Adversarial Attack and Defense for Deep Ranking

Adversarial Ranking Attack and Defense, ECCV, 2020.

Adversarial Attack and Defense for Deep Ranking

The code will be released under an opensource license immediately after paper acceptance, but currently it remains to be a confidential copy for peer review only.


  1. Download the corresponding datasets and adjust the path in the configuration file config.yml.

  2. Train the baseline model (Cosine, Triplet, C2F2) on MNIST dataset using python3 -M mnC_c2f2_trip.

  3. Attack the baseline model with “CA+” attack with 1 target queries with epsilon=0.3: python3 -M mnC_c2f2_trip -A C+:PGD-W1 -v -e 0.3.

  4. Adversarially train the baseline model with an epsilon=0.3 adversary: python3 -M mnC_c2f2_trip -A 0.3

  5. Transfer attack, from resnet18 to c2f2: python3 -M mnC_res18_trip -A C+:PGD-W1 -v -e 0.3 -T mnC_c2f2_trip

See also the content of Makefile for more detail. The list of available attacks can be found in The list of available models can be found in the following Files section.


config.yml                    (configuration file: dataset paths, some experiment parameters)                     (script for adversarial ranking)                      (script for baseline training and adversarial baseline training)
models/            (python module)
models/              (the common functions, including the attacking functions)
models/datasets/   (python module)
models/datasets/    (defines the fashion-mnist dataset reader)
models/datasets/      (defines the mnist dataset reader)
models/datasets/        (defines the stanford online dataset reader)
models/                 (utility functions for debugging)
models/    (fashion-mnist, cosine, c2f2, siamese/contrastive)
models/       (fashion-mnist, cosine, c2f2, triplet)
models/    (fashion-mnist, euclidean, c2f2, siamese)
models/       (fashion-mnist, euclidean, c2f2, triplet)
models/         (fashion-mnist, c2f2, classification)
models/      (fashion-mnist, 1-layer softmax, classification)
models/    (mnist, c2f2, cosine, siamese)
models/       (mnist, c2f2, cosine, triplet)
models/      (mnist, lenet, cosine, triplet)
models/      (mnist, resnet18, cosine, triplet)
models/    (mnist, c2f2, euclidean, siamese)
models/       (mnist, c2f2, euclidean, triplet)
models/         (mnist, c2f2, classification)
models/      (mnist, c2f2, 1-layer softmax)
models/  (sop, resnet18, cosine, siamese)
models/     (sop, resnet18, cosine, triplet)
models/  (sop, resnet18, euclidean, siamese)
models/     (sop, resnet18, euclidean, triplet)

VersionInfo and Dependencies

We use the following software platform to run the experiments.

Platform: linux (Debian GNU/Linux Sid)
Python3: 3.7.3
Numpy: 1.16.2
Torch: 1.1.0 (CUDA 10)
Scipy: 1.2.1
Matplotlib: 3.0.3

Use the following command to install the missing python dependencies:

$ pip install -r requirements.txt
Copyright (C) 2019-2020, Authors of ECCV2020 #2274 "Adversarial Ranking Attack and Defense"
Copyright (C) 2019-2020, Mo Zhou <>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.