Demo code for "MagNet: a Two-Pronged Defense against Adversarial Examples", by Dongyu Meng and Hao Chen, at CCS 2017.
The code demos black-box defense against Carlini's L2 attack of various confidences.
Other techniques proposed in the paper are also included in defensive_models.py and worker.py, but are not shown in the demo defense.
Attack implementations are not provided in this repository.
- Make sure you have Keras, Tensorflow, numpy, scipy, and matplotlib installed.
- Clone the repository.
- We provide demo attack data and classifier on Dropbox and 百度网盘 (密码: yzt4). Please download and put the unzipped files in
MagNet/. You may also use your own data for test. - Train autoencoders with
python3 train_defense.py. - Test the defense with
python3 test_defense.py . - Defense performance is plotted in
graph/defense_performance.pdf.