Skip to content
/ Reverse-Cross-Entropy Public

Reverse Cross Entropy for Adversarial Detection (NeurIPS 2018)

License

Apache-2.0 license
45 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

P2333/Reverse-Cross-Entropy

BranchesTags

Repository files navigation

Reverse Cross Entropy Training

Reverse Cross Entropy Training (RCE) is a novel training method, which can learn more distinguished feature representations for detecting adversarial examples. Technical details are specified in:

Towards Robust Detection of Adversarial Examples (NeurIPS 2018)

Tianyu Pang, Chao Du, Yinpeng Dong and Jun Zhu

Training

We provide codes for training ResNet on MNIST and CIFAR-10. Our codes are based on Tensorflow.

Prerequisite:

  1. Install TensorFlow 1.9.0 (Python 2.7).

  2. Download MNIST/CIFAR-10 dataset.

How to run:

An example of using RCE to train a ResNet-32 on MNIST:

python train.py --train_data_path='mnist_dataset/data_train.bin' \
                --log_root=models_mnist/resnet32 \
                --train_dir=models_mnist/resnet32/train \
                --dataset='mnist' \
                --num_gpus=1 \
                --num_residual_units=5 \
                --mode=train \
                --Optimizer='mom' \
                --total_steps=20000 \
                --RCE_train=True

Test in the Normal Setting

An example of test trained ResNet-32 in the normal setting (test set) on MNIST:

python test_nor.py --eval_data_path='mnist_dataset/data_test.bin' \
                --log_root=models_mnist/resnet32 \
                --eval_dir=models_mnist/resnet32/eval \
                --dataset='mnist' \
                --num_gpus=1 \
                --num_residual_units=5 \
                --mode=eval \
                --RCE_train=True

Test in the Adversarial Setting

The code of attacks is forked from Zhitao Gong

An example of attacking a trained Resnet-32 by FGSM on MNIST:

python test_adv.py --eval_data_path='mnist_dataset/test_batch.bin' \
                               --log_root=models_mnist/resnet32 \
                               --dataset='mnist' \
                               --num_gpus=1 \
                               --num_residual_units=5 \
                               --Optimizer='mom' \
                               --mode=attack \
                               --RCE_train=True \
                               --attack_method='fgsm' \
                               --eval_batch_count=5

The attack_method could be random, fgsm (FGSM), bim (BIM), tgsm (ILCM), jsma (JSMA), carliniL2 (C&W), carliniL2_highcon (C&W-highcon) and carliniL2_specific (C&W-whitebox).

Detection of Adversarial Examples

After running the attacking codes, there will be saved files containing the information of crafted adversarial exmaples. To further perform detection between adversarial examples and normal ones, there are three extra steps to do:

First Step: Get the train_logits

python others.py --eval_data_path='mnist_dataset/data_train.bin' \
                               --log_root=models_mnist/resnet32 \
                               --dataset='mnist' \
                               --num_gpus=1 \
                               --num_residual_units=5 \
                               --mode=kernel_para \
                               --Optimizer='mom' \
                               --eval_batch_count=500 \
                               --RCE_train=True

Second Step: run Matlab_scripts/select_kernel.m

Third Step: run Matlab_scripts/auc_of_roc_RCE.m

About

Reverse Cross Entropy for Adversarial Detection (NeurIPS 2018)

Resources

Readme

License

Apache-2.0 license
Activity

Stars

45 stars

Watchers

4 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages