Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks
This is the code for reproducing the results of the paper Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks accepted at AAAI 2022.
Requirements
All Python packages required are listed in requirements.txt. To install these packages, run the following commands.
conda create -n preempt-robust python=3.7
conda activate preempt-robust
pip install -r requirements.txt
Preparing CIFAR-10 data
Download the CIFAR-10 dataset from https://www.cs.toronto.edu/~kriz/cifar.html and place it a directory ./data.
Pretrained models
We provide pre-trained checkpoints for adversarially trained model and preemptively robust model.
adv_l2: ℓ2 adversarially trained model with early stoppingadv_linf: ℓ∞ adversarially trained model with early stoppingpreempt_robust_l2: ℓ2 preemptively robust modelpreempt_robust_linf: ℓ∞ preemptively robust model
We also provide a pre-trained checkpoint for a model with randomized smoothing.
gaussian_0.1: model trained with additive Gaussian noises (σ = 0.1)
Shell scripts for downloading these checkpoint are located in ./checkpoints/cifar10/wideresent/[train_type]/download.sh. You can run each script to download a checkpoint named ckpt.pt. To download all the checkpoints, run download_all_ckpts.sh. You can delete all the checkpoints by running delete_all_ckpts.sh.
Preemptively robust training
To train preemptively robust classifiers, run the following commands.
1. ℓ2 threat model, ε = δ = 0.5
python train.py --config ./configs/cifar10_l2_model.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python train.py --config ./configs/cifar10_linf_model.yaml
Preemptive robustification and reconstruction algorithms
To generate preepmtive roobust images and their reconstruction, run the following commands. You can specify the classifier used for generating preemptively robust images by changing train_type in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python robustify.py --config ./configs/cifar10_l2.yaml
python reconstruct.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python robustify.py --config ./configs/cifar10_linf.yaml
python reconstruct.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python robustify.py --config ./configs/cifar10_l2_rand.yaml
python reconstruct.py --config ./configs/cifar10_l2_rand.yaml
Grey-box attacks on preemptively robustified images
To conduct grey-box attacks on preemptively robustified images, run the following commands. You can specify attack type by changing attack_type_eval in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python attack_grey_box.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python attack_grey_box.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python attack_grey_box.py --config ./configs/cifar10_l2_rand.yaml
White-box attacks on preemptively robustified images
To conduct white-box attacks on preemptively robustified images, run the following commands. You can specify attack type and its perturbation size by changing attack_type_eval and wbox_epsilon_p in each yaml file.
1. ℓ2 threat model, ε = δ = 0.5
python attack_white_box.py --config ./configs/cifar10_l2.yaml
2. ℓ∞ threat model, ε = δ = 8/255
python attack_white_box.py --config ./configs/cifar10_linf.yaml
3. ℓ2 threat model, smoothed network, ε = δ = 0.5
python attack_white_box.py --config ./configs/cifar10_l2_rand.yaml
80 Dec 16, 2022
50 Dec 20, 2022
47 Nov 22, 2022
25 Dec 2, 2022
113 Dec 21, 2022
31 Sep 27, 2022
34 Oct 26, 2022
141 Dec 30, 2022
50 Dec 17, 2022
72 Dec 27, 2022
26 Nov 16, 2022
244 Jan 03, 2023
20 May 31, 2022
101 Jan 01, 2023
6 Sep 11, 2022
4 May 10, 2022
27 Jul 09, 2022
375 Jan 03, 2023
121 Dec 28, 2022
514 Nov 17, 2022
83 Dec 24, 2022
561 Jan 04, 2023
1 Nov 11, 2021
56 Dec 20, 2022
4.7k Jan 08, 2023
3 Jan 09, 2022
38 Jan 06, 2023
30 Dec 12, 2022
2 Nov 21, 2021