MCS2018: Adversarial Attacks on Black-box Face Recognition

It's a baseline code for Adversarial Attacks on Black-box Face Recognition This code trains the white box on data from the black box model, makes iteration FGSM attacks on the white box and makes submit zip archive.

How to reproduce

If you are using a version only for the CPU, then you need to import the module with the command

import MCS2018_CPU as MCS2018

If you are using GPU version for windows os, then download cudnn library and move to module directory

OS	python 2.7	python 3.5	python 3.6
Ubuntu	CPU GPU(cuda8.0) GPU(cuda9.0) GPU(cuda9.1) GPU(cuda9.2)	CPU GPU(cuda8.0) GPU(cuda9.0) GPU(cuda9.1) GPU(cuda9.2)	CPU GPU(cuda8.0) GPU(cuda9.0) GPU(cuda9.1) GPU(cuda9.2)
CentOS	CPU GPU (cuda8.0)	CPU GPU(cuda8.0)	CPU GPU(cuda8.0)
Windows	CPU GPU (cuda 9.0)	CPU GPU (cuda 9.0)	CPU GPU (cuda 9.0)
MacOS	CPU	CPU	CPU

1M images list for student model and descriptors

download black-box model and move to baseline director
download pair's data, student_model_imgs, submit list, pairs list and move to data

python downloader.py --root ./data --main_imgs --student_model_imgs --submit_list --pairs_list

prepare data for student model

python prepare_data.py --root data/student_model_imgs/ --datalist_path data/datalist/ --datalist_type train --gpu_id 1;
python prepare_data.py --root data/imgs/ --datalist_path data/datalist/ --datalist_type val --gpu_id 1

train black-box student model (For example, ResNet18) on not annotated data

cd student_net_learning;
CUDA_VISIBLE_DEVICES=0 python main.py --name Baseline1 --epochs 20 --cuda --batch_size 32 --datalist ../data/datalist_small/ --root ../data/

make FGSM-attack on student model

cd ..;
CUDA_VISIBLE_DEVICES=0 python attacker.py --root ./data/imgs/ --save_root ./baseline1/ --datalist ./data/pairs_list.csv --model_name ResNet18 --checkpoint_path student_net_learning/checkpoint/Baseline1/best_model_ckpt.t7 --cuda

check ssim for submission, archive all files and make submission

python evaluate.py --attack_root ./baseline1/ --target_dscr ./data/val_descriptors.npy --submit_name Baseline1 --gpu_id 1

How to improve

add classification loss in student model training
try other attacker types. Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
use teacher (black-box model) to get actual descriptors for augmentated images

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
student_net_learning		student_net_learning
.gitignore		.gitignore
MCS2018_CPU.py		MCS2018_CPU.py
README.md		README.md
attacker.py		attacker.py
baseline.ipynb		baseline.ipynb
downloader.py		downloader.py
evaluate.py		evaluate.py
logo.png		logo.png
prepare_data.py		prepare_data.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

MCS2018: Adversarial Attacks on Black-box Face Recognition

How to reproduce

How to improve

About

Releases

Packages

Languages

emakhov/mcs-2018-solution

Folders and files

Latest commit

History

Repository files navigation

MCS2018: Adversarial Attacks on Black-box Face Recognition

How to reproduce

How to improve

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages