GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ermongroup → generative_adversary

ermongroup / generative_adversary

Licence: GPL-3.0 license
Code for the unrestricted adversarial examples paper (NeurIPS 2018)

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects

Labels

adversarial-examplesadversarial-attacksneurips2018

Projects that are alternatives of or similar to generative adversary

procedural-advml
Task-agnostic universal black-box attacks on computer vision neural network via procedural noise (CCS'19)
Stars: ✭ 47 (-18.97%)
Mutual labels:  adversarial-examples, adversarial-attacks
Foolbox
A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
Stars: ✭ 2,108 (+3534.48%)
Mutual labels:  adversarial-examples, adversarial-attacks
Adversarial Robustness Toolbox
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
Stars: ✭ 2,638 (+4448.28%)
Mutual labels:  adversarial-examples, adversarial-attacks
Adversarial-Examples-Paper
Paper list of Adversarial Examples
Stars: ✭ 20 (-65.52%)
Mutual labels:  adversarial-examples, adversarial-attacks
ijcnn19attacks
Adversarial Attacks on Deep Neural Networks for Time Series Classification
Stars: ✭ 57 (-1.72%)
Mutual labels:  adversarial-examples, adversarial-attacks
adversarial-attacks
Code for our CVPR 2018 paper, "On the Robustness of Semantic Segmentation Models to Adversarial Attacks"
Stars: ✭ 90 (+55.17%)
Mutual labels:  adversarial-examples
avc nips 2018
Code to reproduce the attacks and defenses for the entries "JeromeR" in the NIPS 2018 Adversarial Vision Challenge
Stars: ✭ 18 (-68.97%)
Mutual labels:  adversarial-examples
adv-dnn-ens-malware
adversarial examples, adversarial malware examples, adversarial malware detection, adversarial deep ensemble, Android malware variants
Stars: ✭ 33 (-43.1%)
Mutual labels:  adversarial-examples
RobustTrees
[ICML 2019, 20 min long talk] Robust Decision Trees Against Adversarial Examples
Stars: ✭ 62 (+6.9%)
Mutual labels:  adversarial-examples
Pro-GNN
Implementation of the KDD 2020 paper "Graph Structure Learning for Robust Graph Neural Networks"
Stars: ✭ 202 (+248.28%)
Mutual labels:  adversarial-attacks
pre-training
Pre-Training Buys Better Robustness and Uncertainty Estimates (ICML 2019)
Stars: ✭ 90 (+55.17%)
Mutual labels:  adversarial-examples
adversarial-vision-challenge
NIPS Adversarial Vision Challenge
Stars: ✭ 39 (-32.76%)
Mutual labels:  adversarial-examples
robust-local-lipschitz
A Closer Look at Accuracy vs. Robustness
Stars: ✭ 75 (+29.31%)
Mutual labels:  adversarial-examples
grb
Graph Robustness Benchmark: A scalable, unified, modular, and reproducible benchmark for evaluating the adversarial robustness of Graph Machine Learning.
Stars: ✭ 70 (+20.69%)
Mutual labels:  adversarial-attacks
awesome-machine-learning-reliability
A curated list of awesome resources regarding machine learning reliability.
Stars: ✭ 31 (-46.55%)
Mutual labels:  adversarial-examples
FGSM-Keras
Implemention of Fast Gradient Sign Method for generating adversarial examples in Keras
Stars: ✭ 43 (-25.86%)
Mutual labels:  adversarial-examples
tulip
Scaleable input gradient regularization
Stars: ✭ 19 (-67.24%)
Mutual labels:  adversarial-examples
adaptive-segmentation-mask-attack
Pre-trained model, code, and materials from the paper "Impact of Adversarial Examples on Deep Learning Models for Biomedical Image Segmentation" (MICCAI 2019).
Stars: ✭ 50 (-13.79%)
Mutual labels:  adversarial-examples
SimP-GCN
Implementation of the WSDM 2021 paper "Node Similarity Preserving Graph Convolutional Networks"
Stars: ✭ 43 (-25.86%)
Mutual labels:  adversarial-attacks
MCS2018 Solution
No description or website provided.
Stars: ✭ 16 (-72.41%)
Mutual labels:  adversarial-attacks
View All Similar Projects ➔

Constructing Unrestricted Adversarial Examples with Generative Models

This repo contains necessary code for reproducing main results in the paper Constructing Unrestricted Adversarial Examples with Generative Models, NIPS 2018, Montréal, Canada.

by Yang Song, Rui Shu, Nate Kushman and Stefano Ermon, Stanford AI Lab.

We propose Unrestricted Adversarial Examples, a new kind of adversarial examples to machine learning systems. Different from traditional adversarial examples that are crafted by adding norm-bounded perturbations to clean images, unrestricted adversarial examples are realistic images that are synthesized entirely from scratch, and not restricted to small norm-balls. This new attack demonstrates the danger of a stronger threat model, where traditional defense methods for perturbation-based adversarial examples fail.

Datasets

Here are links to the datasets used in our experiments:

Running Experiments

Training AC-GANs

In order to do unrestricted adversarial attack, we first need a good conditional generative model so that we can search on the manifold of realistic images to find the adversarial ones. You can use train_acgan.py to do this. For example, the following command

CUDA_VISIBLE_DEVICES=0 python train_acgan.py --dataset mnist --checkpoint_dir checkpoints/

will train an AC-GAN on the MNIST dataset with GPU #0 and output the weight files to the checkpoints/ directory.

Run python train_acgan.py --help to see more available argument options.

Unrestricted Adversarial Attack

After the AC-GAN is trained, you can use main.py to do targeted / untargeted attack. You can also use main.py to evaluate the accuracy and PGD-robustness of a trained neural network classifier. For example, the following command

CUDA_VISIBLE_DEVICES=0 python main.py --mode targeted_attack --dataset mnist --classifier zico --source 0 --target 1

attacks the provable defense method from Kolter & Wong, 2018 on the MNIST dataset, with the source class being 0 and target class being 1.

Run python main.py --help to view more argument options. For hyperparameters such as --noise, --lambda1, --lambda2, --eps, --z_eps, --lr, and --n_iters (in that order), please refer to Table. 4 in the Appendix of our paper.

Evaluating Unrestricted Adversarial Examples

In the paper, we use Amazon Mechanical Turk to evaluate whether our unrestricted adversarial examples are legitimate or not. We have provided html files for the labelling interface in folder amt_websites.

Samples

Perturbation-based adversarial examples (top row) VS unrestricted adversarial examples (bottom-row):

compare

Targeted unrestricted adversarial examples against robust classifiers on MNIST (Green borders denote legitimate unrestricted adversarial examples while red borders denote illegimate ones. The tiny white text at the top-left corder of a red image denotes the label given by the annotators. )

mnist

We also have samples for SVHN dataset:

svhn

Finally here are the results for CelebA

celeba

Citation

If you find the idea or code useful for your research, please consider citing our paper:

@inproceedings{song2018constructing,
  author={Song, Yang and Shu, Rui and Kushman, Nate and Ermon, Stefano},
  booktitle = {Advances in Neural Information Processing Systems (NIPS)},
  title = {Constructing Unrestricted Adversarial Examples with Generative Models},
  year = {2018},
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].