{"id":20832402,"url":"https://github.com/ermongroup/generative_adversary","last_synced_at":"2025-05-08T01:23:48.797Z","repository":{"id":84088426,"uuid":"148091560","full_name":"ermongroup/generative_adversary","owner":"ermongroup","description":"Code for the unrestricted adversarial examples paper (NeurIPS 2018)","archived":false,"fork":false,"pushed_at":"2019-07-16T21:55:33.000Z","size":4785,"stargazers_count":64,"open_issues_count":6,"forks_count":16,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-31T16:11:22.072Z","etag":null,"topics":["adversarial-attacks","adversarial-examples","neurips2018"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ermongroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-10T03:04:02.000Z","updated_at":"2024-11-28T12:10:01.000Z","dependencies_parsed_at":"2023-03-10T20:16:23.503Z","dependency_job_id":null,"html_url":"https://github.com/ermongroup/generative_adversary","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ermongroup%2Fgenerative_adversary","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ermongroup%2Fgenerative_adversary/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ermongroup%2Fgenerative_adversary/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ermongroup%2Fgenerative_adversary/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ermongroup","download_url":"https://codeload.github.com/ermongroup/generative_adversary/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252979672,"owners_count":21835101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attacks","adversarial-examples","neurips2018"],"created_at":"2024-11-18T00:11:42.876Z","updated_at":"2025-05-08T01:23:48.784Z","avatar_url":"https://github.com/ermongroup.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Constructing Unrestricted Adversarial Examples with Generative Models\n\nThis repo contains necessary code for reproducing main results in the paper [Constructing Unrestricted Adversarial Examples with Generative Models](https://arxiv.org/abs/1805.07894), NIPS 2018, Montréal, Canada. \n\nby [Yang Song](https://yang-song.github.io/), [Rui Shu](https://ruishu.io//), [Nate Kushman](http://www.kushman.org/) and [Stefano Ermon](https://cs.stanford.edu/~ermon/), Stanford AI Lab.\n\n---\n\nWe propose **Unrestricted Adversarial Examples**, a new kind of adversarial examples to machine learning systems. Different from traditional adversarial examples that are crafted by adding norm-bounded perturbations to clean images, unrestricted adversarial examples are _realistic images that are synthesized entirely from scratch_, and not restricted to small norm-balls. This new attack demonstrates the danger of a stronger **threat model**, where traditional defense methods for perturbation-based adversarial examples fail.\n\n## Datasets\n\nHere are links to the datasets used in our experiments:\n* [CelebA (gender)](https://drive.google.com/open?id=1coLQbEZW6zshHVYi00IYSRiexq4RkA2x)\n* [SVHN](https://drive.google.com/open?id=1uPxNdW4K-GLFhqhOgtfI1jFFNEqp2eZn)\n\n## Running Experiments\n\n### Training AC-GANs\n\nIn order to do unrestricted adversarial attack, we first need a good conditional generative model so that we can search on the manifold of realistic images to find the adversarial ones. You can use `train_acgan.py` to do this. For example, the following command\n\n```bash\nCUDA_VISIBLE_DEVICES=0 python train_acgan.py --dataset mnist --checkpoint_dir checkpoints/\n```\n\nwill train an AC-GAN on the `MNIST` dataset with GPU #0 and output the weight files to the `checkpoints/` directory. \n\nRun `python train_acgan.py --help` to see more available argument options.\n\n### Unrestricted Adversarial Attack\n\nAfter the AC-GAN is trained, you can use `main.py` to do targeted / untargeted attack. You can also use `main.py` to evaluate the accuracy and PGD-robustness of a trained neural network classifier. For example, the following command\n\n```bash\nCUDA_VISIBLE_DEVICES=0 python main.py --mode targeted_attack --dataset mnist --classifier zico --source 0 --target 1\n```\n\nattacks the provable defense method from [Kolter \u0026 Wong, 2018](https://arxiv.org/pdf/1711.00851.pdf) on the `MNIST` dataset, with the source class being 0 and target class being 1. \n\nRun `python main.py --help` to view more argument options. For hyperparameters such as `--noise`, `--lambda1`, `--lambda2`, `--eps`,  `--z_eps`, `--lr`, and `--n_iters` (in that order), please refer to **Table. 4** in the Appendix of our [paper](https://arxiv.org/pdf/1805.07894.pdf). \n\n### Evaluating Unrestricted Adversarial Examples\n\nIn the paper, we use [Amazon Mechanical Turk](https://www.mturk.com/) to evaluate whether our unrestricted adversarial examples are legitimate or not. We have provided `html` files for the labelling interface in folder `amt_websites`.\n\n\n## Samples\n\n Perturbation-based adversarial examples (top row) VS unrestricted adversarial examples (bottom-row):\n\n![compare](assets/imgs/compare_adv_imgs.png)\n\nTargeted unrestricted adversarial examples against robust classifiers on `MNIST` (Green borders denote legitimate unrestricted adversarial examples while red borders denote illegimate ones. The tiny white text at the top-left corder of a red image denotes the label given by the annotators. )\n\n![mnist](assets/imgs/mnist_madry_adv_targeted_large_plot.jpg)\n\nWe also have samples for `SVHN` dataset:\n\n![svhn](assets/imgs/svhn_resnet_adv_targeted_large_plot.png)\n\nFinally here are the results for `CelebA`\n\n![celeba](assets/imgs/celebA_resnet_adv_targeted_large_plot.jpg)\n\n## Citation\n\nIf you find the idea or code useful for your research, please consider citing our [paper](https://arxiv.org/abs/1805.07894):\n\n```bib\n@inproceedings{song2018constructing,\n  author={Song, Yang and Shu, Rui and Kushman, Nate and Ermon, Stefano},\n  booktitle = {Advances in Neural Information Processing Systems (NIPS)},\n  title = {Constructing Unrestricted Adversarial Examples with Generative Models},\n  year = {2018},\n}\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fermongroup%2Fgenerative_adversary","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fermongroup%2Fgenerative_adversary","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fermongroup%2Fgenerative_adversary/lists"}