Skip to content
Rob-GAN: Generator, Discriminator and Adversarial Attacker
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.img modify readme Aug 7, 2018
dis_models change formatting, compatibility Aug 3, 2018
gen_models change formatting, compatibility Aug 3, 2018
layers migrate to Pytorch>=0.4 Aug 1, 2018
miscs
.gitignore
LICENSE Initial commit Jul 26, 2018
README.md
acc_under_attack.py change formatting, compatibility Aug 3, 2018
acc_under_attack.sh
eval_accuracy.sh initial commit Jul 26, 2018
eval_inception.py change formatting, compatibility Aug 3, 2018
eval_inception.sh change formatting, compatibility Aug 3, 2018
finetune.py change formatting, compatibility Aug 3, 2018
finetune.sh add bn Jul 26, 2018
train.py modify readme Aug 7, 2018
train.sh remove irrelevant files Aug 6, 2018

README.md

Rob-GAN

Rob-GAN: Generator, Discriminator and Adversarial Attacker

2-step

Requirements

Below is my running environment:

  • Python==3.6 + PyTorch>=0.4.0

File structure

  • train.[py, sh]: GAN training (Step 1)
  • fintune.[py, sh]: Fine-tuning (Step 2)
  • eval_inception.[py, sh]: Evaluate the inception score
  • acc_under_attack.[py, sh]: Evaluate the accuracy under PGD attack
  • /dis_models: discriminators
  • /gen_models: generators
  • /layers: customized layers
  • /miscs: loss function, pgd-attack, etc.

Step 0. Data Preparation

Follow the SNGAN-projection steps to download and pre-process data.

Hereafter, I assume the 1000-class ImageNet data is stored in /data1/sngan_data, 143-class ImageNet data is stored in /data1/sngan_dog_cat and /data1/sngan_dog_cat_val (for validation).

Step 1. Co-training the generator and discriminator

To run 143-ImageNet(64px) + AdvGAN, one can issue the following command (this can be done by modifying train.sh):

mkdir ./ckpt.adv-5.64px-143ImageNet
CUDA_VISIBLE_DEVICES=1,2,3,4,5 python ./train.py \
    --model resnet_64 \
    --nz 128 \
    --ngf 64 \
    --ndf 64 \
    --nclass 143 \
    --batch_size 64 \
    --start_width 4 \
    --dataset dog_and_cat_64 \
    --root /data1/sngan_dog_cat \
    --img_width 64 \
    --iter_d 5 \
    --out_f ckpt.adv-5.64px-143ImageNet \
    --ngpu 5 \   # use as many GPUs as you can!
    --starting_epoch 0 \
    --max_epoch 200 \
    --lr 0.0002 \ 
    --adv_steps 5 \ # PGD-attack iterations
    --epsilon 0.03125 \ # PGD-attack strength
    --our_loss # add this flag for our NEW loss

Key arguments: --model, --nclass, --dataset, --img_width, --epsilon. We keep other arguments unchanged through all experiments in our paper.

Step 2. Fine-tuning

Similarly, we can do fine-tuning by running ./finetune.sh

mkdir ckpt.adv-5.64px-143ImageNet.finetune # storing the output models
last_epoch=100 # you might change this
CUDA_VISIBLE_DEVICES=2,3,4,5 python finetune.py \
    --model resnet_64 \
    --netD ./ckpt.adv-5.64px-143ImageNet/dis_epoch_${last_epoch}.pth \
    --netG ./ckpt.adv-5.64px-143ImageNet/gen_epoch_${last_epoch}.pth \
    --ndf 64 \
    --ngf 64 \
    --nclass 143 \
    --dataset dog_and_cat_64 \
    --batch_size 128 \
    --root /data1/sngan_dog_cat \
    --img_width 64 \
    --steps 5 \
    --epsilon 0.03125 \
    --lam 0.3 \ # find a suitable weight for fake images, typically 0.3~0.8
    --lr 1.0e-3 \
    --ngpu 4 \ # use as many GPUs as you can!
    --out_f ckpt.adv-5.64px-143ImageNet.finetune \
    > >(tee log_finetune.txt) 2>error.txt

Key arguments: $last_epoch, --model, --nclass, --dataset, --img_width, --epsilon, --lam. We keep other arguments unchanged through all experiments in our paper.

Step 3. Accuracy under attack

TODO

Optional (TODO)

Evaluating inception scores, accuracy under attack, etc.

Cite

Please consider to cite this paper if you find it helpful in your research:

@inproceedings{liu2019robgan,
    title={Rob-GAN: Generator, Discriminator and Adversarial Attacker},
    author={Liu, Xuanqing and Hsieh, Cho-Jui},
    booktitle={Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition},
    year={2019}
}

Acknowledgement

We would like to thank develpers of SN-GAN for providing the source code.

You can’t perform that action at this time.