Demo code for "MagNet: a Two-Pronged Defense against Adversarial Examples", by Dongyu Meng and Hao Chen, at CCS 2017.
The code demos black-box defense against Carlini's L2 attack of various confidences.
Other techniques proposed in the paper are also included in
worker.py, but are not shown in the demo defense.
Attack implementations are not provided in this repository.
Run the demo code:
- Make sure you have Keras, Tensorflow, numpy, scipy, and matplotlib installed.
- Clone the repository.
- We provide demo attack data and classifier on Dropbox and 百度网盘 (密码: yzt4). Please download and put the unzipped files in
MagNet/. You may also use your own data for test.
- Train autoencoders with
- Test the defense with
python3 test_defense.py .
- Defense performance is plotted in