Official PyTorch implementation of "Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks" (AAAI 2022)

Last update: Dec 27, 2021

Overview

Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks

This is the code for reproducing the results of the paper Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks accepted at AAAI 2022.

Requirements

All Python packages required are listed in requirements.txt. To install these packages, run the following commands.

conda create -n preempt-robust python=3.7
conda activate preempt-robust
pip install -r requirements.txt

Preparing CIFAR-10 data

Download the CIFAR-10 dataset from https://www.cs.toronto.edu/~kriz/cifar.html and place it a directory ./data.

Pretrained models

We provide pre-trained checkpoints for adversarially trained model and preemptively robust model.

adv_l2: ℓ₂ adversarially trained model with early stopping
adv_linf: ℓ_∞ adversarially trained model with early stopping
preempt_robust_l2: ℓ₂ preemptively robust model
preempt_robust_linf: ℓ_∞ preemptively robust model

We also provide a pre-trained checkpoint for a model with randomized smoothing.

gaussian_0.1: model trained with additive Gaussian noises (σ = 0.1)

Shell scripts for downloading these checkpoint are located in ./checkpoints/cifar10/wideresent/[train_type]/download.sh. You can run each script to download a checkpoint named ckpt.pt. To download all the checkpoints, run download_all_ckpts.sh. You can delete all the checkpoints by running delete_all_ckpts.sh.

Preemptively robust training

To train preemptively robust classifiers, run the following commands.

1. ℓ₂ threat model, ε = δ = 0.5

python train.py --config ./configs/cifar10_l2_model.yaml

2. ℓ_∞ threat model, ε = δ = 8/255

python train.py --config ./configs/cifar10_linf_model.yaml

Preemptive robustification and reconstruction algorithms

To generate preepmtive roobust images and their reconstruction, run the following commands. You can specify the classifier used for generating preemptively robust images by changing train_type in each yaml file.

1. ℓ₂ threat model, ε = δ = 0.5

python robustify.py --config ./configs/cifar10_l2.yaml
python reconstruct.py --config ./configs/cifar10_l2.yaml

2. ℓ_∞ threat model, ε = δ = 8/255

python robustify.py --config ./configs/cifar10_linf.yaml
python reconstruct.py --config ./configs/cifar10_linf.yaml

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5

python robustify.py --config ./configs/cifar10_l2_rand.yaml
python reconstruct.py --config ./configs/cifar10_l2_rand.yaml

Grey-box attacks on preemptively robustified images

To conduct grey-box attacks on preemptively robustified images, run the following commands. You can specify attack type by changing attack_type_eval in each yaml file.

1. ℓ₂ threat model, ε = δ = 0.5

python attack_grey_box.py --config ./configs/cifar10_l2.yaml

2. ℓ_∞ threat model, ε = δ = 8/255

python attack_grey_box.py --config ./configs/cifar10_linf.yaml

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5

python attack_grey_box.py --config ./configs/cifar10_l2_rand.yaml

White-box attacks on preemptively robustified images

To conduct white-box attacks on preemptively robustified images, run the following commands. You can specify attack type and its perturbation size by changing attack_type_eval and wbox_epsilon_p in each yaml file.

1. ℓ₂ threat model, ε = δ = 0.5

python attack_white_box.py --config ./configs/cifar10_l2.yaml

2. ℓ_∞ threat model, ε = δ = 8/255

python attack_white_box.py --config ./configs/cifar10_linf.yaml

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5

python attack_white_box.py --config ./configs/cifar10_l2_rand.yaml

Official implementation for (Show, Attend and Distill: Knowledge Distillation via Attention-based Feature Matching, AAAI-2021)

Show, Attend and Distill: Knowledge Distillation via Attention-based Feature Matching Official pytorch implementation of "Show, Attend and Distill: Kn

80 Dec 16, 2022

Official implementation for paper Knowledge Bridging for Empathetic Dialogue Generation (AAAI 2021).

Knowledge Bridging for Empathetic Dialogue Generation This is the official implementation for paper Knowledge Bridging for Empathetic Dialogue Generat

50 Dec 20, 2022

PyTorch Implementation for AAAI'21 "Do Response Selection Models Really Know What's Next? Utterance Manipulation Strategies for Multi-turn Response Selection"

UMS for Multi-turn Response Selection Implements the model described in the following paper Do Response Selection Models Really Know What's Next? Utte

47 Nov 22, 2022

Scalable Attentive Sentence-Pair Modeling via Distilled Sentence Embedding (AAAI 2020) - PyTorch Implementation

Scalable Attentive Sentence-Pair Modeling via Distilled Sentence Embedding PyTorch implementation for the Scalable Attentive Sentence-Pair Modeling vi

25 Dec 2, 2022

Official Pytorch implementation of "Learning to Estimate Robust 3D Human Mesh from In-the-Wild Crowded Scenes", CVPR 2022

Learning to Estimate Robust 3D Human Mesh from In-the-Wild Crowded Scenes / 3DCrowdNet News 💪 3DCrowdNet achieves the state-of-the-art accuracy on 3D

113 Dec 21, 2022

Commonality in Natural Images Rescues GANs: Pretraining GANs with Generic and Privacy-free Synthetic Data - Official PyTorch Implementation (CVPR 2022)

Commonality in Natural Images Rescues GANs: Pretraining GANs with Generic and Privacy-free Synthetic Data (CVPR 2022) Potentials of primitive shapes f

31 Sep 27, 2022

Official Pytorch implementation of Online Continual Learning on Class Incremental Blurry Task Configuration with Anytime Inference (ICLR 2022)

The Official Implementation of CLIB (Continual Learning for i-Blurry) Online Continual Learning on Class Incremental Blurry Task Configuration with An

34 Oct 26, 2022

Official PyTorch implementation of the paper "Deep Constrained Least Squares for Blind Image Super-Resolution", CVPR 2022.

Deep Constrained Least Squares for Blind Image Super-Resolution [Paper] This is the official implementation of 'Deep Constrained Least Squares for Bli

141 Dec 30, 2022

Official pytorch implementation for Learning to Listen: Modeling Non-Deterministic Dyadic Facial Motion (CVPR 2022)

Learning to Listen: Modeling Non-Deterministic Dyadic Facial Motion This repository contains a pytorch implementation of "Learning to Listen: Modeling

50 Dec 17, 2022

Official PyTorch implementation of "Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks" (AAAI 2022)

Related tags

Overview

Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks

Requirements

Preparing CIFAR-10 data

Pretrained models

Preemptively robust training

1. ℓ2 threat model, ε = δ = 0.5

2. ℓ∞ threat model, ε = δ = 8/255

Preemptive robustification and reconstruction algorithms

1. ℓ2 threat model, ε = δ = 0.5

2. ℓ∞ threat model, ε = δ = 8/255

3. ℓ2 threat model, smoothed network, ε = δ = 0.5

Grey-box attacks on preemptively robustified images

1. ℓ2 threat model, ε = δ = 0.5

2. ℓ∞ threat model, ε = δ = 8/255

3. ℓ2 threat model, smoothed network, ε = δ = 0.5

White-box attacks on preemptively robustified images

1. ℓ2 threat model, ε = δ = 0.5

2. ℓ∞ threat model, ε = δ = 8/255

3. ℓ2 threat model, smoothed network, ε = δ = 0.5

You might also like...

Official implementation for (Show, Attend and Distill: Knowledge Distillation via Attention-based Feature Matching, AAAI-2021)

Official implementation for paper Knowledge Bridging for Empathetic Dialogue Generation (AAAI 2021).

PyTorch Implementation for AAAI'21 "Do Response Selection Models Really Know What's Next? Utterance Manipulation Strategies for Multi-turn Response Selection"

Scalable Attentive Sentence-Pair Modeling via Distilled Sentence Embedding (AAAI 2020) - PyTorch Implementation

Official Pytorch implementation of "Learning to Estimate Robust 3D Human Mesh from In-the-Wild Crowded Scenes", CVPR 2022

Commonality in Natural Images Rescues GANs: Pretraining GANs with Generic and Privacy-free Synthetic Data - Official PyTorch Implementation (CVPR 2022)

Official Pytorch implementation of Online Continual Learning on Class Incremental Blurry Task Configuration with Anytime Inference (ICLR 2022)

Official PyTorch implementation of the paper "Deep Constrained Least Squares for Blind Image Super-Resolution", CVPR 2022.

Official pytorch implementation for Learning to Listen: Modeling Non-Deterministic Dyadic Facial Motion (CVPR 2022)

Releases(v1.0)

v1.0(Dec 13, 2021)

Owner

A set of tools for Namebase and HNS

This repo is customed for VisDrone.

4K videos with annotated masks in our ICCV2021 paper 'Internal Video Inpainting by Implicit Long-range Propagation'.

Multi-Scale Vision Longformer: A New Vision Transformer for High-Resolution Image Encoding

Accelerated NLP pipelines for fast inference on CPU and GPU. Built with Transformers, Optimum and ONNX Runtime.

Bravia core script for python

Freecodecamp Scientific Computing with Python Certification; Solution for Challenge 2: Time Calculator

Graph Regularized Residual Subspace Clustering Network for hyperspectral image clustering

A python-image-classification web application project, written in Python and served through the Flask Microframework. This Project implements the VGG16 covolutional neural network, through Keras and Tensorflow wrappers, to make predictions on uploaded images.

Simple sinc interpolation in PyTorch.

Code for paper PairRE: Knowledge Graph Embeddings via Paired Relation Vectors.

SysWhispers Shellcode Loader

Lung Pattern Classification for Interstitial Lung Diseases Using a Deep Convolutional Neural Network

CurriculumNet: Weakly Supervised Learning from Large-Scale Web Images

Coursera - Quiz & Assignment of Coursera

Spectral normalization (SN) is a widely-used technique for improving the stability and sample quality of Generative Adversarial Networks (GANs)

Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

ImageBART: Bidirectional Context with Multinomial Diffusion for Autoregressive Image Synthesis

Code for the SIGIR 2022 paper "Hybrid Transformer with Multi-level Fusion for Multimodal Knowledge Graph Completion"

A Unified Generative Framework for Various NER Subtasks.

1. ℓ₂ threat model, ε = δ = 0.5

2. ℓ_∞ threat model, ε = δ = 8/255

1. ℓ₂ threat model, ε = δ = 0.5

2. ℓ_∞ threat model, ε = δ = 8/255

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5

1. ℓ₂ threat model, ε = δ = 0.5

2. ℓ_∞ threat model, ε = δ = 8/255

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5

1. ℓ₂ threat model, ε = δ = 0.5

2. ℓ_∞ threat model, ε = δ = 8/255

3. ℓ₂ threat model, smoothed network, ε = δ = 0.5