jayaram-r / adversarial-detection Goto Github PK
View Code? Open in Web Editor NEWCode and experiments for the adversarial detection paper
License: MIT License
adversarial-detection's People
Contributors
Stargazers
Watchers
adversarial-detection's Issues
Cifar10 Resnet 34 model without activation functions
Why aren't any activation functions in your ResNet34?
Yours... no ReLU
ResNet(
(conv1): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(layer1): Sequential(
(0): BasicBlock(
(conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(shortcut): Sequential()
)
(1): BasicBlock(
(conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(shortcut): Sequential()
)
Original: with ReLU
ResNet(
(conv1): Sequential(
(0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(2): ReLU(inplace=True)
)
(conv2_x): Sequential(
(0): BasicBlock(
(residual_function): Sequential(
(0): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(2): ReLU(inplace=True)
(3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(4): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
)
(shortcut): Sequential()
)
data_ty.npy file missing
Hi
When I am trying to run your code detection_main.py, it loads the data_ty.npy file. But I can not find this file or some code to generate this file. I appreciate it if any help is provided
Why is this noisy data generated?
This script generates noisy data?
https://github.com/jayaram-r/adversarial-detection/blob/master/expts/generate_noisy_data.py
Why is this done?
For which defenses is that useful?
example for providing data from fgsm attack on cifar10 and how to set the output folder for layers.py
How I would set the params for FGSM:
python generate_samples.py -m cifar10 --aa FGSM --gpu 0
and then for layers.py
(detection) user@cerberus16:~/adversarial-detection/expts$ python layers.py --model-type cifar10 --dm proposed -b 32 -o "layers_test"
Files already downloaded and verified
Files already downloaded and verified
Calculating layer embeddings for the train data:
Number of labeled samples per class:
class 0, count = 5000, proportion = 0.1000
class 1, count = 5000, proportion = 0.1000
class 2, count = 5000, proportion = 0.1000
class 3, count = 5000, proportion = 0.1000
class 4, count = 5000, proportion = 0.1000
class 5, count = 5000, proportion = 0.1000
class 6, count = 5000, proportion = 0.1000
class 7, count = 5000, proportion = 0.1000
class 8, count = 5000, proportion = 0.1000
class 9, count = 5000, proportion = 0.1000
Number of predicted samples per class:
class 0, count = 5000, proportion = 0.1000
class 1, count = 5000, proportion = 0.1000
class 2, count = 5000, proportion = 0.1000
class 3, count = 5000, proportion = 0.1000
class 4, count = 5000, proportion = 0.1000
class 5, count = 5000, proportion = 0.1000
class 6, count = 5000, proportion = 0.1000
class 7, count = 5000, proportion = 0.1000
class 8, count = 5000, proportion = 0.1000
class 9, count = 5000, proportion = 0.1000
Calculating layer embeddings for the test data:
Number of labeled samples per class:
class 0, count = 1000, proportion = 0.1000
class 1, count = 1000, proportion = 0.1000
class 2, count = 1000, proportion = 0.1000
class 3, count = 1000, proportion = 0.1000
class 4, count = 1000, proportion = 0.1000
class 5, count = 1000, proportion = 0.1000
class 6, count = 1000, proportion = 0.1000
class 7, count = 1000, proportion = 0.1000
class 8, count = 1000, proportion = 0.1000
class 9, count = 1000, proportion = 0.1000
Number of predicted samples per class:
class 0, count = 1000, proportion = 0.1000
class 1, count = 1002, proportion = 0.1002
class 2, count = 1003, proportion = 0.1003
class 3, count = 989, proportion = 0.0989
class 4, count = 1016, proportion = 0.1016
class 5, count = 994, proportion = 0.0994
class 6, count = 1007, proportion = 0.1007
class 7, count = 980, proportion = 0.0980
class 8, count = 1014, proportion = 0.1014
class 9, count = 995, proportion = 0.0995
Test set accuracy = 0.9545
Number of layers = 8
Layer: 1
Original dimension = 3072. Train data size = 50000. Sub-sample size used for dimension reduction = 10000
Intrinsic dimensionality: 24
Searching for the best number of neighbors (k) and projected dimension.
INFO:helpers.knn_classifier:Using NPP for dimension reduction.
INFO:helpers.dimension_reduction_methods:Applying PCA as first-level dimension reduction step
INFO:helpers.dimension_reduction_methods:Number of nonzero singular values in the data matrix = 3072
INFO:helpers.dimension_reduction_methods:Number of principal components accounting for 99.5 percent of the data variance = 847
INFO:helpers.dimension_reduction_methods:Dimension of the PCA transformed data = 847
INFO:helpers.dimension_reduction_methods:Dimension of the projected subspace = 240
INFO:helpers.dimension_reduction_methods:Solving the generalized eigenvalue problem to find the optimal projection matrix.
INFO:helpers.knn_classifier:Performing cross-validation to search for the best combination of number of neighbors and projected data dimension:
Traceback (most recent call last):
File "layers.py", line 308, in <module>
main()
File "layers.py", line 291, in main
search_dimension_and_neighbors(embeddings, labels, indices_sample, model_file, output_file, n_jobs)
File "layers.py", line 105, in search_dimension_and_neighbors
n_jobs=n_jobs
File "adversarial-detection/expts/helpers/knn_classifier.py", line 151, in knn_parameter_search
labels_test_pred = knn_model.predict_multiple_k(data_proj[ind_te, :], k_range)
File "adversarial-detection/expts/helpers/knn_classifier.py", line 414, in predict_multiple_k
nn_indices, nn_distances = self.index_knn.query(X, k=k_list[-1])
File "adversarial-detection/expts/helpers/knn_index.py", line 235, in query
return self._query(data, self.index_knn[0], k)
File "adversarial-detection/expts/helpers/knn_index.py", line 252, in _query
nn_indices, nn_distances = index.query(data, k=k)
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/pynndescent/pynndescent_.py", line 886, in query
self._init_search_graph()
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/pynndescent/pynndescent_.py", line 842, in _init_search_graph
self._search_graph.transpose()
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/scipy/sparse/lil.py", line 437, in transpose
return self.tocsr(copy=copy).transpose(axes=axes, copy=False).tolil(copy=False)
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/scipy/sparse/lil.py", line 462, in tocsr
_csparsetools.lil_get_lengths(self.rows, indptr[1:])
File "_csparsetools.pyx", line 109, in scipy.sparse._csparsetools.lil_get_lengths
ValueError: Buffer has wrong number of dimensions (expected 1, got 2)Details on parameters of adversarial attack?
Greetings!
Thank you for sharing the codes and it is really a solid work! But I got several questions about the parameters of adversarial attack.
- As put in Section D.4 in supplementary file, the parameters of PGD attack are
epsilon=1/255, stepsize=0.05, iteration=40. However, the epsilon is smaller than stepsize (1/255โ0.0039<0.05). Is there a mistake? - I wonder what does the
epsilon linearly spaced in the interval [1/255, 21/255]means. As put in Section D.4 in supplementary file, the epsilon of PGD attack is set as 1/255. - Can
epsilon=1/255guarantee a 100% success of adversarial attack?
Thanks!
Adaptive Attacks
Hi, thanks for the sharing codes and it's a solid work. But I have some questions about Adaptive Attacks.
(1) What's your adaptive attacks based on? CW, PGD or FGSM?
(2) I'm more interested in the codes how you can generate adaptive attacks mentioned in your paper. If convenient, could you include the more detailed command line to generate adaptive attacks?
Thanks for your help!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.