GithubHelp home page GithubHelp logo

ankile / adversarial-diffusion Goto Github PK

View Code? Open in Web Editor NEW
7.0 2.0 1.0 3.9 MB

Code for a paper exploring using diffusion models to defend neural networks against adversarial attacks

License: MIT License

TeX 1.44% Jupyter Notebook 98.56%
adversarial-machine-learning diffusion-models machine-learning resnet

adversarial-diffusion's Introduction

Denoising Diffusion Probabilistic Models as a Defense against Adversarial Attacks

Lars Ankile, Anna Midgley, Sebastian Weisshaar, Harvard University, 2022

This repository contains the code to reproduce the experiments and results in the paper. For any questions, reach out to [email protected] or open an issue in the repo. If this seems interesting, please read the paper.

Abstract

Neural Networks are infamously sensitive to small perturbations in their inputs, making them vulnerable to adversarial attacks. This project evaluates the performance of Denoising Diffusion Probabilistic Models (DDPM) as a purification technique to defend against adversarial attacks. This works by adding noise to an adversarial example before removing it through the reverse process of the diffusion model. We evaluate the approach on the PatchCamelyon data set for histopathologic scans of lymph node sections and find an improvement of the robust accuracy by up to 88% of the original model's accuracy, constituting a considerable improvement over the vanilla model and our baselines.

Selected Figures

An example of a tissue sample in the different stages of the model pipeline.

An example of a tissue sample in the different stages of the model pipeline

The results of running our four models on 1000 test samples for both standard accuracy (left) and robust accuracy (right). The vanilla ResNet model is red, and our method is purple. It is also important to note that the robust adversarially trained model is an instance of a GoogLeNet, and not ResNet, as this was the only tested architecture that generalized under adversarial training.

Model test set accuracy results

Data

The data used in this project is the PatchCamelyon data set, which is a data set of 327,680 96x96 pixel images of lymph node tissue samples. In producing our results, we created many adversarial attacks and ran them through our framework with differing purification levels. All this data is available in this Google Drive folder.

Citation

If you find this work useful, please cite it as:

  title={Denoising Diffusion Probabilistic Models as a Defense against Adversarial Attacks},
  author={Ankile, Lars Lien and Midgley, Anna and Weisshaar, Sebastian},
  journal={W3PHIAI workshop @ AAAI'24},
  year={2023}
}

adversarial-diffusion's People

Contributors

ankile avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

sebastian-weisshaar

adversarial-diffusion's Issues

Missing purified[i] variable in src/Adversarial_examples.ipynb

Thank you for the work!

I found an missing term purified in your code, could you please modify this part~
Thank you very much!

`preds_adv = np.array([])
preds_pur = np.array([])
ys = np.array([])
y_counter = 0

for i in range(1000):

Adv, X, y = purified[i]
X = X.to("cuda")
Adv = Adv.to("cuda")
pred_pur = cnn(X)
pred_adv = cnn(Adv)
preds_adv = np.append(preds_adv,np.argmax(pred_adv.detach().cpu().numpy(),axis=1))
preds_pur = np.append(preds_pur,np.argmax(pred_pur.detach().cpu().numpy(),axis=1))
y_counter+=y.numpy()
ys = np.append(ys, y.numpy())`

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.