awesome-adversarial-machine-learning
A curated list of awesome adversarial machine learning resources
Top Related Projects
A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
Quick Overview
The "awesome-adversarial-machine-learning" repository is a curated list of resources related to adversarial machine learning. It provides a comprehensive collection of papers, tutorials, books, and tools focused on the security and robustness of machine learning models against adversarial attacks.
Pros
- Extensive collection of resources covering various aspects of adversarial machine learning
- Well-organized structure with clear categorization of different topics
- Regularly updated with new and relevant resources
- Includes both theoretical and practical resources, catering to researchers and practitioners
Cons
- May be overwhelming for beginners due to the large volume of information
- Some links may become outdated over time if not regularly maintained
- Lacks detailed explanations or summaries for each resource
- Limited coverage of some emerging topics in adversarial machine learning
Note: As this is not a code library, the code example and quick start sections have been omitted.
Competitor Comparisons
A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
Pros of Foolbox
- Practical implementation of adversarial attacks and defenses
- Actively maintained with regular updates and contributions
- Supports multiple deep learning frameworks (PyTorch, TensorFlow, JAX)
Cons of Foolbox
- Focused on implementation rather than comprehensive literature review
- May require more technical expertise to use effectively
- Limited to specific attack and defense methods implemented in the library
Code Comparison
Foolbox (implementation-focused):
import foolbox as fb
model = fb.PyTorchModel(net, bounds=(0, 1))
attack = fb.attacks.FGSM()
epsilons = [0.0, 0.001, 0.01, 0.03, 0.1, 0.3, 0.5, 1.0]
_, advs, success = attack(model, images, labels, epsilons=epsilons)
Awesome Adversarial Machine Learning (resource-focused):
## Attacks
- [Fast Gradient Sign Method (FGSM)](https://arxiv.org/abs/1412.6572)
- [Carlini & Wagner Attacks](https://arxiv.org/abs/1608.04644)
- [DeepFool](https://arxiv.org/abs/1511.04599)
Foolbox provides ready-to-use implementations, while Awesome Adversarial Machine Learning offers a curated list of resources and papers for further study.
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Pros of cleverhans
- Provides a comprehensive library of adversarial example generation and defense methods
- Offers practical implementations that can be directly used in research and development
- Regularly updated with new attack and defense techniques
Cons of cleverhans
- Focuses primarily on implementation rather than curating a list of resources
- May have a steeper learning curve for beginners in the field
- Limited to Python and TensorFlow ecosystems
Code comparison
cleverhans:
import cleverhans
from cleverhans.attacks import FastGradientMethod
from cleverhans.utils_keras import KerasModelWrapper
model_wrap = KerasModelWrapper(model)
fgsm = FastGradientMethod(model_wrap, sess=sess)
adv_x = fgsm.generate(x, **fgsm_params)
awesome-adversarial-machine-learning:
No direct code implementation available as it is a curated list of resources.
Summary
cleverhans is a practical library for implementing adversarial attacks and defenses, while awesome-adversarial-machine-learning is a curated list of resources on the topic. cleverhans offers hands-on tools for researchers and developers, but may be more complex for beginners. awesome-adversarial-machine-learning provides a broader overview of the field and is more accessible for those starting to explore adversarial machine learning.
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Pros of adversarial-robustness-toolbox
- Provides a comprehensive library of tools and algorithms for adversarial machine learning
- Offers practical implementations and ready-to-use code for various attack and defense methods
- Actively maintained with regular updates and contributions from the community
Cons of adversarial-robustness-toolbox
- Focuses primarily on implementation rather than curating a list of resources
- May have a steeper learning curve for beginners due to its extensive codebase
- Limited in providing an overview of the field compared to a curated list
Code Comparison
adversarial-robustness-toolbox:
from art.attacks.evasion import FastGradientMethod
from art.estimators.classification import KerasClassifier
# Create a classifier
classifier = KerasClassifier(model=model, clip_values=(0, 1))
# Create an attack
attack = FastGradientMethod(classifier, eps=0.1)
awesome-adversarial-machine-learning:
# No code implementation, as it's a curated list of resources
## Attacks
- [Fast Gradient Sign Method (FGSM)](https://arxiv.org/abs/1412.6572)
- [Carlini & Wagner Attacks](https://arxiv.org/abs/1608.04644)
Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
Pros of AdvBox
- Provides a comprehensive toolbox for adversarial attack and defense methods
- Offers implementations for various deep learning frameworks (PaddlePaddle, PyTorch, TensorFlow)
- Includes tutorials and examples for practical usage
Cons of AdvBox
- Less frequently updated compared to awesome-adversarial-machine-learning
- Focuses primarily on implementation rather than curating a wide range of resources
- May have a steeper learning curve for beginners
Code Comparison
AdvBox example (attack implementation):
attack = PGD(model)
adv_x = attack(x, y)
awesome-adversarial-machine-learning doesn't provide code implementations directly, as it's a curated list of resources.
