Implementation of "Adversarial purification with Score-based generative models", ICML 2021

Related tags

Text Data & NLP adp
Overview

Adversarial Purification with Score-based Generative Models

by Jongmin Yoon, Sung Ju Hwang, Juho Lee

This repository includes the official PyTorch implementation of our paper:

Adversarial Purification with Score-based Generative Models

Jongmin Yoon, Sung Ju Hwang, Juho Lee

the 38th International Conference for Machine Learning (ICML 2021)

ArXiv: https://arxiv.org/abs/2106.06041

What does our work do?

We propose a method that gives adversarial robustness to a neural network model against (stochastic) adversarial attacks by using an Energy-based Model (EBM) trained with Denoising Score Matching (DSM), which is called Adversarial denosing purification (ADP).

Running Codes

Dependency

Run the following command to install some necessary python packages to run our code.

pip install -r requirements.txt

Running code

To run the experiments with adp.py or adp_decision.py, enter the following command.

python main.py --config <config-file>

For example, we provide the example configuration file configs/cifar10_bpda_eot_sigma025_eot15.yml in the repository.

Attack and defense

For adversarial attacks, the classifier PGD attack and BPDA+EOT attack are implemented in attacks/clf_pgd.py and attacks/bpda_strong.py, respectively. At the configuration file, setting the attack.attack_method into clf_pgd or bpda_strong will run these attacks, respectively. For defense, we implemented the main ADP algorithm and ADP after detecting adversarial examples (Appendix F.) in purification/adp.py and purification/adp_decision.py, respectively.

Main components

File name Explanation
main.py Execute the main code, with initializing configurations and loggers.
runners/empirical.py Attacks and purifies the image to show empirical adversarial robustness.
attacks/bpda_strong.py Code for BPDA+EOT attack.
purification/adp.py Code for adversarial purification.
ncsnv2/* Code for training the EBM, i.e., NCSNv2 (paper, code).
networks/* Code for used classifier network architectures.
utils/* Utility files.

Notes

  • For the configuration files, we use the pixel ranges [0, 255] for the perturbation scale attack.ptb and the one-step attack scale attack.alpha. And the main experiments are performed within the pixel range [0, 1] after being rescaled during execution.
  • For training the EBM and classifier models, we primarily used the pre-existing methods such as NCSNv2 and WideResNet classifier. Here is the repository we used for training the WideResNet classifier. Nevertheless, other classifiers, such as the pre-trained adversarially robust classifier implemented in here can be used.

Reference

If you find our work useful for your research, please consider citing this.

@inproceedings{
yoon2021advpur,
title={Adversarial Purification with Score-based Generative Models},
author={Jongmin Yoon and Sung Ju Hwang and Juho Lee},
booktitle={Proceedings of The 38th International Conference on Machine Learning (ICML 2021)},
year={2021},
}

Contact

For further details, please contact [email protected].

License

MIT

You might also like...
Code for CVPR 2021 paper: Revamping Cross-Modal Recipe Retrieval with Hierarchical Transformers and Self-supervised Learning

Revamping Cross-Modal Recipe Retrieval with Hierarchical Transformers and Self-supervised Learning This is the PyTorch companion code for the paper: A

[WWW 2021 GLB] New Benchmarks for Learning on Non-Homophilous Graphs
[WWW 2021 GLB] New Benchmarks for Learning on Non-Homophilous Graphs

New Benchmarks for Learning on Non-Homophilous Graphs Here are the codes and datasets accompanying the paper: New Benchmarks for Learning on Non-Homop

[Preprint] Escaping the Big Data Paradigm with Compact Transformers, 2021
[Preprint] Escaping the Big Data Paradigm with Compact Transformers, 2021

Compact Transformers Preprint Link: Escaping the Big Data Paradigm with Compact Transformers By Ali Hassani[1]*, Steven Walton[1]*, Nikhil Shah[1], Ab

🏆 The 1st Place Submission to AICity Challenge 2021 Natural Language-Based Vehicle Retrieval Track (Alibaba-UTS submission)
🏆 The 1st Place Submission to AICity Challenge 2021 Natural Language-Based Vehicle Retrieval Track (Alibaba-UTS submission)

🏆 The 1st Place Submission to AICity Challenge 2021 Natural Language-Based Vehicle Retrieval Track (Alibaba-UTS submission)

This repository will contain the code for the CVPR 2021 paper
This repository will contain the code for the CVPR 2021 paper "GIRAFFE: Representing Scenes as Compositional Generative Neural Feature Fields"

GIRAFFE: Representing Scenes as Compositional Generative Neural Feature Fields Project Page | Paper | Supplementary | Video | Slides | Blog | Talk If

Findings of ACL 2021

Assessing Dialogue Systems with Distribution Distances [arXiv][code] We propose to measure the performance of a dialogue system by computing the distr

Code for ACL 2021 main conference paper
Code for ACL 2021 main conference paper "Conversations are not Flat: Modeling the Intrinsic Information Flow between Dialogue Utterances".

