Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attacks

Stable Neural ODE with Lyapunov-Stable Equilibrium Points for Defending Against Adversarial Attackss.

Qiyu Kang, Yang Song, Qinxu Ding, Wee Peng Tay

Environment settings

• OS: Ubuntu 18.04
• GPU: RTX 2080 Ti, RTX a5000, RTX 3090
• Cuda: 11.1 or 10.2
• Python: >=3.6
• PyTorch: >= 1.6.0
• Torchvision: >= 0.7.0

Empirical Evaluations

Compatibility of SODEF

In this section, we show compatibility of SODEF using TRADES:

We append our SODEF after TRADES net to improve the model robustness against adversarial attacks. TRADES works as the feature extractor as in our paper. Please note TRADES weights are kept fixed during the training. We use the pretrained model provided by TRADES Repo.

Transfer attack:

Classification accuracy for adv examples generated from original pretrained model using AA ℒ_∞ (ϵ = 8/255) attacks : 61.94%.

cd trades_r
python sodef_eval_ode.py

cd trades_r
sodef_eval_transfer.ipynb

Notification

More test code and models will be uploaded soon after packing.

We currenly only upload the test code for SODEF. Please understand we have strict protocols for code release as this research is partially funded by corporate funding. We will upload the training code as soon as permission is granted.