Skip to content

Latest commit

 

History

History
132 lines (92 loc) · 4.16 KB

README.md

File metadata and controls

132 lines (92 loc) · 4.16 KB

GP-based-Adversarial-Detection

Official Keras implementation of paper:

Adversarial Detection with Gaussian Process Regression-based Detector (TIIS).


Description


  • Adversarial example detection with Gaussian Process Regression-based detector.

  • Existing deep learning-based adversarial detection methods require numerous adversarial images for their training.

  • The proposed method overcomes this problem by performing classification based on the statistical features of adversarial images and clean images that are extracted by Gaussian process regression with a small number of images.


Requirements

pip install -r requirements.txt

How to run

1. Git clone

$ git clone https://github.com/pod3275/GP-based-Adversarial-Detection.git
$ cd GP-based-Adversarial-Detection

2. Training target model

$ python train_model.py --dataset MNIST

3. Generate adversarial examples

$ python attack.py --dataset MNIST --attack JSMA

4. Detect with GP-based detector

$ python gp_detector.py --dataset MNIST --attack DeepFool --num_data_in_class 30
  • num_data_in_class : number of adversarial example in one class for training detector

  • For FGSM and BIM, you should add epsilon at the end of the attack name (ex. CIFAR10: "--attack FGSM_e9")

    • Same as the name of directory where the adversarial data saved

Results

- Attack accuracy



- Detection accuracy



- Number of adversarial examples for detector training

  • Better performance with extremely small number of adversarial example.

Utils

1. Check adversarial image & model prediction results

$ python check_label.py --dataset CIFAR10 --attack DeepFool
  • Check clean and adversarial images (included in check_label.py)


  • Check clean and adversarial images' labels


2. Calculate L2 perturbations of adversarial examples

$ python l2_perturb.py --dataset CIFAR10 --attack BIM_e9


Citation

@proceedings{GP-basedAdvDetect,
	title = {Adversarial Detection with Gaussian Process Regression-based Detector},
	author = {Sangheon Lee, Noo-ri Kim, Youngwha Cho, Jae-Young Choi, Suntae Kim, Jeong-Ah Kim, Jee-Hyong Lee},
	booktitle = {KSII Transactions on Internet and Information Systems (TIIS)},
	year = {2019}
}