yyzharry / me-net Goto Github PK
View Code? Open in Web Editor NEW[ICML 2019] ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation
Home Page: http://me-net.csail.mit.edu
License: MIT License
[ICML 2019] ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation
Home Page: http://me-net.csail.mit.edu
License: MIT License
Hi,
These days I have two new questions. The first one is that when I use softimp as me method , it always raise "svd did not converge" when preparing data but I dont understand what happened and how to solve
it. The second one is when I use nucnorm as me method, the acc rate of MNIST evaluation under fgsm0.3 is only nearly 20% when training after 20 epochs ,however ,usvt can acheive more than 80% after the same epochs. Is it a bug or I just should wait for training more epochs?
朋友你好,几个月前我读到了这篇文章并尝试做一些改良,然而最近我突然意识到我甚至没有复现出原文中的结果。打个比方来说,当时我尝试了一些cifar10的白盒攻击,我得到的模型在7步PGD下的acc是57.6,这个数据比较接近表11中的59.8因此当时我就以为复现成功了。但是近日我无意中发现该模型在面对20步PGD时远没有达到表11中的52.6而是仅有42.1,于是我尝试了MNIST、CIFAR10、SVHN三种数据集上的白盒攻击,发现结果于论文中提供的数据出入非常大,现在我把它们列在这里请您帮助我排查问题:
MNIST usvt p=0.3 超参数与表8一致,在白盒攻击下我的测试结果是:clean 96.6 PGD40 87.85 PGD100 81.57 (文章里对应表16的96.8 86.5 83.1),这一组还勉强比较一致。
Cifar10 usvt p=0.5,这个模型我没有用自己训练的而是采用你提供的checkpoint,我得到的测试结果是:
clean87.18 pgd7 57.60 pgd20 42.1 (文章里对应表11的 - pgd7 59.8 pgd20 52.6),pgd20远远达不到文中所述,这个问题比较大而且攻击代码和模型都是您提供的,所以我比较困惑.
SVHN usvt p=0.3 超参与表8一致,我的测试结果是clean 87.48 pgd7 78.00 pgd20 73.88 (对应表19的 clean88.3 pgd7 74.7 pgd20 61.4)同样在pgd20有很大的不同,更高迭代次数的攻击我没有对整个测试集进行评估因为比较费时,但是从随机选取的一小部分子集的表现来看,cifar的表现会更低而svhn会收敛在70多.
以上是我做的并与文章很不一样的地方,希望能得到你的回复,尤其是关于cifar的结果,几乎没有一点我自己的东西,模型和攻击都是您已经提供的,出现如此大的偏差实在非常奇怪。此外还有一些比较疑惑的地方希望您也一起解答了:
1.表5中adaptive attack的攻击效果甚至比不上普通的bpda,这显然是不合理的adaptive attack吧?
2.既然已经知道bpda攻击那想必您一定也知道eot的存在吧,为什么不做相关的评估呢,menet中的mask很显然引入了随机
3.表6和表7中的数据显示menet能提高对clean data的泛化性,然而我并没有观察到这一现象,事实上您所提供的checkpoint(cifar pure usvt 0.5)中acc似乎也只有80多根本没有94.9,我猜测这里或许是指top-5?但是文中并没有指明这一点。
Line 409 in a521e1e
Im trying to reproduce this work but always can
t get the result what the paper shows. For example, clean images should has top1-acc 96.8 on ME-Net(p:0.2-0.4) but what I get is only 92.2. As the configs are not clear so I guess this is caused by my improper implementation, could you provide the config informations for MNIST? Here are mine if it helps.
augment:True
batchsize:200
optimizer: Adam(model.parameters(),lr=0.0001)
svdprob :0.8
startp: 0.2
endp :0.4
epoch: 100
mask-num: 10
me-type :usvt
model:
self.conv1 = nn.Conv2d(1,32,5,padding=2)
self.conv2 = nn.Conv2d(32,64,5,padding=2)
self.fc1 = nn.Linear(6477, 1024)
self.fc2 = nn.Linear(1024, 10)
作者你好,
我注意到USVT原文中进行重建时需要的特征值是根据S := {i:si ≥ (2 + η)pnpˆ}这个集合获得的,而在你提供的训练代码中似乎是用了一个固定的值int(h*svdprob)来保留能量大的部分,请问这两者是一致的吗,还是说代码中的实现其实就是保留了固定数量的特征值利用PCA重建而已呢?
Hello, can you share the defense results of ME-Net? Or are the results already displayed in the Representative Results?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.