This is the code for reproducing the results of the paper Preemptive Image Robustification for Protecting Users against Man-in-the-Middle Adversarial Attacks accepted at AAAI 2022.
This work was supported in part by SNU-NAVER Hyperscale AI Center and Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-00882, (SW STAR LAB) Development of deployable learning intelligence via self-sustainable and trustworthy machine learning and No. 2019-0-01371, Development of brain-inspired AI with human-like intelligence). This material is based upon work supported by the Air Force Office of Scientific Research under award number FA2386-20-1-4043.
All Python packages required are listed in requirements.txt. To install these packages, run the following commands.
conda create -n preempt-robust python=3.7
conda activate preempt-robust
pip install -r requirements.txtDownload the CIFAR-10 dataset from https://www.cs.toronto.edu/~kriz/cifar.html and place it a directory ./data.
We provide pre-trained checkpoints for adversarially trained model and preemptively robust model.
adv_l2: ℓ2 adversarially trained model with early stoppingadv_linf: ℓ∞ adversarially trained model with early stoppingpreempt_robust_l2: ℓ2 preemptively robust modelpreempt_robust_linf: ℓ∞ preemptively robust model
We also provide a pre-trained checkpoint for a model with randomized smoothing.
gaussian_0.1: model trained with additive Gaussian noises (σ = 0.1)
Shell scripts for downloading these checkpoint are located in ./checkpoints/cifar10/wideresent/[train_type]/download.sh. You can run each script to download a checkpoint named ckpt.pt. To download all the checkpoints, run download_all_ckpts.sh. You can delete all the checkpoints by running delete_all_ckpts.sh.
To train preemptively robust classifiers, run the following commands.
python train.py --config ./configs/cifar10_l2_model.yamlpython train.py --config ./configs/cifar10_linf_model.yamlTo generate preepmtive roobust images and their reconstruction, run the following commands. You can specify the classifier used for generating preemptively robust images by changing train_type in each yaml file.
python robustify.py --config ./configs/cifar10_l2.yaml
python reconstruct.py --config ./configs/cifar10_l2.yamlpython robustify.py --config ./configs/cifar10_linf.yaml
python reconstruct.py --config ./configs/cifar10_linf.yamlpython robustify.py --config ./configs/cifar10_l2_rand.yaml
python reconstruct.py --config ./configs/cifar10_l2_rand.yamlTo conduct grey-box attacks on preemptively robustified images, run the following commands. You can specify attack type by changing attack_type_eval in each yaml file.
python attack_grey_box.py --config ./configs/cifar10_l2.yamlpython attack_grey_box.py --config ./configs/cifar10_linf.yamlpython attack_grey_box.py --config ./configs/cifar10_l2_rand.yamlTo conduct white-box attacks on preemptively robustified images, run the following commands. You can specify attack type and its perturbation size by changing attack_type_eval and wbox_epsilon_p in each yaml file.
python attack_white_box.py --config ./configs/cifar10_l2.yamlpython attack_white_box.py --config ./configs/cifar10_linf.yamlpython attack_white_box.py --config ./configs/cifar10_l2_rand.yaml