jayaram-r / adversarial-detection Goto Github PK
View Code? Open in Web Editor NEWCode and experiments for the adversarial detection paper
License: MIT License
Code and experiments for the adversarial detection paper
License: MIT License
Greetings!
Thank you for sharing the codes and it is really a solid work! But I got several questions about the parameters of adversarial attack.
epsilon=1/255, stepsize=0.05, iteration=40
. However, the epsilon is smaller than stepsize (1/255โ0.0039<0.05). Is there a mistake?epsilon linearly spaced in the interval [1/255, 21/255]
means. As put in Section D.4 in supplementary file, the epsilon of PGD attack is set as 1/255.epsilon=1/255
guarantee a 100% success of adversarial attack?Thanks!
How I would set the params for FGSM:
python generate_samples.py -m cifar10 --aa FGSM --gpu 0
and then for layers.py
(detection) user@cerberus16:~/adversarial-detection/expts$ python layers.py --model-type cifar10 --dm proposed -b 32 -o "layers_test"
Files already downloaded and verified
Files already downloaded and verified
Calculating layer embeddings for the train data:
Number of labeled samples per class:
class 0, count = 5000, proportion = 0.1000
class 1, count = 5000, proportion = 0.1000
class 2, count = 5000, proportion = 0.1000
class 3, count = 5000, proportion = 0.1000
class 4, count = 5000, proportion = 0.1000
class 5, count = 5000, proportion = 0.1000
class 6, count = 5000, proportion = 0.1000
class 7, count = 5000, proportion = 0.1000
class 8, count = 5000, proportion = 0.1000
class 9, count = 5000, proportion = 0.1000
Number of predicted samples per class:
class 0, count = 5000, proportion = 0.1000
class 1, count = 5000, proportion = 0.1000
class 2, count = 5000, proportion = 0.1000
class 3, count = 5000, proportion = 0.1000
class 4, count = 5000, proportion = 0.1000
class 5, count = 5000, proportion = 0.1000
class 6, count = 5000, proportion = 0.1000
class 7, count = 5000, proportion = 0.1000
class 8, count = 5000, proportion = 0.1000
class 9, count = 5000, proportion = 0.1000
Calculating layer embeddings for the test data:
Number of labeled samples per class:
class 0, count = 1000, proportion = 0.1000
class 1, count = 1000, proportion = 0.1000
class 2, count = 1000, proportion = 0.1000
class 3, count = 1000, proportion = 0.1000
class 4, count = 1000, proportion = 0.1000
class 5, count = 1000, proportion = 0.1000
class 6, count = 1000, proportion = 0.1000
class 7, count = 1000, proportion = 0.1000
class 8, count = 1000, proportion = 0.1000
class 9, count = 1000, proportion = 0.1000
Number of predicted samples per class:
class 0, count = 1000, proportion = 0.1000
class 1, count = 1002, proportion = 0.1002
class 2, count = 1003, proportion = 0.1003
class 3, count = 989, proportion = 0.0989
class 4, count = 1016, proportion = 0.1016
class 5, count = 994, proportion = 0.0994
class 6, count = 1007, proportion = 0.1007
class 7, count = 980, proportion = 0.0980
class 8, count = 1014, proportion = 0.1014
class 9, count = 995, proportion = 0.0995
Test set accuracy = 0.9545
Number of layers = 8
Layer: 1
Original dimension = 3072. Train data size = 50000. Sub-sample size used for dimension reduction = 10000
Intrinsic dimensionality: 24
Searching for the best number of neighbors (k) and projected dimension.
INFO:helpers.knn_classifier:Using NPP for dimension reduction.
INFO:helpers.dimension_reduction_methods:Applying PCA as first-level dimension reduction step
INFO:helpers.dimension_reduction_methods:Number of nonzero singular values in the data matrix = 3072
INFO:helpers.dimension_reduction_methods:Number of principal components accounting for 99.5 percent of the data variance = 847
INFO:helpers.dimension_reduction_methods:Dimension of the PCA transformed data = 847
INFO:helpers.dimension_reduction_methods:Dimension of the projected subspace = 240
INFO:helpers.dimension_reduction_methods:Solving the generalized eigenvalue problem to find the optimal projection matrix.
INFO:helpers.knn_classifier:Performing cross-validation to search for the best combination of number of neighbors and projected data dimension:
Traceback (most recent call last):
File "layers.py", line 308, in <module>
main()
File "layers.py", line 291, in main
search_dimension_and_neighbors(embeddings, labels, indices_sample, model_file, output_file, n_jobs)
File "layers.py", line 105, in search_dimension_and_neighbors
n_jobs=n_jobs
File "adversarial-detection/expts/helpers/knn_classifier.py", line 151, in knn_parameter_search
labels_test_pred = knn_model.predict_multiple_k(data_proj[ind_te, :], k_range)
File "adversarial-detection/expts/helpers/knn_classifier.py", line 414, in predict_multiple_k
nn_indices, nn_distances = self.index_knn.query(X, k=k_list[-1])
File "adversarial-detection/expts/helpers/knn_index.py", line 235, in query
return self._query(data, self.index_knn[0], k)
File "adversarial-detection/expts/helpers/knn_index.py", line 252, in _query
nn_indices, nn_distances = index.query(data, k=k)
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/pynndescent/pynndescent_.py", line 886, in query
self._init_search_graph()
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/pynndescent/pynndescent_.py", line 842, in _init_search_graph
self._search_graph.transpose()
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/scipy/sparse/lil.py", line 437, in transpose
return self.tocsr(copy=copy).transpose(axes=axes, copy=False).tolil(copy=False)
File "/home/user/.conda/envs/detection/lib/python3.7/site-packages/scipy/sparse/lil.py", line 462, in tocsr
_csparsetools.lil_get_lengths(self.rows, indptr[1:])
File "_csparsetools.pyx", line 109, in scipy.sparse._csparsetools.lil_get_lengths
ValueError: Buffer has wrong number of dimensions (expected 1, got 2)
Hi, thanks for the sharing codes and it's a solid work. But I have some questions about Adaptive Attacks.
(1) What's your adaptive attacks based on? CW, PGD or FGSM?
(2) I'm more interested in the codes how you can generate adaptive attacks mentioned in your paper. If convenient, could you include the more detailed command line to generate adaptive attacks?
Thanks for your help!
This script generates noisy data?
https://github.com/jayaram-r/adversarial-detection/blob/master/expts/generate_noisy_data.py
Why is this done?
For which defenses is that useful?
Why aren't any activation functions in your ResNet34?
Yours... no ReLU
ResNet(
(conv1): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(layer1): Sequential(
(0): BasicBlock(
(conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(shortcut): Sequential()
)
(1): BasicBlock(
(conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(shortcut): Sequential()
)
Original: with ReLU
ResNet(
(conv1): Sequential(
(0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(2): ReLU(inplace=True)
)
(conv2_x): Sequential(
(0): BasicBlock(
(residual_function): Sequential(
(0): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
(2): ReLU(inplace=True)
(3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
(4): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
)
(shortcut): Sequential()
)
Hi
When I am trying to run your code detection_main.py, it loads the data_ty.npy file. But I can not find this file or some code to generate this file. I appreciate it if any help is provided
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.