# Code-MIGA

## Abstract

> Denoising is a crucial preprocessing step in many vision tasks, aiming to remove noise while preserving essential semantic information. It is also employed as a defense mechanism to remove adversarial perturbations targeting downstream tasks. However, deep learning-based denoising models themselves can be vulnerable to adversarial attacks due to their reliance on specific noise assumptions. Existing attacks on denoising models primarily degrade visual clarity but struggle to manipulate semantic content, making them either easily detectable or limited in impact.
In this paper, we propose Mutual Information-Guided Attack (MIGA), the first method designed to directly attack deep denoising models by strategically disrupting their ability to preserve semantic content via adversarial perturbations. By minimizing the mutual information between the original and denoised images—a measure of semantic similarity—MIGA forces the denoiser to produce perceptually clean yet semantically altered outputs. While these images appear visually plausible, they encode systematically distorted semantics, revealing a fundamental vulnerability in denoising models.These distortions persist in denoised outputs and can be assessed based on the performance of downstream tasks. We propose new evaluation metrics and systematically assess four denoising models across five datasets, demonstrating MIGA’s consistent effectiveness in disrupting semantic integrity. Our findings challenge the assumption that denoising inherently enhances robustness, highlighting a critical security risk in real-world applications.
![structure](./photo/structure.png)

## Example
> ![example2](./photo/main_un.png)
> ![example1](./photo/results.jpg)
## Installation
1. **Get the Repository**:

    ```bash
    cd Code-MIGA
    ```

2. **Create a Virtual Environment (Optional but Recommended)**:

    ```bash
    conda create -n myenv python=3.7
    conda activate myenv
    ```

3. **Install Required Packages**:

    install the packages manually:

    ```bash
    conda install pytorch=1.8 torchvision cudatoolkit=10.2 -c pytorch
    pip install matplotlib scikit-learn scikit-image opencv-python yacs joblib natsort h5py tqdm
    pip install einops gdown addict future lmdb numpy pyyaml requests scipy tb-nightly yapf lpips
    ```
4. **Install Basicsr**  
    Go to the Restormer repository and download the basicSR code.
    ```bash
        cd path/to/Restormer/basicSR
        python setup.py develop --no_cuda_ext
    ```
## Unknown Task

The attack generates perturbed images that, when processed by the denoising model, produce outputs similar to target images.

### Pretrained Models

Download the pretrained models and place them in the appropriate directories:

1. **Restormer Pretrained Model**:
    - Place the downloaded `.pth` file in the `./pretrained_models/` directory.

2. **VGG16 Pretrained Model**:
    - Place the downloaded `.pth` file in the `./pretrained_models/` directory.

3. **MINE Model**:

    - Ensure you have the `mine_model.pth` file in the root directory (same level as `Attack.py`).

### Dataset Preparation

Prepare your datasets for the attack:

1. **Original Images**:

    - Place your original images in a folder (e.g., `/path/to/original_images/`).

2. **Target Images**:

    - Place your target images in a folder (e.g., `/path/to/target_images/`).


### Usage

1. **Set the Paths**:

    Open `Attack.py` and modify the following variables to point to your datasets:

    ```python
    original_folder = '/path/to/original_images'
    target_folder = '/path/to/target_images'
    result_folder = '/path/to/save_results'
    batch_size = 16  # Adjust as needed
    ```

2. **Run the Attack**:

    Execute the attack script:

    ```bash
    cd Unknown-Task
    python Attack.py
    ```

3. **Results**:

    - The perturbed images and the restored outputs will be saved in subfolders within the `result_folder`.
    - Each subfolder corresponds to an image and contains:
        - `original.png`: The original image.
        - `target.png`: The target image.
        - `perturbed.png`: The perturbed image after the attack.
        - `restored_original.png`: The output of the denoising model on the original image.
        - `restored_perturbed.png`: The output of the denoising model on the perturbed image.
        - `log.txt`: Log file containing loss information during optimization.

## Known Task

### Pretrained Models

Download the pretrained models and place them in the appropriate directories:

1. **Restormer Pretrained Model**:
    - Place the downloaded `.pth` file in the `./pretrained_models/` directory.

2. **VGG16 Pretrained Model**:
    - Place the downloaded `.pth` file in the `./pretrained_models/` directory.

3. **Resnet50 Model**:

    - Ensure you have the `Resnet50.pth` file in the root directory (same level as `Attack.py`).

### Dataset Preparation

Prepare your datasets for the attack:
we have 10 subfolders which correspond to 10 classes of the dataset. Directly put the images in the corresponding subfolders. (e.g., `/path/to/original_images/n02056570/1.png`).

### Usage

1. **Set the Paths**:

    Open `Attack.py` and modify the following variables to point to your datasets:

    ```python
    original_folder = '/path/to/original_images'
    result_folder = '/path/to/save_results'
    batch_size = 16  # Adjust as needed
    ```

2. **Run the Attack**:

    Execute the attack script:

    ```bash
    cd Known-Task
    python Attack.py
    ```