Learnable Boundary Guided Adversarial Training (ICCV2021)

Last update: Sep 25, 2022

Overview

Learnable Boundary Guided Adversarial Training

This repository contains the implementation code for the ICCV2021 paper:
Learnable Boundary Guided Adversarial Training (https://arxiv.org/pdf/2011.11164.pdf)

If you find this code or idea useful, please consider citing our work:

@article{cui2020learnable,
  title={Learnable boundary guided adversarial training},
  author={Cui, Jiequan and Liu, Shu and Wang, Liwei and Jia, Jiaya},
  journal={arXiv preprint arXiv:2011.11164},
  year={2020}
}

Overview

In this paper, we proposed the "Learnable Boundary Guided Adversarial Training" to preserve high natural accuracy while enjoy strong robustness for deep models. An interesting phenomenon in our exploration shows that natural classifier boundary can benefit model robustness to some degree, which is different from the previous work that the improved robustness is at cost of performance degradation on natural data. Our method creates new state-of-the-art model robustness on CIFAR-100 without extra real or Synthetic data under auto-attack benchmark.

Results and Pretrained models

`
Models are evaluated under the strongest AutoAttack(https://github.com/fra31/auto-attack) with epsilon 0.031.

Our CIFAR-100 models:
CIFAR-100-LBGAT0-wideresnet-34-10 70.25 vs 27.16
CIFAR-100-LBGAT6-wideresnet-34-10 60.64 vs 29.33
CIFAR-100-LBGAT6-wideresnet-34-20 62.55 vs 30.20

Our CIFAR-10 models:
CIFAR-10-LBGAT0-wideresnet-34-10 88.22 vs 52.86
CIFAR-10-LBGAT0-wideresnet-34-20 88.70 vs 53.57

CIFAR-100 L-inf

Note: this is one partial results list for comparisons with methods without using additional data up to 2020/11/25. Full list can be found at https://github.com/fra31/auto-attack. TRADES (alpha=6) is trained with official open-source code at https://github.com/yaodongyu/TRADES.

#	Method	Model	Natural Acc	Robust Acc (AutoAttack)
1	LBGAT (Ours)	WRN-34-20	62.55	30.20
2	(Gowal et al. 2020)	WRN-70-16	60.86	30.03
3	LBGAT (Ours)	WRN-34-10	60.64	29.33
4	(Wu et al. 2020)	WRN-34-10	60.38	28.86
5	LBGAT (Ours)	WRN-34-10	70.25	27.16
6	(Chen et al. 2020)	WRN-34-10	62.15	26.94
7	(Zhang et al. 2019) TRADES (alpha=6)	WRN-34-10	56.50	26.87
8	(Sitawarin et al. 2020)	WRN-34-10	62.82	24.57
9	(Rice et al. 2020)	RN-18	53.83	18.95

CIFAR-10 L-inf

Note: this is one partial results list for comparisons with previous published methods without using additional data up to 2020/11/25. Full list can be found at https://github.com/fra31/auto-attack. TRADES (alpha=6) is trained with official open-source code at https://github.com/yaodongyu/TRADES. “*” denotes methods aiming to speed up adversarial training.

#	Method	Model	Natural Acc	Robust Acc (AutoAttack)
1	LBGAT (Ours)	WRN-34-20	88.70	53.57
2	(Zhang et al.)	WRN-34-10	84.52	53.51
3	(Rice et al. 2020)	WRN-34-20	85.34	53.42
4	LBGAT (Ours)	WRN-34-10	88.22	52.86
5	(Qin et al., 2019)	WRN-40-8	86.28	52.84
6	(Zhang et al. 2019) TRADES (alpha=6)	WRN-34-10	84.92	52.64
7	(Chen et al., 2020b)	WRN-34-10	85.32	51.12
8	(Sitawarin et al., 2020)	WRN-34-10	86.84	50.72
9	(Engstrom et al., 2019)	RN-50	87.03	49.25
10	(Kumari et al., 2019)	WRN-34-10	87.80	49.12
11	(Mao et al., 2019)	WRN-34-10	86.21	47.41
12	(Zhang et al., 2019a)	WRN-34-10	87.20	44.83
13	(Madry et al., 2018) AT	WRN-34-10	87.14	44.04
14	(Shafahi et al., 2019)*	WRN-34-10	86.11	41.47
14	(Wang & Zhang, 2019)*	WRN-28-10	92.80	29.35

Get Started

Befor the training, please create the directory 'Logs' via the command 'mkdir Logs'.

Training

bash sh/train_lbgat0_cifar100.sh

Evaluation

before running the evaluation, please download the pretrained model.

bash sh/eval_autoattack.sh

Acknowledgements

This code is partly based on the TRADES and autoattack.

Contact

If you have any questions, feel free to contact us through email ([email protected]) or Github issues. Enjoy!

Learnable Boundary Guided Adversarial Training (ICCV2021)

Related tags

Overview

Learnable Boundary Guided Adversarial Training

Overview

Results and Pretrained models

CIFAR-100 L-inf

CIFAR-10 L-inf

Get Started

Training

Evaluation

Acknowledgements

Contact

Owner

DV Lab

JAX-based neural network library

Auto Seg-Loss: Searching Metric Surrogates for Semantic Segmentation

Official implementation of "SinIR: Efficient General Image Manipulation with Single Image Reconstruction" (ICML 2021)

PyTorch implementation of the supervised learning experiments from the paper Model-Agnostic Meta-Learning (MAML)

A very simple baseline to estimate 2D & 3D SMPL-compatible keypoints from a single color image.

Weakly Supervised Learning of Instance Segmentation with Inter-pixel Relations, CVPR 2019 (Oral)

An example of semantic segmentation using tensorflow in eager execution.

[ICCV2021] Official Pytorch implementation for SDGZSL (Semantics Disentangling for Generalized Zero-Shot Learning)

SMIS - Semantically Multi-modal Image Synthesis(CVPR 2020)

Using some basic methods to show linkages and transformations of robotic arms

A font family with a great monospaced variant for programmers.

Implementation of "Deep Implicit Templates for 3D Shape Representation"

Vision Transformer for 3D medical image registration (Pytorch).

House-GAN++: Generative Adversarial Layout Refinement Network towards Intelligent Computational Agent for Professional Architects

Implicit Graph Neural Networks

A package related to building quasi-fibration symmetries

A Comprehensive Empirical Study of Vision-Language Pre-trained Model for Supervised Cross-Modal Retrieval

Pytorch implementation for DFN: Distributed Feedback Network for Single-Image Deraining.

PyTorch implementation of the paper:A Convolutional Approach to Melody Line Identification in Symbolic Scores.

[CVPR 2021] MetaSAug: Meta Semantic Augmentation for Long-Tailed Visual Recognition