Giter Site home page Giter Site logo

colt's Introduction

Convex Adversarial Layerwise Training (COLT) portfolio_view

overview

COLT is a certified defense for neural networks against adversarial examples, presented in our ICLR'20 paper. Our defense is based on a novel combination of adversarial training with existing provable defenses. The key idea is to model neural network training as a procedure which includes both, the verifier and the adversary. In every iteration, the verifier aims to certify the network using convex relaxation while the adversary tries to find inputs inside that convex relaxation which cause verification to fail. This method produces state-of-the-art neural network in terms of certified robustness on the challenging CIFAR-10 dataset.

Setup

All of the required python packages are listed in requirements.txt. We suggest to install the packages in a new virtual environment in the following way:

$ virtualenv venv
$ source venv/bin/activate
$ (venv) pip install -r requirements.txt

Additionally, we require Gurobi 9.0 to perform certification (Academic license is available for free). Gurobi can be installed using:

$ wget https://packages.gurobi.com/9.0/gurobi9.0.0_linux64.tar.gz
$ tar -xvf gurobi9.0.0_linux64.tar.gz
$ cd gurobi900/linux64/
$ python setup.py install

Training

Next, we present scripts to train the networks from our paper and reproduce the results. We use CIFAR-10 dataset and perform training as explained in our paper. To train the networks please run:

$ scripts/train_cifar10_2_255
$ scripts/train_cifar10_8_255

for 2/255 and 8/255 perturbation, respectively.

Certification

Similarly, to certify the networks and reproduce our results, please run:

$ ./scripts/certify_cifar10_2_255
$ ./scripts/certify_cifar10_8_255

Note that certifying all 10 000 examples from the test set can take several days. An easy way to speed up certification would be to partition the certification of the test set across different CPUs and GPUs by manipulating start_idx and end_idx arguments in the scripts.

Citing this work

@inproceedings{balunovic2020Adversarial,
	title={Adversarial Training and Provable Defenses: Bridging the Gap},
	author={Mislav Balunovic and Martin Vechev},
	booktitle={International Conference on Learning Representations},
	year={2020},
	url={https://openreview.net/forum?id=SJxSDxrKDr}
}

Contributors

License and Copyright

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.