{"id":28100760,"url":"https://github.com/poloclub/robust-principles","last_synced_at":"2026-02-22T02:04:15.273Z","repository":{"id":192110884,"uuid":"683475579","full_name":"poloclub/robust-principles","owner":"poloclub","description":"Robust Principles: Architectural Design Principles for Adversarially Robust CNNs ","archived":false,"fork":false,"pushed_at":"2024-01-13T14:32:07.000Z","size":819,"stargazers_count":23,"open_issues_count":6,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-24T08:28:14.396Z","etag":null,"topics":["adversarial-attacks","adversarial-machine-learning","architecture","robustness"],"latest_commit_sha":null,"homepage":"https://arxiv.org/abs/2308.16258","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/poloclub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-08-26T17:34:26.000Z","updated_at":"2025-09-01T03:05:43.000Z","dependencies_parsed_at":"2023-09-02T16:45:48.886Z","dependency_job_id":"e08db975-1a6e-469c-afae-e87fcc0af3dc","html_url":"https://github.com/poloclub/robust-principles","commit_stats":null,"previous_names":["poloclub/robust-principles"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/poloclub/robust-principles","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poloclub%2Frobust-principles","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poloclub%2Frobust-principles/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poloclub%2Frobust-principles/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poloclub%2Frobust-principles/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/poloclub","download_url":"https://codeload.github.com/poloclub/robust-principles/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/poloclub%2Frobust-principles/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29703261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T23:35:04.139Z","status":"online","status_checked_at":"2026-02-22T02:00:08.193Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-attacks","adversarial-machine-learning","architecture","robustness"],"created_at":"2025-05-13T18:38:55.288Z","updated_at":"2026-02-22T02:04:15.251Z","avatar_url":"https://github.com/poloclub.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Robust Principles: Architectural Design Principles for Adversarially Robust CNNs\n[![arxiv badge](https://img.shields.io/badge/arXiv-2308.16258-red)](https://arxiv.org/abs/2308.16258)\n[![license](https://img.shields.io/badge/License-MIT-success)](https://github.com/poloclub/wizmap/blob/main/LICENSE)\n\n[Robust Principles: Architectural Design Principles for Adversarially Robust CNNs](https://arxiv.org/abs/2308.16258). ShengYun Peng, Weilin Xu, Cory Cornelius, Matthew Hull, Kevin Li, Rahul Duggal, Mansi Phute, Jason Martin, Duen Horng Chau. *British Machine Vision Conference (BMVC)*, 2023.\n\n📺 \u003ca href=\"https://www.youtube.com/watch?v=S-N1iuA0hAY\"\u003eVideo Presentation\u003c/a\u003e \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; 📖 \u003ca href=\"https://arxiv.org/abs/2308.16258\"\u003eResearch Paper\u003c/a\u003e \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;  🚀\u003ca href=\"https://shengyun-peng.github.io/papers/robust-principles\"\u003eProject Page\u003c/a\u003e \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; 🪧 \u003ca href=\"https://shengyun-peng.github.io/papers/posters/22_robarch.pdf\"\u003ePoster\u003c/a\u003e\n\n\nhttps://github.com/poloclub/robust-principles/assets/84164548/c77259e4-b5a3-47b0-93d6-deba74d4131b\n\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"img/principles.png\" alt=\"robust principles\" width=\"100%\"/\u003e\n\u003c/p\u003e\n\nWe aim to unify existing works' diverging opinions on how architectural components affect the adversarial robustness of CNNs. To accomplish our goal, we synthesize a suite of three generalizable robust architectural design principles: (a) optimal range for depth and width configurations, (b) preferring convolutional over patchify stem stage, and (c) robust residual block design through adopting squeeze and excitation blocks and non-parametric smooth activation functions. Through extensive experiments across a wide spectrum of dataset scales, adversarial training methods, model parameters, and network design spaces, our principles consistently and markedly improve AutoAttack accuracy: 1-3 percentage points (pp) on CIFAR-10 and CIFAR-100, and 4-9 pp on ImageNet.