Skip to content
/ AT-CNN Public

Project page for our paper: Interpreting Adversarially Trained Convolutional Neural Networks

65 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PKUAI26/AT-CNN

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
code
code
 
 
data
data
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Interpreting Adversarially Trained Convolutional Neural Networks

Code for our ICML'19 paper: Interpreting Adversarially Trained Convolutional Neural Networks, by Tianyuan Zhang, Zhanxing Zhu.

How to run

If you want to run code on your own, I only provide codes on Caltech-256. We do not upload the dataset and trainned networks due to the fact that they are storage consuming. Training(Adversarial Training) scripts in this repo is not well writen, I suugest you to use your own scripts, or scripts provided in this repo

Caltech-256

The four most important python files for Caltech-256

They are all in /code/baseline/ :

main.py, attack.py, utils.py dataset.py

  1. main.py trains CNNs. It contains sufficient comments to understand how to customize your trainings.
  2. attack.py implements PGD and FGSM attackers.
  3. utils.py implements SmoothGrad
  4. dataset.py implements Saturation and Patch-shuffle operation. For style transfer, you have to use code provided in https://github.com/rgeirhos/Stylized-ImageNet/tree/master/code
  5. stAdv.py in code/spatial-transform.adv.train/ implements Spatially transformed attack.

How to run

  1. Dowload the data from http://www.vision.caltech.edu/Image_Datasets/Caltech101/Caltech101.html to /code/Caltech256/data
  2. cd data and run Partition.py to generate training set and test set.
  3. cd code/baseline and run main.py to train standard CNNs
  4. cd code/pgd.inf.eps8 and run main.py to adversarially train CNNs against a $l_{\inf}$ -norm bounded PGD attacker. code in /code/Caltech256/code/pgd.l2.eps8 are for $l_2$ -norm bounded adversarial training .
  5. gen_visual.py and utils.py in /code/Caltech256/code/baseline/ contains code to generate salience maps.

TinyImageNet & CIFAR-10

Code for TinyImageNet, and CIAFR-10 are similar to that for Caltech-256, important python files such as main.py, utils.py, attack.py has the same name and functionallities

You still have to download the images from https://tiny-imagenet.herokuapp.com and put them to /code/TinyImageNet/data

Reference

@article{zhang2019interpreting,
  title={Interpreting Adversarially Trained Convolutional Neural Networks},
  author={Zhang, Tianyuan and Zhu, Zhanxing},
  journal={arXiv preprint arXiv:1905.09797},
  year={2019}
}

Please contact tianyuanzhang if you get any question on this paper or the code. ) (^∀^)

About

Project page for our paper: Interpreting Adversarially Trained Convolutional Neural Networks

Topics

adversarial-example interpretable-deep-learning

Resources

Readme
Activity
Custom properties

Stars

65 stars

Watchers

7 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages