Skip to content

aliborji/ShapeDefense

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
Foreground
Foreground
 
 
Visualization
Visualization
 
 
fast_adversarial
fast_adversarial
 
 
frosts
frosts
 
 
helpers
helpers
 
 
pix2pix-pytorch
pix2pix-pytorch
 
 
robustness-master/ImageNet-C
robustness-master/ImageNet-C
 
 
runs
runs
 
 
sample_pgd40_mnist_results
sample_pgd40_mnist_results
 
 
.gitignore
.gitignore
 
 
BDPA-TinyImg.ipynb
BDPA-TinyImg.ipynb
 
 
BPDA.py
BPDA.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.py
config.py
 
 
dataset.py
dataset.py
 
 
edge_detector.py
edge_detector.py
 
 
edge_or_gray_only_attack.py
edge_or_gray_only_attack.py
 
 
image_transform.py
image_transform.py
 
 
lib.py
lib.py
 
 
make_imagenet_64_c.py
make_imagenet_64_c.py
 
 
model.py
model.py
 
 
requirements.txt
requirements.txt
 
 
run.sh
run.sh
 
 
teaser.jpg
teaser.jpg
 
 
test.py
test.py
 
 
test_noise_robustness.py
test_noise_robustness.py
 
 
train.py
train.py
 
 
utils.py
utils.py
 
 

Repository files navigation

Shape Defense

  • This repository includes the following:
    • Edge-guided Adversarial Training (EAT)
    • GAN-based Shape Defense (GSD)
    • Shape-based fast adversarial training
    • Shape-based free adversarial training
    • Robustness evaluation against natural image corruptions

It shows that incorporating edges to images followed by adversarial training and edge redetection at inference time improves robustness drastically.

overfitting

News

  • 12/19/2019 - TBD

Installation

  1. Install PyTorch.
  2. Install the required python packages. All packages can be installed by running the following command:
pip install -r requirements.txt
  1. For each of the code repositories used, please see the accompanying readme files and original code bases.

Training and evaluating a model

To train a robust model run the following command:

python train.py --net_type [NET_TYPE] --model [MODEL_TYPE] --sigmas [LIST_OF_SIGMAS]  --data_dir [DATA_FOLDER]  --classes 10 --epochs 10 --inp_size 28 --load_model [LOAD_MODEL_IF_EXISTS]

This trains a robust model with the following parameters. [NET_TYPE] can be edge, rgb or rgbedge. [MODEL_TYPE] determines the type of the model and [DATA_FOLDER] sets the folder containing data. Please see model.py for some examples. [LIST_OF_SIGMAS] is the list of perturbation budgets. It trains one several models for each sigma. [LOAD_MODEL_IF_EXISTS] loads a trained classifier to build a robust model for it. See sample_pgd40_mnist_results folder for some sample generated results. You also need to specify the type of the edge detector that you want to use in the config.py. For some other codes, I have placed a sample line how to call it at the begining of the .py file. Also please see run.sh for running the code in scale.

Additional:

  • Run BPDA.py if you want to conduct a substitute attack! (bad naming here perhaps!)
  • Run test_noise_robustness.py for testing a model against natural perturbations.
  • Run edge_or_gray_only_attack.py if you want to only attack only edge pixels or gray pixels (i.e., masking the background); implemented only for MNIST
  • Run plots.ipynb for plotting results
  • See also visualization for runing edge detection on clean and attacked images

Citation

If you use this code in your research, please cite this project.

@article{shapeDefense2020,
  title={Shape Defense},
  author={Borji, Al},
  journal={xx},
  year={2020}
}

About

shape defence against adversarial attacks

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages