Threat-Model-Agnostic-Adversarial-Defense-using-Diffusion-Models

This repo contains the official implementation for the paper Threat Model-Agnostic Adversarial Defense using Diffusion Models.

Running Experiments

Dependencies

Run the following conda line to install all necessary python packages for our code and set up the ad environment.

conda env create -f environment.yml

The environment includes cudatoolkit=11.0. You may change that depending on your hardware.

Project structure

main.py is the file that you should run for eval. Execute python main.py --help to get its usage description:

--arch  trades 
--dataset cifar-c

--first_step
--timesteps

--adv_epsilon
--adv_attack_type
--adv_threat_model

--batch_size 100 


usage: main.py [-h] --arch ARCHITECTURE [--dataset DATASET] [--first_step FIRST_STEP]
               [--timesteps TIME_STEPS] [--adv_epsilon ADVERSARIAL_EPSILON] [--adv_attack_type ADVERSARIAL_ATTACK_TYPE]
               [--adv_threat_model ADVERSARIAL_THREAT_MODEL] [-batch_size BATCH_SIZE] 

optional arguments:
  -h, --help            show this help message and exit
  
  --arch                                                                      | ddim |  adp | at | per | uncovering | trades |
  --dataset cifar-c

  --first_step          First time step of the diffusion model T^{*}          | in range [1, 1000]
  --timesteps           How many time steps will a full depth diffusion have  | in range [1, 1000]

  --adv_epsilon         The adversarial attack norm upper value               
  --adv_attack_type     Which attack do we want to use                        | no_attack | grey | BPDA_EOT | white | white_EOT | 
  --adv_threat_model                                                          | linf | l2 |

  --batch_size          batch size    

Downloading data

it is downloaded automatically

Running The Code

To evaluate out method under white-box + EOT on CIFAR-10 you should run:

python main.py --arch ddim --first_step 140 --timesteps 100 --adv_epsilon 0.0313725 --adv_attack_type white_EOT --adv_threat_model linf  --batch_size 10

Note that you can choose any other method from the list [adp, at, per, uncovering, trades]

Pretrained Checkpoints

For our method you should get the diffusion model checkpoint from Link: https://github.com/ermongroup/ddim you should get the classifier checkpoint from Link: https://github.com/point0bar1/ebm-defense

For the other methods you should take the checkpoints from their repo adp Link: https://github.com/jmyoon1/adp
at Link: https://github.com/MadryLab/robustness
per Link: https://github.com/cassidylaidlaw/perceptual-advex
uncovering Link: https://github.com/deepmind/deepmind-research/tree/master/adversarial_robustness
trades Link: https://github.com/yaodongyu/TRADES

Acknowledgement

This repo is largely based on the DDIM repo