Skip to content

ysharma1126/nips2017_adversarial_competition

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
dataset
 
 
ensemble_defense
 
 
iter_target
 
 
pgd
 
 
LICENSE
 
 
README.md
 
 
commands.txt
 
 
download_data.sh
 
 
extract_targets.py
 
 
run_attacks_and_defenses.py
 
 
run_attacks_and_defenses.sh
 
 
NIPS 2017 Competition on Adversarial Attacks and Defenses Non-Targeted Attack Targeted Attack Defense Experiment

README.md

NIPS 2017 Competition on Adversarial Attacks and Defenses

Submissions to the non-targeted attack, targeted attack, and defense tracks for the NIPS Competition

Non-Targeted Attack

Directory: pgd/

Implemented a weighted ensembled version of the PGD attack introduced by Madry et al.

Weighted Ensemble: (0.35,Inception v3), (0.25,Ensemble Adversarially trained Inception ResNet v2), (0.2,Adversarially trained Inception v3), (0.1,Inception ResNet v2), (0.1,ResNet V2-152)

Final Placement: 14/91

Targeted Attack

Directory: iter_target/

Implemented a ensembled version of the iterative target class attack introduced by Kurakin et al.

Ensemble: Inception v3, Ensemble Adversarially trained Inception ResNet v2, Adversarially trained Inception v3

Instead of ensembling by each iteration averaging the losses (like what was done for non-targeted), generated adversarial examples individually on each model and averaged the resulting solutions.

Final Placement: 6/65

Defense

Directory: ensemble_defense/

Performed JPEG-Compression with quality=25 on the adversarial images, fed images to the following weighted ensemble. The mode of the predictions was taken.

Weighted Ensemble: (0.3,Inception ResNet v2), (0.3,Ensemble Adversarially trained Inception ResNet v2), (0.25,ResNet V2-152), (0.15,Adversarially trained Inception v3)

JPEG-Compression quality chosen in order to trade-off reducing the power of strong adversarial examples, while not harming the predictions on clean/weak images.

Final Placement: 11/107

Experiment

Download DEV dataset

python dataset/download_images.py --input_file=dataset/dev_dataset.csv --output_dir=dataset/images/

Download model_checkpoints needed for the non-targeted attack, targeted attack, and defense by navigating to the model_ckpts folder in each directory, and executing 'download_all.sh'

Generate adversarial images, and evaluate results on a set of undefended models with simple image processing defenses available by executing the commands provided in 'commands.txt'. Docker required, Nvidia-docker if GPUs would like to be used.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages