Name		Name	Last commit message	Last commit date
parent directory ..
images		images
saved		saved
README.md		README.md
advgan.py		advgan.py
discriminators.py		discriminators.py
generators.py		generators.py
prepare_dataset.py		prepare_dataset.py
target_models.py		target_models.py
test_function.py		test_function.py
train_advgan.py		train_advgan.py
train_function.py		train_function.py
train_target_models.py		train_target_models.py

README.md

Generating Adversarial Examples with Adversarial Networks

Paper | IJCAI 2018

Usage

Inference

$ python3 advgan.py --img images/0.jpg --target 4 --model Model_C --bound 0.3

Each of these settings has a separate Generator trained. This code loads appropriate trained model from saved/ directory based on given arguments. As of now there are 22 Generators for different targets, different bounds (0.2 and 0.3) and target models (only Model_C for now).

Training AdvGAN (Untargeted)

$ python3 train_advgan.py --model Model_C --gpu

Training AdvGAN (Targeted)

$ python3 train_advgan.py --model Model_C --target 4 --thres 0.3 --gpu
# thres: Perturbation bound

Use --help for other arguments available (epochs, batch_size, lr etc.)

Training Target Models (Models A, B and C)

$ python3 train_target_models.py --model Model_C

For TensorBoard visualization,

$ python3 generators.py
$ python3 discriminators.py

This code supports only MNIST dataset for now. Same notations as in paper are followed (mostly).

Results

There are few changes that have been made for model to work.

Generator in paper has ReLU on the last layer. If input data is normalized to [-1 1] there wouldn't be any perturbation in the negative region. As expected accuracies were poor (~10% Untargeted). So ReLU was removed. Also, data normalization had significat effect on performance. With [-1 1] accuracies were around 70%. But with [0 1] normalization accuracies were ~99%.
Perturbations (pert) and adversarial images (x + pert) were clipped. It's not converging otherwise.

These results are for the following settings.

Dataset - MNIST
Data normalization - [0 1]
thres (perturbation bound) - 0.3 and 0.2
No ReLU at the end in Generator
Epochs - 15
Batch Size - 128
LR Scheduler - step_size 5, gamma 0.1 and initial lr - 0.001

Target	Acc [thres: 0.3]	Acc [thres: 0.2]
Untargeted	0.9921	0.8966
0	0.9643	0.4330
1	0.9822	0.4749
2	0.9961	0.8499
3	0.9939	0.8696
4	0.9833	0.6293
5	0.9918	0.7968
6	0.9584	0.4652
7	0.9899	0.6866
8	0.9943	0.8430
9	0.9922	0.7610

Untargeted


Pred: 9	Pred: 3	Pred: 8	Pred: 8	Pred: 4	Pred: 3	Pred: 8	Pred: 3	Pred: 3	Pred: 8

Targeted

Target: 0	Target: 1	Target: 2	Target: 3	Target: 4	Target: 5	Target: 6	Target: 7	Target: 8	Target: 9

Pred: 0	Pred: 1	Pred: 2	Pred: 3	Pred: 4	Pred: 5	Pred: 6	Pred: 7	Pred: 8	Pred: 9

Pred: 0	Pred: 1	Pred: 2	Pred: 3	Pred: 4	Pred: 5	Pred: 6	Pred: 7	Pred: 8	Pred: 9

Pred: 0	Pred: 1	Pred: 2	Pred: 3	Pred: 4	Pred: 5	Pred: 6	Pred: 7	Pred: 8	Pred: 9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

adv_gan

adv_gan

README.md

Generating Adversarial Examples with Adversarial Networks

Usage

Inference

Training AdvGAN (Untargeted)

Training AdvGAN (Targeted)

Training Target Models (Models A, B and C)

Results

Untargeted

Targeted

Files

adv_gan

Directory actions

More options

Directory actions

More options

Latest commit

History

adv_gan

Folders and files

parent directory

README.md

Generating Adversarial Examples with Adversarial Networks

Usage

Inference

Training AdvGAN (Untargeted)

Training AdvGAN (Targeted)

Training Target Models (Models A, B and C)

Results

Untargeted

Targeted