- Attack to create feature-space adversarial examples (Section 4.1)
- Geometrical analysis (Section 4.2)
- Defense experiments (Section 4.3)
All experiments are performed on VGG16 and ResNet50 classifier using STL-10 dataset.
PyTorch >= 1.7
| Code | Description |
|---|---|
attack_vgg16.sh |
Create feature-space adversarial examples on VGG16 classifier |
attack_resnet50.sh |
Create feature-space adversarial examples on ResNet50 classifier |
geometry.sh |
Run geometry analysis |
smoothing_predict.sh |
Run defense experiments |
- Classifier implementation: torchvision package
- GAN implementation: PyTorch-GAN
- Randomized smoothing: Official implementation
- C&W attack: Random self-ensemble
Adversarial attacks and defenses using feature-space stochasticity. Jumpei Ukita and Kenichi Ohki, Neural Networks, 2023. Paper link