Dingsu Wang, Frederick Morlock

This repo contains the codes for the research of MAD-VAE: Manifold Awareness adversarial Defense Variational Autoencoder, which is a adversarial defense model based on Defense-VAE.

• The details of our research can be find in the .pdf file under this repo.
• We provide the pretrained parameters for all of our models. In the pretrained_model folder contains pretrained params for classifiers and our models, while in the experiments/pretrained folder are the pretraiend params for the test classifiers mentioned in the Defense-VAE paper.
• The plots for our experiments can be found in the plots folder.

├── LICENSE
├── MAD-VAE.pdf
├── MAD_VAE.py
├── README.md
├── experiments
│   ├── __init__.py
│   ├── test
│   │   ├── __init__.py
│   │   ├── attacks.py
│   │   ├── pretrained
│   │   ├── test_models.py
│   │   └── train_test_models.py
│   ├── test.py
│   ├── test_black.py
│   ├── test_confusion.py
│   └── test_generate_data.py
├── plots
├── plotting
│   ├── UMAP\ Test.ipynb
│   ├── adv_plot.py
│   ├── defense_plot.py
│   ├── latent_plot.py
│   ├── mnist_plot.py
│   └── plotting.py
├── pretrained_model
├── requirements.txt
├── train.py
├── train_classification.py
├── train_cluster.py
├── train_combined.py
└── utils
    ├── __init__.py
    ├── adversarial.py
    ├── classifier.py
    ├── dataset.py
    ├── generate_data.py
    ├── loss_function.py
    └── scheduler.py

• Our codes are based on Python3, make sure it is successfully installed on your machines. Since we are using GPUs for training, please make sure you have GPU driver (cuda, cudnn) installed and function well.
• Clone our repo from Github by running:

  git clone [email protected]:Derek-Wds/MAD-VAE.git
  cd MAD-VAE

• Install all the dependencies by running:

  pip install -r requirements.txt

• Generate the training data by running:

  cd utils
  python generate_data.py

  Since generating training data while training usually takes few days (especially the CW attack), it is more efficient to generate data first before training.

  If you find it takes a lot of time to generate data, we provide the training data we have at the link here.

• Train the vanilla model by running following under the main directory:

  python train.py --batch_size=512 --epochs=5 --log_dir="v_log" --gpu_num=2

  log_dir argument is for the Tensorboard log files, while the gpu_num argument specifies the number of GPUs you want to use for training. Our scripts supports multi-GPU training up to 4 GPUs.

  Other arguments for the training process can be found in each training files. We would NOT SUGGEST to modify arguments such as h_dim, z_dim, image_channels. image_size and num_classes unless you know what you are doing and know how to modify the model structures correspondingly.

  Training methods for other models are roughly the same by running train_classification.py, train_cluster.py and train_combined.py respectively.

• Visualize the training process by tensorboard:

  tensorboard --logdir v_log --port 9090

  Then the tensorboard will be available at localhost:9090

• Testing code is available in the experiments directory.
  • test.py runs whitebox attacks against a pretrained MAD-VAE – outputs results to files in the experiments directory
  • test_black.py runs blackbox attacks against a pretrained MAD-VAE – outputs results to files in the experiments directory
  • test_confusion.py prints the LaTeX code for a test-data confusion matrix
  • valid_generate_data.py generates validation data in the data directory at the root of the project.

• We provide the plotting scripts for adversarial images and model output, as well as t-SNE and UMAP dimension reduction algorithms. All these can be found in the plotting directory.

• FGSM adversarial examples
  
• CW adversarial examples
  
• Model with Proximity and Distance Loss output
  FGSM attack output
  CW attack output

If you find our ideas are helpful to your research, we would appreciate if you would cite our work by:

@misc{madvae2019,
  author = {Dingsu, Wang and Frederick, Morlock},
  title = {MAD-VAE},
  year = {2019},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/Derek-Wds/MAD-VAE}}
}

This work would not be done without the insights and code from the work Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks and Unsupervised Deep Embedding for Clustering Analysis.