Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks
This is the code for reproducing the results of the paper Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks accepted at AAAI 2022.
Requirements
All Python packages required are listed in requirements.txt. To install these packages, run the following commands.
conda create -n preempt-robust python=3.7
conda activate preempt-robust
pip install -r requirements.txt
Preparing CIFAR-10 data
Download the CIFAR-10 dataset from https://www.cs.toronto.edu/~kriz/cifar.html and place it a directory ./data.
Pretrained models
We provide pre-trained checkpoints for adversarially trained model and preemptively robust model.
adv_l2: ℓ2 adversarially trained model with early stoppingadv_linf: ℓ∞ adversarially trained model with early stoppingpreempt_robust_l2: ℓ2 preemptively robust modelpreempt_robust_linf: ℓ∞ preemptively robust model
We also provide a pre-trained checkpoint for a model with randomized smoothing.
gaussian_0.1: model trained with additive Gaussian noises (σ = 0.1)
Shell scripts for downloading these checkpoint are located in ./checkpoints/cifar10/wideresent/[train_type]/download.sh. You can run each script to download a checkpoint named ckpt.pt. To download all the checkpoints, run download_all_ckpts.sh. You can delete all the checkpoints by running delete_all_ckpts.sh.
Preemptively robust training
To train preemptively robust classifiers, run the following commands.
1. ℓ2 threat model, ε = δ = 0.5
python train.py --config ./configs/cifar10_l2_model.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python train.py --config ./configs/cifar10_linf_model.yaml
Preemptive robustification and reconstruction algorithms
To generate preepmtive roobust images and their reconstruction, run the following commands. You can specify the classifier used for generating preemptively robust images by changing train_type in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python robustify.py --config ./configs/cifar10_l2.yaml
python reconstruct.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python robustify.py --config ./configs/cifar10_linf.yaml
python reconstruct.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python robustify.py --config ./configs/cifar10_l2_rand.yaml
python reconstruct.py --config ./configs/cifar10_l2_rand.yaml
Grey-box attacks on preemptively robustified images
To conduct grey-box attacks on preemptively robustified images, run the following commands. You can specify attack type by changing attack_type_eval in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python attack_grey_box.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python attack_grey_box.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python attack_grey_box.py --config ./configs/cifar10_l2_rand.yaml
White-box attacks on preemptively robustified images
To conduct white-box attacks on preemptively robustified images, run the following commands. You can specify attack type and its perturbation size by changing attack_type_eval and wbox_epsilon_p in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python attack_white_box.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python attack_white_box.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python attack_white_box.py --config ./configs/cifar10_l2_rand.yaml
80 Dec 16, 2022
50 Dec 20, 2022
47 Nov 22, 2022
25 Dec 2, 2022
113 Dec 21, 2022
31 Sep 27, 2022
34 Oct 26, 2022
141 Dec 30, 2022
50 Dec 17, 2022
116 Jan 01, 2023
43 Dec 20, 2022
54 Nov 21, 2022
21 Nov 22, 2022
69 Dec 12, 2022
24 Dec 28, 2022
74 Nov 22, 2022
67 Nov 14, 2022
77 Dec 08, 2022
3 Nov 30, 2021
0 Jan 05, 2022
94 Dec 03, 2022
80 Jan 03, 2023
25 Dec 16, 2022
1 Dec 29, 2021
106 Nov 06, 2022
11 Oct 15, 2022
103 Dec 31, 2022
2 Oct 28, 2021
38 Jan 02, 2023