My bachelor's TeX thesis and other related materials.
Here's the thesis PDF
I set out to explore current state-of-the-art black-box adversarial attacks and how they fare in practical attack scenarios. I want to test out adversarial robustness of some commercial MLaaS cloud services like Google Vision API, Amazon Rekognition, Clarifai, Microsoft Azure AI etc.
Different black-box AI models have different APIs, and so do different attack algorithms. On top of that, I have some ideas how to tweak/change current attacks to better suit the APIs of different MLaaS threat models. AdvPipe is intended to be a modular pipeline, that would incorporate various attack regimes, target models and attack algorithms into single framework.
- Tested on cuda 11.3, python 3.8
# Install NVIDIA cuda (depends on your distribution)
# for example on ArchLinux you would do:
$ sudo pacman -S cudnn cuda cuda-tools
# you can also try to install cuda using conda environment manager, but I haven't tested how well conda plays together with poetry
# Install poetry (you can also try pip-installing it, but this is the official way)
$ curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python -
# install all dependencies from lock-file
$ poetry install
That's all, really :)
Create experiment YAML configuration and pass it to advpipe_attack.py
$ cd src/advpipe
$ python advpipe_attack.py --config=attack_config/square_attack_resnet18.yaml
To get a sense of what this complicated title means in practice, checkout some of my other repos with PoC adversarial attacks on Google Vision API: