Consistency Regularization for Adversarial Robustness

Related tags

Deep Learningdata-augmentationadversarial-trainingconsistency-regularization
Overview

Consistency Regularization for Adversarial Robustness

Official PyTorch implementation of Consistency Regularization for Adversarial Robustness by Jihoon Tack, Sihyun Yu, Jongheon Jeong, Minseon Kim, Sung Ju Hwang, and Jinwoo Shin.

1. Dependencies

conda create -n con-adv python=3
conda activate con-adv

conda install pytorch torchvision cudatoolkit=11.0 -c pytorch 

pip install git+https://github.com/fra31/auto-attack
pip install advertorch tensorboardX

2. Training

2.1. Training option and description

The option for the training method is as follows:

  • <DATASET>: {cifar10,cifar100,tinyimagenet}
  • <AUGMENT>: {base,ccg}
  • <ADV_TRAIN OPTION>: {adv_train,adv_trades,adv_mart}

Current code are assuming l_infinity constraint adversarial training and PreAct-ResNet-18 as a base model.
To change the option, simply modify the following configurations:

  • WideResNet-34-10: --model wrn3410
  • l_2 constraint: --distance L2

2.2. Training code

Standard cross-entropy training

% Standard cross-entropy
python train.py --mode ce --augment base --dataset <DATASET>

Adversarial training

% Adversarial training
python train.py --mode <ADV_TRAIN OPTION> --augment <AUGMENT> --dataset <DATASET>

% Example: Standard AT under CIFAR-10
python train.py --mode adv_train --augment base --dataset cifar10

Consistency regularization

% Consistency regularization
python train.py --consistency --mode <ADV_TRAIN OPTION> --augment <AUGMENT> --dataset <DATASET>

% Example: Consistency regularization based on standard AT under CIFAR-10
python train.py --consistency --mode adv_train --augment ccg --dataset cifar10

3. Evaluation

3.1. Evaluation option and description

The description for treat model is as follows:

  • <DISTANCE>: {Linf,L2,L1}, the norm constraint type
  • <EPSILON>: the epsilon ball size
  • <ALPHA>: the step size of PGD optimization
  • <NUM_ITER>: iteration number of PGD optimization

3.2. Evaluation code

Evaluate clean accuracy

python eval.py --mode test_clean_acc --dataset <DATASET> --load_path <MODEL_PATH>

Evaluate clean & robust accuracy against PGD

python eval.py --mode test_adv_acc --distance <DISTANCE> --epsilon <EPSILON> --alpha <ALPHA> --n_iters <NUM_ITER> --dataset <DATASET> --load_path <MODEL_PATH>

Evaluate clean & robust accuracy against AutoAttack

python eval.py --mode test_auto_attack --epsilon <EPSILON> --distance <DISTANCE> --dataset <DATASET> --load_path <MODEL_PATH>

Evaluate mean corruption error (mCE)

python eval.py --mode test_mce --dataset <DATASET> --load_path <MODEL_PATH>

4. Results

White box attack

Clean accuracy and robust accuracy (%) against white-box attacks on PreAct-ResNet-18 trained on CIFAR-10.
We use l_infinity threat model with epsilon = 8/255.

Method Clean PGD-20 PGD-100 AutoAttack
Standard AT 84.48 46.09 45.89 40.74
+ Consistency (Ours) 84.65 54.86 54.67 47.83
TRADES 81.35 51.41 51.13 46.41
+ Consistency (Ours) 81.10 54.86 54.68 48.30
MART 81.35 49.60 49.41 41.89
+ Consistency (Ours) 81.10 55.31 55.16 47.02

Unseen adversaries

Robust accuracy (%) of PreAct-ResNet-18 trained with of l_infinity epsilon = 8/255 constraint against unseen attacks.
For unseen attacks, we use PGD-100 under different sized l_infinity epsilon balls, and other types of norm balls.

Method l_infinity, eps=16/255 l_2, eps=300/255 l_1, eps=4000/255
Standard AT 15.77 26.91 32.44
+ Consistency (Ours) 22.49 34.43 42.45
TRADES 23.87 28.31 28.64
+ Consistency (Ours) 27.18 37.11 46.73
MART 20.08 30.15 27.00
+ Consistency (Ours) 27.91 38.10 43.29

Mean corruption error

Mean corruption error (mCE) (%) of PreAct-ResNet-18 trained on CIFAR-10, and tested with CIFAR-10-C dataset

Method mCE
Standard AT 24.05
+ Consistency (Ours) 22.06
TRADES 26.17
+ Consistency (Ours) 24.05
MART 27.75
+ Consistency (Ours) 26.75

Reference

Owner
GitHub Repository https://arxiv.org/abs/2103.04623
The official codes of our CVPR2022 paper: A Differentiable Two-stage Alignment Scheme for Burst Image Reconstruction with Large Shift

TwoStageAlign The official codes of our CVPR2022 paper: A Differentiable Two-stage Alignment Scheme for Burst Image Reconstruction with Large Shift Pa

Shi Guo 32 Dec 15, 2022
Multi-robot collaborative exploration and mapping through Voronoi partition and DRL in unknown environment

Voronoi Multi_Robot Collaborate Exploration Introduction In the unknown environment, the cooperative exploration of multiple robots is completed by Vo

PeaceWord 6 Nov 22, 2022
Simple transformer model for CIFAR10

CIFAR-Transformer Simple transformer model for CIFAR10. Reference: https://www.tensorflow.org/text/tutorials/transformer https://github.com/huggingfac

9 Nov 07, 2022
Random Erasing Data Augmentation. Experiments on CIFAR10, CIFAR100 and Fashion-MNIST

Random Erasing Data Augmentation =============================================================== black white random This code has the source code for

Zhun Zhong 654 Dec 26, 2022
Avatarify Python - Avatars for Zoom, Skype and other video-conferencing apps.

Avatarify Python - Avatars for Zoom, Skype and other video-conferencing apps.

Ali Aliev 15.3k Jan 05, 2023
Repositório para arquivos sobre o Módulo 1 do curso Top Coders da Let's Code + Safra

850-Safra-DS-ModuloI Repositório para arquivos sobre o Módulo 1 do curso Top Coders da Let's Code + Safra Para aprender mais Git https://learngitbranc

Brian Nunes 7 Dec 10, 2022
The Python ensemble sampling toolkit for affine-invariant MCMC

emcee The Python ensemble sampling toolkit for affine-invariant MCMC emcee is a stable, well tested Python implementation of the affine-invariant ense

Dan Foreman-Mackey 1.3k Dec 31, 2022
Chainer Implementation of Semantic Segmentation using Adversarial Networks

Semantic Segmentation using Adversarial Networks Requirements Chainer (1.23.0) Differences Use of FCN-VGG16 instead of Dilated8 as Segmentor. Caution

Taiki Oyama 99 Jun 28, 2022
Machine Unlearning with SISA

Machine Unlearning with SISA Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, N

CleverHans Lab 70 Jan 01, 2023
mlpack: a scalable C++ machine learning library --

a fast, flexible machine learning library Home | Documentation | Doxygen | Community | Help | IRC Chat Download: current stable version (3.4.2) mlpack

mlpack 4.2k Jan 09, 2023
Airbus Ship Detection Challenge

Airbus Ship Detection Challenge This is an open solution to the Airbus Ship Detection Challenge. Our goals We are building entirely open solution to t

minerva.ml 55 Nov 29, 2022
Official codebase for running the small, filtered-data GLIDE model from GLIDE: Towards Photorealistic Image Generation and Editing with Text-Guided Diffusion Models.

GLIDE This is the official codebase for running the small, filtered-data GLIDE model from GLIDE: Towards Photorealistic Image Generation and Editing w

OpenAI 2.9k Jan 04, 2023
PyTorch Implementation of ECCV 2020 Spotlight TuiGAN: Learning Versatile Image-to-Image Translation with Two Unpaired Images

TuiGAN-PyTorch Official PyTorch Implementation of "TuiGAN: Learning Versatile Image-to-Image Translation with Two Unpaired Images" (ECCV 2020 Spotligh

181 Dec 09, 2022
Volsdf - Volume Rendering of Neural Implicit Surfaces

Volume Rendering of Neural Implicit Surfaces Project Page | Paper | Data This re

Lior Yariv 221 Jan 07, 2023
QuakeLabeler is a Python package to create and manage your seismic training data, processes, and visualization in a single place — so you can focus on building the next big thing.

QuakeLabeler Quake Labeler was born from the need for seismologists and developers who are not AI specialists to easily, quickly, and independently bu

Hao Mai 15 Nov 04, 2022
Apply AnimeGAN-v2 across frames of a video clip

title emoji colorFrom colorTo sdk app_file pinned AnimeGAN-v2 For Videos 🔥 blue red gradio app.py false AnimeGAN-v2 For Videos Apply AnimeGAN-v2 acro

Nathan Raw 36 Oct 18, 2022
This repo provides the base code for pytorch-lightning and weight and biases simultaneous integration.

Write your model faster with pytorch-lightning-wadb-code-backbone This repository provides the base code for pytorch-lightning and weight and biases s

9 Mar 29, 2022
Pytorch implementation for "Density-aware Chamfer Distance as a Comprehensive Metric for Point Cloud Completion" (NeurIPS 2021)

Density-aware Chamfer Distance This repository contains the official PyTorch implementation of our paper: Density-aware Chamfer Distance as a Comprehe

Tong WU 93 Dec 15, 2022
Official implementation of TMANet.

Temporal Memory Attention for Video Semantic Segmentation, arxiv Introduction We propose a Temporal Memory Attention Network (TMANet) to adaptively in

wanghao 94 Dec 02, 2022
Code and Datasets from the paper "Self-supervised contrastive learning for volcanic unrest detection from InSAR data"

Code and Datasets from the paper "Self-supervised contrastive learning for volcanic unrest detection from InSAR data" You can download the pretrained

Bountos Nikos 3 May 07, 2022