This repo provides an abstract template class to create your own attacks and defenses. It also includes implementations of popular adversarial attacks and defenses. So far, it accounts for first-order attack methods, as well as adversarial training [1] and HGD [2]. By default, the model employed to generate adversarial examples is WideResNet-28-10 [3]. An implementation of this model is retrieved from [4].
Download the code
git clone https://github.com/AlbertMillan/adversarial-training-pytorch.git
cd adversarial--package
Both attacks and defenses are performed using config files with .yaml extension. Modify the variables in the config files to customize your experiment.
To run an adversarial attack such as FGSM, execute the following command:
git main.py --config "config/FGSM.yaml" --gpus "0,1"
To run HGD, execute the following command:
git test_main.py --config "config/AT_HGD.yaml" --gpus "0,1"
Access to the implementation of Wide-ResNet or HGD is provided here.
To check how an HGD model is trained refer to this file
This repository is still work in progress and thus subject to contain undiscovered bugs. Please report encountered issues to the author.
[1] A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu. Towards deep learning models resistant to adversarial attacks. In: International Conference on Learning Representations, 2018
[2] F. Liao, M. Liang, Y. Dong, T. Pang, X. Hu, and J. Zhu. Defense against adversarial attacks using high-level repre-sentation guided denoiser. In: 2018 IEEE/CVF Conferenceon Computer Vision and Pattern Recognition, pages 1778–1787, 2018.
[3] S. Zagoruyko and N. Komodakis. Wide Residual Networks. In: Richard C. Wilson, Edwin R. Hancock and William A. P. Smith, editors, Proceedings of the British Machine Vision Conference (BMVC), pages 87.1-87.12. BMVA Press, September 2016.
[4] Wide-ResNet Pytorch implementation (https://github.com/xternalz/WideResNet-pytorch)