Code for our paper "On the Adversarial Robustness of Visual Transformers"
Paper link: https://arxiv.org/abs/2103.15670
Install dependencies:
pip install -r requirements.txtTo test adversarial robustness under white-box attack
python white_box_test.py --data_dir $DATA_DIR --mode foolbox --model vit_small_patch16_224
- The
--modeflag decides the evaluation approach:--mode foolboxapplies a single attack (default: LinfPGD) for evalution.--mode autoapplies AutoAttack for evaluation.--mode foolbox-filterapplies the frequency-based attack for evaluation.--mode evaluateevaluates the clean accuracy.--mode countcounts the number of parameters.
To test the transferability of adversarial examples generated by different models
python black_box_test.py --data_dir $DATA_DIR
Go to the training code:
cd trainingInstall dependencies:
pip install -r requirements.txtRun:
python train.py --dir {OUTPUT_DIR} --model vit_base_patch16_224_in21k --method {pgd|trades}You may set `--accum-steps {N}' for gradient accumulation in case that GPU memory is not enough.