Summary
AdvBox is a practical toolbox for adversarial machine learning, offering implementations and examples across multiple frameworks. awesome-adversarial-machine-learning, on the other hand, serves as a comprehensive resource list, providing links to various papers, tools, and tutorials in the field. While AdvBox is more hands-on, awesome-adversarial-machine-learning offers a broader overview of the topic, making it potentially more suitable for researchers and those seeking to explore the field's landscape.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
:warning: Deprecated
I no longer include up-to-date papers, but the list is still a good reference for starters.
Awesome Adversarial Machine Learning: 
A curated list of awesome adversarial machine learning resources, inspired by awesome-computer-vision.
Table of Contents
Blogs
-
Breaking Linear Classifiers on ImageNet, A. Karpathy et al.
-
Breaking things is easy, N. Papernot & I. Goodfellow et al.
-
Attacking Machine Learning with Adversarial Examples, N. Papernot, I. Goodfellow, S. Huang, Y. Duan, P. Abbeel, J. Clark.
-
Robust Adversarial Examples, Anish Athalye.
-
A Brief Introduction to Adversarial Examples, A. Madry et al.
-
Training Robust Classifiers (Part 1), A. Madry et al.
-
Adversarial Machine Learning Reading List, N. Carlini
-
Recommendations for Evaluating Adversarial Example Defenses, N. Carlini
Papers
General
- Intriguing properties of neural networks, C. Szegedy et al., arxiv 2014
- Explaining and Harnessing Adversarial Examples, I. Goodfellow et al., ICLR 2015
- Motivating the Rules of the Game for Adversarial Example Research, J. Gilmer et al., arxiv 2018
- Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning, B. Biggio, Pattern Recognition 2018
Attack
Image Classification
- DeepFool: a simple and accurate method to fool deep neural networks, S. Moosavi-Dezfooli et al., CVPR 2016
- The Limitations of Deep Learning in Adversarial Settings, N. Papernot et al., ESSP 2016
- Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples, N. Papernot et al., arxiv 2016
- Adversarial Examples In The Physical World, A. Kurakin et al., ICLR workshop 2017
- Delving into Transferable Adversarial Examples and Black-box Attacks Liu et al., ICLR 2017
- Towards Evaluating the Robustness of Neural Networks N. Carlini et al., SSP 2017
- Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples, N. Papernot et al., Asia CCS 2017
- Privacy and machine learning: two unexpected allies?, I. Goodfellow et al.
Reinforcement Learning
- Adversarial attacks on neural network policies, S. Huang et al, ICLR workshop 2017
- Tactics of Adversarial Attacks on Deep Reinforcement Learning Agents, Y. Lin et al, IJCAI 2017
- Delving into adversarial attacks on deep policies, J. Kos et al., ICLR workshop 2017
Segmentation & Object Detection
- Adversarial Examples for Semantic Segmentation and Object Detection, C. Xie, ICCV 2017
VAE-GAN
- Adversarial examples for generative models, J. Kos et al. arxiv 2017
Speech Recognition
- Audio Adversarial Examples: Targeted Attacks on Speech-to-Text, N. Carlini et al., arxiv 2018
Questiona Answering System
- Adversarial Examples for Evaluating Reading Comprehension Systems, R. Jia et al., EMNLP 2017
Defence
Adversarial Training
- Adversarial Machine Learning At Scale, A. Kurakin et al., ICLR 2017
- Ensemble Adversarial Training: Attacks and Defenses, F. Tramèr et al., arxiv 2017
Defensive Distillation
- Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks, N. Papernot et al., SSP 2016
- Extending Defensive Distillation, N. Papernot et al., arxiv 2017
Generative Model
- PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples, Y. Song et al., ICLR 2018
- Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight, Y. Lin et al., NIPS workshop 2017
Regularization
- Distributional Smoothing with Virtual Adversarial Training, T. Miyato et al., ICLR 2016
- Adversarial Training Methods for Semi-Supervised Text Classification, T. Miyato et al., ICLR 2017
Others
- Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images, A. Nguyen et al., CVPR 2015
Talks
- Do Statistical Models Understand the World?, I. Goodfellow, 2015
- Classifiers under Attack, David Evans, 2017
- Adversarial Examples in Machine Learning, Nicolas Papernot, 2017
- Poisoning Behavioral Malware Clustering, Biggio. B, Rieck. K, Ariu. D, Wressnegger. C, Corona. I. Giacinto, G. Roli. F, 2014
- Is Data Clustering in Adversarial Settings Secure?, BBiggio. B, Pillai. I, Rota Bulò. S, Ariu. D, Pelillo. M, Roli. F, 2015
- Poisoning complete-linkage hierarchical clustering, Biggio. B, Rota Bulò. S, Pillai. I, Mura. M, Zemene Mequanint. E, Pelillo. M, Roli. F, 2014
- Is Feature Selection Secure against Training Data Poisoning?, Xiao. H, Biggio. B, Brown. G, Fumera. G, Eckert. C, Roli. F, 2015
- Adversarial Feature Selection Against Evasion Attacks, Zhang. F, Chan. PPK, Biggio. B, Yeung. DS, Roli. F, 2016
Licenses
License
To the extent possible under law, Yen-Chen Lin has waived all copyright and related or neighboring rights to this work.
Top Related Projects
A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot