GitHub - jiangchaoliu/CLEVER: CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is a robustness metric for deep neural networks

This is a modified version of CLEVER to compute minimal distortion for arbitrary networks and inputs. The installiation process is described in "ORG_README.md" from CLEVER.

USAGE

We have provided a script ``run.sh'' to collect all experimental results in the paper. It just calls the following commands in a loop.

python3 collect_gradients.py --csvfile <input csv file>  --data <mnist/cifar> --model_name <model name> --target_type <targeted attack or untargeted> -n <number os inputs>
sleep 20
python3 clever.py --stored_file <file name> --untargeted ./lipschitz_mat/mnist_<model name>/

<csvfile>: the path to the input csv file
<data>: cifar'' or mnist''
<model_name>: the name of the network models. Note that, for each model, CLEVER creates a folder named mnist_<model name>'' to store temporary results and then compute the minimal distortion from them. Thus, for each category of inputs, we need a different model name. For instance, for the valid inputs to the network model FNN-MNIST, we create a model name rfnn_valid'' (even though we only need one model file, stored in ./models/). These models must be added with the code in "estimate_gradient_norm.py". All models needed in the paper are added in the code. But to support more models, please refer to "estimate_gradient_norm.py", the code is straightforward to understand.
<target_type>: 16 for untargeted attack
<n>: number of images
<stored_file>: the name of the file to store the results which are the minimal distortion in L_1, L_2 and L_{oo} norm distance.

An example

python3 collect_gradients.py --csvfile rcnn6t16_1_valid.csv  --data mnist --model_name rcnn_valid --target_type 16 -n 100
sleep 20
python3 clever.py --stored_file rcnn6t16_1_valid.txt --untargeted ./lipschitz_mat/mnist_rcnn_valid/

It is to compute the minimal distortion of the first 100 (-n) in rfnn3t30_1_valid.csv (--csvfile) for the network model FNN-MNIST rcnn_valid'' (--model_name, corresponding to model file ./models/rfnn3t30_1.h5'', see ``estimate_gradient_norm.py''). The option target_type = 16 means untargeted attack.

CAUTION

The script needs days to finish. To get quick results, you can change the script by modifing from 100 to 1.

Name		Name	Last commit message	Last commit date
Latest commit History 53 Commits
labels		labels
models		models
COPYRIGHT		COPYRIGHT
LICENSE		LICENSE
ORG_README.md		ORG_README.md
README.md		README.md
clever.py		clever.py
collect_gradients.py		collect_gradients.py
defense.py		defense.py
estimate_gradient_norm.py		estimate_gradient_norm.py
nlayer_model.py		nlayer_model.py
process_log.py		process_log.py
randsphere.py		randsphere.py
rcnn_cw.csv		rcnn_cw.csv
rcnn_fgsm05.csv		rcnn_fgsm05.csv
rcnn_fgsm1.csv		rcnn_fgsm1.csv
rcnn_hop.csv		rcnn_hop.csv
rcnn_valid.csv		rcnn_valid.csv
rcnn_wrong.csv		rcnn_wrong.csv
rfnn_cw.csv		rfnn_cw.csv
rfnn_fgsm05.csv		rfnn_fgsm05.csv
rfnn_fgsm1.csv		rfnn_fgsm1.csv
rfnn_hop.csv		rfnn_hop.csv
rfnn_valid.csv		rfnn_valid.csv
rfnn_wrong.csv		rfnn_wrong.csv
run.sh		run.sh
setup_cifar.py		setup_cifar.py
setup_imagenet.py		setup_imagenet.py
setup_mnist.py		setup_mnist.py
shmemarray.py		shmemarray.py
train_2layer.py		train_2layer.py
train_models.py		train_models.py
train_nlayer.py		train_nlayer.py
utils.py		utils.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

USAGE

CAUTION

About

Releases

Packages

Languages

License

jiangchaoliu/CLEVER

Folders and files

Latest commit

History

Repository files navigation

USAGE

CAUTION

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages