This repository contains code for reproducing our NeurIPS 2020 paper "DVERGE: Diversifying Vulnerabilities for Enhanced Robust Generation of Ensembles".
Create the conda environment called
dverge containing all the dependencies by running
conda env create -f environment.yml
We were using PyTorch 1.4.0 for all the experiments. You may want to install other versions of PyTorch according to the cuda version of your computer/server. The code is run and tested on a single TITAN Xp GPU. Running on multiple GPUs with parallelism may need adjustments.
Data and pre-trained models
The pre-trained models and generated black-box transfer adversarial examples can be accessed via this link. Specifically, the pre-trained models are stored in the folder named
checkpoints. Download and put
checkpoints under this repo.
The black-box transfer adversarial examples (refer to the paper for more details) are stored in
transfer_adv_examples.zip. Make a folder named
data under this repo. Download the zip file, unzip it, and put the extracted folder
data/. Then one can evaluate the black-box transfer robustness of ensembles.
Examples of training and evaluation scripts can be found in
Note that for now we extract models' intermediate features in a very naive way which may only support the ResNet20 architecture. One can implement a more robust feature extraction with the help of
forward hook of Pytorch.
Also, you may observe a high variation in results when training DVERGE, which we suspect is due to the random layer sampling for distillation. Please refer to Appendix C.5 of the paper for a discussion on the layer effects.