Learning to Generate Image Source-Agnostic Universal Adversarial Perturbations
Authors: Pu Zhao, Parikshit Ram, Songtao Lu, Yuguang Yao, Djallel Bouneffouf, Xue Lin, Sijia Liu
IJCAI 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | 5 Experiments We demonstrate the effectiveness of LFT through extensive experiments on the UAP design in the black-box setup [Chen et al., 2017], where the internal configurations and parameters of the DNN are not revealed to the attacker. Thus, the only interaction of the adversary with the system is via submission of inputs and receiving the corresponding predicted outputs. LFT is implemented using ZO gradient estimates. We wish to evaluate the ability of UAP generated with a small set of seen images to successfully attack unseen images from the same image source (for a fixed victim model). |
| Researcher Affiliation | Collaboration | Pu Zhao1 , Parikshit Ram2 , Songtao Lu2 , Yuguang Yao3 , Djallel Bouneffouf2 , Xue Lin1 and Sijia Liu2,3 1 Northeastern University 2 IBM Research 3 Michigan State University zhao.pu@northeastern.edu, {parikshit.ram, songtao}@ibm.com, yaoyugua@msu.edu, djallel.bouneffouf@ibm.com, xue.lin@northeastern.edu, liusiji5@msu.edu |
| Pseudocode | Yes | Algorithm 1 Meta-learning LFT with problem (5) |
| Open Source Code | No | No explicit statement about releasing source code or a direct link to a code repository for the described methodology found. |
| Open Datasets | Yes | As image sources, we utilize MNIST and CIFAR-10, and as victim architectures, we utilize Le Net [Lecun et al., 1998] and VGG-11 [Simonyan and Zisserman, 2014]. |
| Dataset Splits | Yes | We generate 100 UAP generation tasks Ti, i = 1, . . . , 100, each with a set Dtr i of seen images (to be used to generate the UAP) and a set Dval i of unseen images (on which the generated UAP is evaluated). In both Dtr i & Dval i , 2 image classes with 2 samples per class are randomly selected. |
| Hardware Specification | No | No specific hardware details (GPU/CPU models, memory, or specific computing environments) for running experiments were found. |
| Software Dependencies | No | The paper mentions 'We use Adam with an initial learning rate of 0.001 to meta-learn the RNN with truncated backpropagation through time (BPTT) by unrolling the RNN for 20 steps and running each optimization for 200 steps.' but does not specify versions of software libraries or frameworks like Python, PyTorch, TensorFlow, etc. |
| Experiment Setup | Yes | We use a one-layer LSTM with 10 hidden units, and one additional linear layer to project the RNN hidden state to the output. We use Adam with an initial learning rate of 0.001 to meta-learn the RNN with truncated backpropagation through time (BPTT) by unrolling the RNN for 20 steps and running each optimization for 200 steps. In both Dtr i & Dval i , 2 image classes with 2 samples per class are randomly selected. |