) optimizer with initial learning rate 1e 4 which is decayed every 200 iterations with decay rate 0.9 and is lower bounded by 1e 5. We empirically set the regularization parameters λadv = 3, wll = 2, wlh,hl,hh = 1 and λperp = 0.001. All methods use ϵ = 8/255 as the adversarial budget. |