pip install -r requirements.txt
The FreeLB++ model is trained with TextDefender tool.
python main.py --mode train --dataset_name agnews --max_seq_len 128 --epochs 10 --batch_size 64 --training_type freelb --adv-steps 30
The RSMI model is trained with RSMI tool.
python main_rsmi.py --model_dir_path ./cls_task/checkpoint/1/ \
--dataset ag --batch_size 24 --epochs 10 --save_model rsmi_bert_ag \
--lr 1e-5 --num_classes 4 --alpha_p 0.98 \
--model bert --nth_layers 3 --noise_eps 0.2 --max_seq_length 128 \
--seed 1000 --exp_dir ./experiments/ag/bert/1/ \
--multi_mask 2 --custom_forward --save
After the training is done, move the checkpoint under ./checkpoints
The diffusion training uses train_diffusion.py
file and loads the pre-trained checkpoint from adversarial training. It uses a config file to train the diffusion layer.
python train_diffusion.py -c configs/diffuse_train_freelb_agnews.yaml
You will need to update the cls_path
to the corresponding checkpoint from the output of adversarial training.
The adversarial attack is performed with textattack using attack.py
. It samples 1000 examples from the test set and perform the adversarial attack. For example
python attack.py -d ./experiments/agnews/diffuse_freelb/ensemble_seed1 -am textfooler -mr 0.3 -ds 5
The evaluation is performed on all examples in the test set WITHOUT adversarial attack, it reports the clean text accuracy. Note that the eval_batch_size
needs to be set to 1 in the config file, otherwise the eval script might fail and report incorrect results.
python eval.py -c configs/diffuse_train_freelb_agnews.yaml -d ./experiments/agnews/diffuse_freelb/ensemble_seed1
@misc{li2024diffusedefimprovedrobustnessadversarial,
title={DiffuseDef: Improved Robustness to Adversarial Attacks},
author={Zhenhao Li and Marek Rei and Lucia Specia},
year={2024},
eprint={2407.00248},
archivePrefix={arXiv},
primaryClass={cs.CL},
url={https://arxiv.org/abs/2407.00248},
}