Skip to content
/ PAD Public

Phase-aware Adversarial Defense for Improving Adversarial Robustness

12 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dwDavidxd/PAD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
models
models
 
 
utils
utils
 
 
README.md
README.md
 
 
arch.png
arch.png
 
 
method.png
method.png
 
 
requirements.txt
requirements.txt
 
 
test_PAD.py
test_PAD.py
 
 
train_PAD.py
train_PAD.py
 
 

Repository files navigation

Phase-aware Adversarial Defense for Improving Adversarial Robustness

Paper

The implementation of Phase-aware Adversarial Defense for Improving Adversarial Robustness (ICML 2023).

Deep neural networks have been found to be vulnerable to adversarial noise. Recent works show that exploring the impact of adversarial noise on intrinsic components of data can help improve adversarial robustness. However, the pattern closely related to human perception has not been deeply studied. In this paper, inspired by the cognitive science, we investigate the interference of adversarial noise from the perspective of image phase, and find ordinarily-trained models lack enough robustness against phase-level perturbations. Motivated by this, we propose a joint adversarial defense method: a phase-level adversarial training mechanism to enhance the adversarial robustness on the phase pattern; an amplitude-based pre-processing operation to mitigate the adversarial perturbation in the amplitude pattern. Experimental results show that the proposed method can significantly improve the robust accuracy against multiple attacks and even adaptive attacks. In addition, ablation studies demonstrate the effectiveness of our defense strategy.

The illustrations of the low-frequency component, highfrequency component and phase pattern. Nat. and Adv. samples denote natural and adversarial samples. The noise is crafted by PGD attack.

The training procedure of the Phase-aware Adversarial Defense (PAD). Adv., Nat., Ref., Tra., Pha., Amp. and Pha-Adv. mean the adversarial sample, natural sample, reference sample, transitional reference sample, phase spectrum, amplitude spectrum and recombined phase-level adversarial sample, respectively. $\Delta$ denotes the distance metric. The pre-processing procedure of our method in the inference stage is similar to the pink and orange parts.

Requirements

  • This codebase is written for python3 and pytorch.
  • To install necessary python packages, run pip install -r requirements.txt.

Experiments

Data

Training

To train the target model using PAD

python train_PAD.py --model_dir 'your checkpoint directory'

Test

To test the learned model

python test_PAD.py --model_dir 'your checkpoint directory'

License and Contributing

  • This README is formatted based on paperswithcode.
  • Feel free to post issues via Github.

Reference

If you find the code useful in your research, please consider citing our paper:

@InProceedings{pmlr-v202-zhou23m,
  title = 	 {Phase-aware Adversarial Defense for Improving Adversarial Robustness},
  author =       {Zhou, Dawei and Wang, Nannan and Yang, Heng and Gao, Xinbo and Liu, Tongliang},
  booktitle = 	 {Proceedings of the 40th International Conference on Machine Learning},
  pages = 	 {42724--42741},
  year = 	 {2023},
  publisher =    {PMLR}
}

About

Phase-aware Adversarial Defense for Improving Adversarial Robustness

Resources

Readme
Activity

Stars

12 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages