This repository contains a PyTorch implementation of the paper:

Jary Pomponi, Simone Scardapane, Aurelio Uncini

Recent research has found that neural networks are vulnerable to several types of adversarial attacks, where the input samples are modified in such a way that the model produces a wrong prediction that misclassifies the adversarial sample. In this paper we focus on black-box adversarial attacks, that can be performed without knowing the inner structure of the attacked model, nor the training procedure, and we propose a novel attack that is capable of correctly attacking a high percentage of samples by rearranging a small number of pixels within the attacked image. We demonstrate that our attack works on a large number of datasets and models, that it requires a small number of iterations, and that the distance between the original sample and the adversarial one is negligible to the human eye.

• pytorch==1.7.1
• python=3.8.5
• torchvision==0.8.2
• pyyaml==5.3.1
• tqdm

The folder './configs/' contains all the yaml files used for the experiments presented in the paper.

The folder './config/attacks' contains the files containing all the attacks with the respective hyperparameters.

The attack can be found in the file attacks/psa.py

The only training file is main.py.

So see how to use it to lunch the experiments, please refer to the files:

• experiments.sh
• experiments_targeted.sh
• experiments_dimensions.sh

All the above files take as input the dataset, the architecture and the device to be used, with some limitations. Please refer to each file to understand how to launch it.

Please cite our work if you find it useful:

@ARTICLE{2022arXiv220202236P,
       author = {{Pomponi}, Jary and {Scardapane}, Simone and {Uncini}, Aurelio},
        title = "{Pixle: a fast and effective black-box attack based on rearranging pixels}",
      journal = {arXiv e-prints},
     keywords = {Computer Science - Machine Learning, Statistics - Machine Learning},
         year = 2022,
        month = feb,
          eid = {arXiv:2202.02236},
        pages = {arXiv:2202.02236},
archivePrefix = {arXiv},
       eprint = {2202.02236},
 primaryClass = {cs.LG},
       adsurl = {https://ui.adsabs.harvard.edu/abs/2022arXiv220202236P},
      adsnote = {Provided by the SAO/NASA Astrophysics Data System}
}