\n\n## News\n`Aug. 2023` - Paper accepted by BMVC'23 \n\n`Sep. 2023` - 🎉 We are the top on [RobustBench CIFAR-10 $\\ell_\\infty = 8/255$ leaderboard](https://robustbench.github.io/#div_cifar10_Linf_heading)\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"img/robustbench.png\" alt=\"drawing\" width=\"100%\"/\u003e\n\u003c/p\u003e\n\n## Get Started\n1. Prepare ImageNet following [installation steps 3\u00264](https://github.com/locuslab/fast_adversarial/tree/master/ImageNet). Skip step 4 if you don't plan to run Fast adversarial training (AT).\n2. Set up python environment:\n```bash\nmake .venv_done\n```\n3. (Optional) Register Weights \u0026 Biases [account](https://wandb.ai/site) if you want to visualize training curves.\n4. Update \"BASE\" to ImageNet root directory and \"WANDB_ACCOUNT\" to your account name and validate by:\n```bash\nmake check_dir\n```\n\n## Training \u0026 Evaluation\n### Fast adversarial training (AT) - ResNet-50\n```bash\nmake experiments/Torch_ResNet50/.done_test_pgd\n```\nTo test other off-the-shelf models in [torchvision](https://pytorch.org/vision/stable/models.html#classification), add the model name in [MODEL.mk](MODEL.mk) and create a new make target in [Makefile](Makefile).\n\n### Fast AT - RaResNet-50\n```bash\nmake experiments/RaResNet50/.done_test_pgd\n```\n\n### Standard PGD AT - RaResNet-50\n```bash\n# Training\nmake experiments/RaResNet50/.done_train\n\n# Evaluation on PGD\nmake experiments/RaResNet50/.done_test_pgd\n\n# Evaluation on AutoAttack\nmake experiments/RaResNet50/.done_test_aa\n\n# Pretrained models evaluated on AutoAttack\nmake experiments/RaResNet50/.done_test_pretrained\n```\n\n## Trained Model Weights\n### ImageNet $\\ell_\\infty$\n\n| Architecture | #Param | Clean(%) | AA(%) | PGD100-2(%) | PGD100-4(%) | PGD100-8(%) |\n| :--: | :--: | :--: | :--: | :--: | :--: | :--: |\n| [RaResNet-50](https://huggingface.co/poloclub/Ra-Principles/blob/main/ra_resnet50_imagenet.pt)  | 26M | 70.17 | 44.14 | 60.06 | 47.77 | 21.77 |\n| [RaResNet-101](https://huggingface.co/poloclub/Ra-Principles/blob/main/ra_resnet101_imagenet.pt) | 46M | 71.88 | 46.26 | 61.89 | 49.30 | 23.01 |\n| [RaWRN-101-2](https://huggingface.co/poloclub/Ra-Principles/blob/main/ra_wrn101_2_imagenet.pt) | 104M | 73.44 | 48.94 | 63.49 | 51.03 | 25.31 |\n\n### CIFAR 10 \u0026 100 $\\ell_\\infty, \\epsilon = 8/255$\n\n| | | | CIFAR-10 | | | CIFAR-100 | |\n| :--: | :--: | :--: | :--: | :--: | :--: | :--: | :--: |\n| Method | Model | Clean(%) | AA(%) | PGD20(%) | Clean(%) | AA(%) | PGD20(%) |\n| [Diff. 1M](https://arxiv.org/abs/2302.04638) | RaWRN-70-16 | 92.16 | 66.33 | 70.37 | 70.25 | 38.73 | 42.61 |\n| [Diff. 50M](https://arxiv.org/abs/2302.04638) | [RaWRN-70-16](https://huggingface.co/poloclub/Ra-Principles/blob/main/ra_wrn70_16_cifar10.pt) | 93.27 | 71.09 | 75.29 | - | - | - |\n\n## Citation\n\n```bibtex\n@article{peng2023robust,\n  title={Robust Principles: Architectural Design Principles for Adversarially Robust CNNs},\n  author={Peng, ShengYun and Xu, Weilin and Cornelius, Cory and Hull, Matthew and Li, Kevin and Duggal, Rahul and Phute, Mansi and Martin, Jason and Chau, Duen Horng},\n  journal={arXiv preprint arXiv:2308.16258},\n  year={2023}\n}\n\n@misc{peng2023robarch,\n      title={RobArch: Designing Robust Architectures against Adversarial Attacks}, \n      author={ShengYun Peng and Weilin Xu and Cory Cornelius and Kevin Li and Rahul Duggal and Duen Horng Chau and Jason Martin},\n      year={2023},\n      eprint={2301.03110},\n      archivePrefix={arXiv},\n      primaryClass={cs.CV}\n}\n```\n\n## Contact\nIf you have any questions, feel free to [open an issue](https://github.com/poloclub/robust-principles/issues/new) or contact [Anthony Peng](https://shengyun-peng.github.io/) (CS PhD @Georgia Tech).\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpoloclub%2Frobust-principles","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpoloclub%2Frobust-principles","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpoloclub%2Frobust-principles/lists"}