Skip to content
Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Models_PCL Add files via upload Apr 2, 2019
Models_Softmax Add files via upload Apr 2, 2019
Block_Diag.png Add files via upload Apr 2, 2019
Mapping_Function.png
README.md Update README.md Jun 16, 2019
contrastive_proximity.py
pcl_training.py Update pcl_training.py Jun 18, 2019
pcl_training_adversarial_fgsm.py Update pcl_training_adversarial_fgsm.py Jun 18, 2019
pcl_training_adversarial_pgd.py Update pcl_training_adversarial_pgd.py Jun 18, 2019
proximity.py Add files via upload Apr 2, 2019
resnet_model.py Add files via upload Apr 2, 2019
robust_ml.py Add files via upload Apr 9, 2019
robust_model.pth.tar Add files via upload Apr 9, 2019
robustness.py Update robustness.py Apr 8, 2019
softmax_training.py
utils.py Add files via upload Apr 2, 2019

README.md

Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks

Figure 1

This repository is an PyTorch implementation of the paper Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks

To counter adversarial attacks, we propose Prototype Conformity Loss to class-wise disentangle intermediate features of a deep network. From the figure, it can be observed that the main reason for the existence of such adversarial samples is the close proximity of learnt features in the latent feature space.

We provide scripts for reproducing the results from our paper.

Clone the repository

Clone this repository into any place you want.

git clone https://github.com/aamir-mustafa/pcl-adversarial-defense
cd pcl-adversarial-defense

Softmax (Cross-Entropy) Training

To expedite the process of forming clusters for our proposed loss, we initially train the model using cross-entropy loss.

softmax_training.py -- ( For initial softmax training).

  • The trained checkpoints will be saved in Models_Softmax folder.

Prototype Conformity Loss

The deep features for the prototype conformity loss are extracted from different intermediate layers using auxiliary branches, which map the features to a lower dimensional output as shown in the following figure.

pcl_training.py -- ( Joint supervision with cross-entropy and our loss).

  • The trained checkpoints will be saved in Models_PCL folder.

Adversarial Training

pcl_training_adversarial_fgsm.py -- ( Adversarial Training using FGSM Attack).

pcl_training_adversarial_pgd.py -- ( Adversarial Training using PGD Attack).

Testing Model's Robustness against White-Box Attacks

robustness.py -- (Evaluate trained model's robustness against various types of attacks).

Comparison of Softmax Trained Model and Our Model

Retained classification accuracy of the model's under various types of adversarial attacks:

Training Scheme No Attack FGSM BIM MIM PGD
Softmax 92.15 21.48 0.01 0.02 0.00
Ours 89.55 55.76 39.75 36.44 31.10

Citation

@article{mustafa2019adversarial,
  title={Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks},
  author={Mustafa, Aamir and Khan, Salman and Hayat, Munawar and Goecke, Roland and Shen, Jianging and Shao, Ling},
  journal={arXiv preprint arXiv:1904.00887},
  year={2019}
}
You can’t perform that action at this time.