Task: Targeted Adversarial Attack
The goal of the targeted attack is to slightly modify source image in a way that image will be classified as specified target class by generally unknown machine learning classifier.
Competition home page & Rank certificate(final rank: 11/2519)
Our method can be seen a momentum iterative gradient method(MIGM). In order to further improve the transferability on different models, we adopted a ensemble learning strategy. In addition, we proposed a self-adaptive strategy to adaptively adjust the ensemble weight and disturbation scale according to our effect. To resist some general defend method like denoise, we utilize the Gassian Kernel to smooth the disturbation to improve the robustness of our method.
Python 3.6
TensorFlow 1.4.1
You can download three official pre-trained models (inception_v1, resnet_v1_50, vgg_16) from here and save them to checkpoints/