Useful links: Paper, Website, Slides, Video
Python = 3.6.5
TensorFlow = 1.8.0 (For GCGRNN and DCRNN)
PyTorch = 1.8.0 (For ResNet50)
AdverTorch
The data was downloaded from CalTrans by following the procedure given here for obtaining and preprocessing (including train, test split). The dates for data collected range from Jan 1, 2018 to Jun 30, 2019.
The code given here assumes you have pretrained models for GCGRNN and DCRNN. To learn more about how to train them, please refer:
- GCGRNN code: https://github.com/leilin-research/GCGRNN
- DCRNN code: https://github.com/liyaguang/DCRNN
Essentially, for each type of model all other code is contained in 7 Jupyter Notebooks:
- Part_0_(Model_Name)_preds_on_training : See model performance on training data
- Part_1_Run_Pretrained_(Model_Name)_in_test.ipynb : Obtain trained model performance and also the output on the test data
- Part_2_Train_new_CNN_(Model_Name).ipynb: Train ResNet50 model on the (test input, predictions) pairs to mimic the target model
- Part_3_Generate_Adversarial_for_new_CNN.ipynb : Generate adversarial examples for a trained ResNet50 model
- Part_4_Error_Results_FGSM.ipynb : See model performance in Adversarial Signals from FGSM
- Part_5_Error_Results_BIM.ipynb : See model performance in Adversarial Signals from BIM
- Part_6_common_viz.ipynb: Generate images/ visualizations presented in the paper
- ResNet_adaptation: CNN model definition
- best_model: The best model checkpoint and config (YAML) file obtained after training DCRNN, GCGRNN
- model: Minimum files necessary to run and make a prediction on DCRNN and GCGRNN
Adversarial examples from FGSM and BIM change the predictions of a trained GCGRNN.
@InProceedings{Poudel2021Attack,
author = {Bibek Poudel and Weizi Li},
title = {Black-box Adversarial Attacks on Network-wide Multi-step Traffic State Prediction Models},
booktitle = {IEEE International Conference on Intelligent Transportation Systems},
year = {2021},
}