Official Keras implementation of paper:
Adversarial Detection with Gaussian Process Regression-based Detector (TIIS).
-
Adversarial example detection with Gaussian Process Regression-based detector.
-
Existing deep learning-based adversarial detection methods require numerous adversarial images for their training.
-
The proposed method overcomes this problem by performing classification based on the statistical features of adversarial images and clean images that are extracted by Gaussian process regression with a small number of images.
pip install -r requirements.txt
1. Git clone
$ git clone https://github.com/pod3275/GP-based-Adversarial-Detection.git
$ cd GP-based-Adversarial-Detection
2. Training target model
$ python train_model.py --dataset MNIST
3. Generate adversarial examples
$ python attack.py --dataset MNIST --attack JSMA
4. Detect with GP-based detector
$ python gp_detector.py --dataset MNIST --attack DeepFool --num_data_in_class 30
-
num_data_in_class : number of adversarial example in one class for training detector
-
For FGSM and BIM, you should add epsilon at the end of the attack name (ex. CIFAR10: "--attack FGSM_e9")
- Same as the name of directory where the adversarial data saved
- Attack accuracy
- Detection accuracy
- Number of adversarial examples for detector training
- Better performance with extremely small number of adversarial example.
1. Check adversarial image & model prediction results
$ python check_label.py --dataset CIFAR10 --attack DeepFool
- Check clean and adversarial images (included in check_label.py)
- Check clean and adversarial images' labels
2. Calculate L2 perturbations of adversarial examples
$ python l2_perturb.py --dataset CIFAR10 --attack BIM_e9
@proceedings{GP-basedAdvDetect,
title = {Adversarial Detection with Gaussian Process Regression-based Detector},
author = {Sangheon Lee, Noo-ri Kim, Youngwha Cho, Jae-Young Choi, Suntae Kim, Jeong-Ah Kim, Jee-Hyong Lee},
booktitle = {KSII Transactions on Internet and Information Systems (TIIS)},
year = {2019}
}