Feature Denoising for Improving Adversarial Robustness

Feb 25, 2019 1 min read

ImageNet-Adversarial-Training

Feature Denoising for Improving Adversarial Robustness.

By combining large-scale adversarial training and feature-denoising layers,
we developed ImageNet classifiers with strong adversarial robustness.

Trained on 128 GPUs, our ImageNet classifier has 42.6% accuracy against an extremely strong
2000-steps white-box PGD targeted attack.
This is a scenario where no previous models have achieved more than 1% accuracy.

On black-box adversarial defense, our method won the champion of defense track in the
CAAD (Competition of Adversarial Attacks and Defenses) 2018.
It also greatly outperforms the CAAD 2017 defense track winner when evaluated
against CAAD 2017 black-box attackers.

This repo contains:

Our trained models, together with the evaluation script to verify their robustness.
We welcome attackers to attack our released models and defenders to compare with our released models.
Our distributed adversarial training code on ImageNet.

GitHub

Machine Learning

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

Feature Denoising for Improving Adversarial Robustness

ImageNet-Adversarial-Training

GitHub

John

Custom Object Detection and Classification Training

Deep learning on graphs with Keras