This repository contains a python implementation of the robust 1-NN algorithm descriobe in paper "Analyzing the Robustness of Nearest Neighbors to Adversarial Examples" accepted by ICML 2018. The paper can be found on arXiv at https://arxiv.org/abs/1706.03922
-
mnist.sh This is an example script running the MNIST experiment appeared in the paper and producing corresponding plots/figures.
-
run_experiment.py This scripts implements the 4 baselines: standard_nn, robust_nn, ATnn and ATnn-all. The script takes two arguments, which are the data set and the attack method. Legit data set arguments are: halfmoon, mnist, abalone Legit attack method arguments are: wb (direct white-box), wb_kernel (white-box attack on a kernel substitute), kernel (black-box attack on a kernel substitute) and nn (black-box attack against on a neural net substitute.) The scripts will run the chosen attack on the data set and save results of the 4 baselines.
Model parameters, size of data set and the number of repeated experiments can be set in the script as well.
-
nn_attack_white_box.py This module contains attack methods for white-box attacks.
-
nn_attacks.py This module is an integration of all attack methods.
-
eps_separation.py This module contains the method finding epsilon-separated subset.
-
robust_1nn.py This module contains the implementaion of robust_1nn algorithm.
-
prepare_data.py This module contains method generating data set of desired size.
-
model_utils.py This module contains the definition of models used in the experiment.
-
plotting.py This script plots the MNIST result.
For MNIST, an example run of a single experiment using a total of 1000 training images and 400 test images takes ~1hr on a 7770k+1080ti desktop.
- standard numpy and matlibplot packages
- tensorflow with gpu
- hopcroftkarp module of finding maximum matching. (can be added using pip install hopcroftkarp)
- cleverhans adversarial attack package. (can be found at https://github.com/tensorflow/cleverhans)
For convenience and for avoiding possible version inconsistency, 3 and 4's source code are also included in this repository. Please follow the original author's instruction and license agreements.
Feel free to contact me at [email protected]