Skip to content
Deflecting Adversarial Attacks with Pixel Deflection
Branch: master
Clone or download
Latest commit 0997669 Jun 21, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
images initial commit Jan 29, 2018
maps initial commit Jan 29, 2018
originals add the originals and the demo notebook Feb 1, 2018
README.md Update README.md Jun 21, 2018
demo.ipynb First paragraph edits Feb 1, 2018
imagenet_labels.json
main.py formatting changes Feb 1, 2018
methods.py formatting changes Feb 1, 2018
utils.py add the originals and the demo notebook Feb 1, 2018

README.md

Deflecting Adversarial Attacks with Pixel Deflection

deflecting pixels

Code for paper: https://arxiv.org/abs/1801.08926

Blog with demo: https://iamaaditya.github.io/2018/02/demo-for-pixel-deflection/

Requirements:

  1. Keras 2.0+ (only used for classification - Pixel Deflection itself is deep learning platform independent)

  2. Scipy 1.0+

(Older version of scipy wavelet transform does not have BayesShrink)

Example

» python main.py                                                                                                  02:24:51 on 2018-02-01
Image: images/n02447366_00008562.png, True Class: 'badger'
Before Defense :
Predicted Class  skunk:0.59 , badger:0.15 , polecat:0.07 , wood_rabbit:0.02 , weasel:0.01
After Defense :
Predicted Class  badger:0.90 , skunk:0.08 , polecat:0.01 , weasel:0.00 , mink:0.00

» python main.py -process_batch -directory ./images

After recovery Top 1 accuracy is 66.67 and Top 5 accuracy is 100.0


Usage

Single image

» python main.py -image <image_path> -map <map_path>

Batch usage

» python main.py -process_batch -directory <directory_containing_images>

In batch usage the map file is expected to have same name as image file but inside './maps' directory To generate map see this https://github.com/iamaaditya/image-compression-cnn/blob/master/generate_map.py

Without map

To use without a map, pass in '-disable_map' argument, e.g:

» python main.py -disable_map                                                                                     02:26:02 on 2018-02-01
Image: images/n02447366_00008562.png, True Class: 'badger'
Before Defense :
Predicted Class  skunk:0.59 , badger:0.15 , polecat:0.07 , wood_rabbit:0.02 , weasel:0.01
After Defense :
Predicted Class  badger:0.88 , skunk:0.11 , polecat:0.01 , weasel:0.00 , mink:0.00

Detailed usage

» python main.py --help
  -h, --help            show this help message and exit
  -image
  -map 
  -directory
  -process_batch
  -disable_map
  -classifier 
    options: resnet50, inception_v3, vgg19, xception
  -denoiser 
    options: wavelet, TVM, bilateral, deconv, NLM
  -batch_size 
  -sigma 
  -window 
  -deflections 

Impact of Pixel Deflection & localization of attacks

For any issues please contact aprakash@brandeis.edu

You can’t perform that action at this time.