Conversations are not Flat: Modeling the Intrinsic Information Flow between Dialogue Utterances This repository contains the code and pre-trained mode

Code for our paper
Code for our paper "Mask-Align: Self-Supervised Neural Word Alignment" in ACL 2021

Mask-Align: Self-Supervised Neural Word Alignment This is the implementation of our work Mask-Align: Self-Supervised Neural Word Alignment. @inproceed

Code for our ACL 2021 paper - ConSERT: A Contrastive Framework for Self-Supervised Sentence Representation Transfer

ConSERT Code for our ACL 2021 paper - ConSERT: A Contrastive Framework for Self-Supervised Sentence Representation Transfer Requirements torch==1.6.0

Comments
  • License?

    License?

    Thanks for sharing the code for your work! Could you add a license to it, such as the MIT or Apache licenses?

    Clear licensing makes it more straightforward to run (and therefore cite) your research. This is especially the case for researchers in industry.

    opened by shelhamer 1
  • Some ModuleNotFoundError bug shoud be concerned.

    Some ModuleNotFoundError bug shoud be concerned.

    1. utils/importData.py
    # from runners import TinyImageNet
    
    1. attacks/__init__.py
    # from runners import TinyImageNet
    
    1. runners/empirical.py
    # from ncsn.models.refinenet_dilated_baseline import RefineNetDilated
    
    1. runners/empirical.py
    from robustbench.utils import load_model
    

    where is this module?

    1. runners/empirical.py
    # from ncsnv2.runners.ncsn_runner import *
    
    1. runners/__init__.py
    # from runners.certified import *
    # from runners.deploy import *
    

    Next time you can provide some programs that could be used as much as possible.

    opened by muyuuuu 2
Owner
null
Python Implementation of ``Modeling the Influence of Verb Aspect on the Activation of Typical Event Locations with BERT'' (Findings of ACL: ACL 2021)

BERT-for-Surprisal Python Implementation of ``Modeling the Influence of Verb Aspect on the Activation of Typical Event Locations with BERT'' (Findings

null 7 Dec 5, 2022
GSoC'2021 | TensorFlow implementation of Wav2Vec2

GSoC'2021 | TensorFlow implementation of Wav2Vec2

Vasudev Gupta 73 Nov 28, 2022
A PyTorch implementation of paper "Learning Shared Semantic Space for Speech-to-Text Translation", ACL (Findings) 2021

Chimera: Learning Shared Semantic Space for Speech-to-Text Translation This is a Pytorch implementation for the "Chimera" paper Learning Shared Semant

Chi Han 43 Dec 28, 2022
Transformers implementation for Fall 2021 Clinic

Installation Download miniconda3 if not already installed You can check by running typing conda in command prompt. Use conda to create an environment

Aakash Tripathi 1 Oct 28, 2021
:hot_pepper: R²SQL: "Dynamic Hybrid Relation Network for Cross-Domain Context-Dependent Semantic Parsing." (AAAI 2021)

R²SQL The PyTorch implementation of paper Dynamic Hybrid Relation Network for Cross-Domain Context-Dependent Semantic Parsing. (AAAI 2021) Requirement

huybery 60 Dec 31, 2022
CrossNER: Evaluating Cross-Domain Named Entity Recognition (AAAI-2021)

CrossNER is a fully-labeled collected of named entity recognition (NER) data spanning over five diverse domains (Politics, Natural Science, Music, Literature, and Artificial Intelligence) with specialized entity categories for different domains.

Zihan Liu 89 Nov 10, 2022
Official code for "Parser-Free Virtual Try-on via Distilling Appearance Flows", CVPR 2021

Parser-Free Virtual Try-on via Distilling Appearance Flows, CVPR 2021 Official code for CVPR 2021 paper 'Parser-Free Virtual Try-on via Distilling App

null 395 Jan 3, 2023
Official code of our work, Unified Pre-training for Program Understanding and Generation [NAACL 2021].

PLBART Code pre-release of our work, Unified Pre-training for Program Understanding and Generation accepted at NAACL 2021. Note. A detailed documentat

Wasi Ahmad 138 Dec 30, 2022
Negative sampling for solving the unlabeled entity problem in NER. ICLR-2021 paper: Empirical Analysis of Unlabeled Entity Problem in Named Entity Recognition.

Negative Sampling for NER Unlabeled entity problem is prevalent in many NER scenarios (e.g., weakly supervised NER). Our paper in ICLR-2021 proposes u

Yangming Li 128 Dec 29, 2022
Repository to hold code for the cap-bot varient that is being presented at the SIIC Defence Hackathon 2021.

capbot-siic Repository to hold code for the cap-bot varient that is being presented at the SIIC Defence Hackathon 2021. Problem Inspiration A plethora

Aryan Kargwal 19 Feb 17, 2022