[NeurIPS 2021] Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Last update: Sep 20, 2022

Related tags

Overview

Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Code for NeurIPS 2021 paper "Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training" by Lue Tao, Lei Feng, Jinfeng Yi, Sheng-Jun Huang, and Songcan Chen.
This repository contains an implementation of the attacks (P1~P5) and the defense (adversarial training) in the paper.

Requirements

Our code relies on PyTorch, which will be automatically installed when you follow the instructions below.

conda create -n delusion python=3.8
conda activate delusion
pip install -r requirements.txt

Running Experiments

Pre-train a standard model on CIFAR-10 (the dataset will be automatically download).

python main.py --train_loss ST

Generate perturbed training data.

python poison.py --poison_type P1
python poison.py --poison_type P2
python poison.py --poison_type P3
python poison.py --poison_type P4
python poison.py --poison_type P5

Visualize the perturbed training data (optional).

tensorboard --logdir ./results

Standard training on the perturbed data.

python main.py --train_loss ST --poison_type P1
python main.py --train_loss ST --poison_type P2
python main.py --train_loss ST --poison_type P3
python main.py --train_loss ST --poison_type P4
python main.py --train_loss ST --poison_type P5

Adversarial training on the perturbed data.

python main.py --train_loss AT --poison_type P1
python main.py --train_loss AT --poison_type P2
python main.py --train_loss AT --poison_type P3
python main.py --train_loss AT --poison_type P4
python main.py --train_loss AT --poison_type P5

Results

Figure 1: An illustration of delusive attacks and adversarial training. Left: Random samples from the CIFAR-10 training set: the original training set D and the perturbed training set D_P5 generated using the P5 attack. Right: Natural accuracy evaluated on the CIFAR-10 test set for models trained with: i) standard training on D; ii) adversarial training on D; iii) standard training on D_P5; iv) adversarial training on D_P5. While standard training on D_P5 incurs poor generalization performance on D, adversarial training can help a lot.

Table 1: Below we report mean and standard deviation of the test accuracy for the CIFAR-10 dataset. As we can see, the performance deviations of the defense (i.e., adversarial training) are very small (< 0.50%), which hardly effect the results. In contrast, the results of standard training are relatively unstable.

Training method \ Training data	P1	P2	P3	P4	P5
Standard training	37.87±0.94	74.24±1.32	15.14±2.10	23.69±2.98	11.76±0.72
Adversarial training	86.59±0.30	89.50±0.21	88.12±0.39	88.15±0.15	88.12±0.43

Key takeaways: Our theoretical justifications in the paper, along with the empirical results, suggest that adversarial training is a principled and promising defense against delusive attacks.

Citing this work

@inproceedings{tao2021better,
    title={Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training},
    author={Tao, Lue and Feng, Lei and Yi, Jinfeng and Huang, Sheng-Jun and Chen, Songcan},
    booktitle={Advances in Neural Information Processing Systems (NeurIPS)},
    year={2021}
}

[NeurIPS 2021] Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Related tags

Overview

Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Requirements

Running Experiments

Results

Citing this work

Owner

Lue Tao

Semi-supervised Transfer Learning for Image Rain Removal. In CVPR 2019.

Tensorflow Implementation for "Pre-trained Deep Convolution Neural Network Model With Attention for Speech Emotion Recognition"

Code accompanying "Adaptive Methods for Aggregated Domain Generalization"

Official pytorch implementation of "DSPoint: Dual-scale Point Cloud Recognition with High-frequency Fusion"

🛠️ Tools for Transformers compression using Lightning ⚡

InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

K-FACE Analysis Project on Pytorch

Repository for code and dataset for our EMNLP 2021 paper - “So You Think You’re Funny?”: Rating the Humour Quotient in Standup Comedy.

A pytorch implementation of faster RCNN detection framework (Use detectron2, it's a masterpiece)

Comp445 project - Data Communications & Computer Networks

Code for A Volumetric Transformer for Accurate 3D Tumor Segmentation

Fast and simple implementation of RL algorithms, designed to run fully on GPU.

Fast EMD for Python: a wrapper for Pele and Werman's C++ implementation of the Earth Mover's Distance metric

Discovering Explanatory Sentences in Legal Case Decisions Using Pre-trained Language Models.

POPPY (Physical Optics Propagation in Python) is a Python package that simulates physical optical propagation including diffraction

Trainable Bilateral Filter Layer (PyTorch)

Official PyTorch implementation of DD3D: Is Pseudo-Lidar needed for Monocular 3D Object detection? (ICCV 2021), Dennis Park, Rares Ambrus, Vitor Guizilini, Jie Li, and Adrien Gaidon.

Easy Parallel Library (EPL) is a general and efficient deep learning framework for distributed model training.

git《USD-Seg:Learning Universal Shape Dictionary for Realtime Instance Segmentation》(2020) GitHub: [fig2]

Fast Soft Color Segmentation

[NeurIPS 2021] Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Related tags

Overview

Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

Requirements

Running Experiments

Results

Citing this work

Owner

Lue Tao

Semi-supervised Transfer Learning for Image Rain Removal. In CVPR 2019.

Tensorflow Implementation for "Pre-trained Deep Convolution Neural Network Model With Attention for Speech Emotion Recognition"

Code accompanying "Adaptive Methods for Aggregated Domain Generalization"

Official pytorch implementation of "DSPoint: Dual-scale Point Cloud Recognition with High-frequency Fusion"

🛠️ Tools for Transformers compression using Lightning ⚡

InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing

K-FACE Analysis Project on Pytorch

Repository for code and dataset for our EMNLP 2021 paper - “So You Think You’re Funny?”: Rating the Humour Quotient in Standup Comedy.

A pytorch implementation of faster RCNN detection framework (Use detectron2, it's a masterpiece)

Comp445 project - Data Communications & Computer Networks

Code for A Volumetric Transformer for Accurate 3D Tumor Segmentation

Fast and simple implementation of RL algorithms, designed to run fully on GPU.

Fast EMD for Python: a wrapper for Pele and Werman's C++ implementation of the Earth Mover's Distance metric

Discovering Explanatory Sentences in Legal Case Decisions Using Pre-trained Language Models.

POPPY (Physical Optics Propagation in Python) is a Python package that simulates physical optical propagation including diffraction

Trainable Bilateral Filter Layer (PyTorch)

Official PyTorch implementation of DD3D: Is Pseudo-Lidar needed for Monocular 3D Object detection? (ICCV 2021), Dennis Park*, Rares Ambrus*, Vitor Guizilini, Jie Li, and Adrien Gaidon.

Easy Parallel Library (EPL) is a general and efficient deep learning framework for distributed model training.

git《USD-Seg:Learning Universal Shape Dictionary for Realtime Instance Segmentation》(2020) GitHub: [fig2]

Fast Soft Color Segmentation

Official PyTorch implementation of DD3D: Is Pseudo-Lidar needed for Monocular 3D Object detection? (ICCV 2021), Dennis Park, Rares Ambrus, Vitor Guizilini, Jie Li, and Adrien Gaidon.