Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

Adversarial Training and Visualization on MNIST

Results

Learning Curves

Epsilon in linf (l2) training is 0.3 (1.5).

Standard Training l_inf Training l_2 Training
Standard Accuracy
(train/test)
Robustness Accuracy
(train/test)
Standard Accuracy
(train/test)
Robustness Accuracy
(train/test)
Standard Accuracy
(train/test)
Robustness Accuracy
(train/test)
100.00/99.32 0.00/0.61 100.00/98.96 96.88/95.16 100.00/99.41 100.00/97.48

Note that in testing mode, the target label used in creating the adversarial example is the most confident prediction of the model, not the ground truth. Therefore, sometimes the testing robustness is higher than training robustness, when the prediction is wrong at first.

Visualization of Gradient with Respect to Input

visualization

The Adversarial Example with large epsilon

The maximum epsilon is set to 4 (l2 norm) in this part.

large

Requirements:

python >= 3.5
torch == 1.0
torchvision == 0.2.1
numpy >= 1.16.1
matplotlib >= 3.0.2

Execution

Training

Standard training:

python main.py --data_root [data directory]

linf training:

python main.py --data_root [data directory] -e 0.3 -p 'linf' --adv_train

l2 training:

python main.py --data_root [data directory] -e 1.5 -p 'l2' --adv_train

Testing

change the setting if you want to do linf testing.

python main.py --todo test --data_root [data directory] -e 0.314 -p 'l2' --load_checkpoint [your_model.pth]

Visualization

change the setting in visualize.py visualize_attack.py and if you want to do linf visualization.

visualize gradient to input:

python visualize.py --load_checkpoint [your_model.pth]

visualize adversarial examples with larger epsilon

python visualize_attack.py --load_checkpoint [your_model.pth]

Training Time

Standard training: 0.64 s / 100 iterations
Adversarial training: 16 s / 100 iterations

where the batch size is 64 and train on NVIDIA GeForce GTX 1080.