Comments (14)
We optimize in [0,1] and repeatedly convert it to [-1,1] on line 61.
https://github.com/hendrycks/ss-ood/blob/master/adversarial/attacks.py#L61
from ss-ood.
Thank you for the response. I am using your code in the 'adversarial' directory to replicate the numbers in table 1 of the paper. To get the standard adversarial training numbers I modified https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py as follows:
- Set
attack_rotations = False
in the attack definition - Replace https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py#L135-L142 with
bx, by = bx.cuda(), by.cuda()
- Set
by_prime = None
- Comment out https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py#L153
However, I am getting similar robustness numbers for both the cases (with and without rotation loss). Can you please tell me how one can replicate the numbers in table 1 of your paper?
from ss-ood.
Are you still using rotations in any way? If so, then it's not standard adversarial training.
from ss-ood.
I don't think I am using rotations at all in my standard adversarial training script. Based on the changes above, I am never generating rotated images or using the rotation loss.
from ss-ood.
from ss-ood.
I am getting around 50% for both cases, for a 10-step PGD attack (eps = 8/255, step size = 2/255)
from ss-ood.
from ss-ood.
Thank you for taking out time to answer my queries and sharing your code, I really appreciate it.
I tried the code that you provided for baseline, and re-ran the code for the rotation model and I got the following results:
[Baseline]
{'batch_size': 128, 'dataset': 'cifar10', 'decay': 0.0005, 'device': 1, 'droprate': 0.0, 'epochs': 100, 'layers': 40, 'learning_rate': 0.1, 'load': 'snapshots/baseline/', 'model': 'wrn', 'momentum': 0.9, 'prefetch': 2, 'save': './snapshots/baseline', 'test': True, 'test_bs': 200, 'widen_factor': 2, 'test_loss': 1.5106859993934632, 'test_accuracy': 0.4858}
[Rotation model]
{'batch_size': 128, 'dataset': 'cifar10', 'decay': 0.0005, 'device': 0, 'droprate': 0.0, 'epochs': 100, 'layers': 40, 'learning_rate': 0.1, 'load': 'snapshots/rot_five', 'model': 'wrn', 'momentum': 0.9, 'prefetch': 4, 'save': './snapshots/rot_five', 'test': True, 'test_bs': 200, 'widen_factor': 2, 'test_loss': 1.4669106388092041, 'test_accuracy': 0.4916}
I trained both the models against a 10-step PGD attack and the results I am sharing are for a 20-step attack on the said model.
from ss-ood.
I would not be surprised if I uploaded the wrong rotation code. But I am surprised that the baseline is 48.6%. If that's a 40-2 WRN, then I'd expect around 44.8%. Even a much larger 28-10 network https://github.com/MadryLab/cifar10_challenge should only be 47.0%.
from ss-ood.
Yeah I have the same concern, however both my code and your code for the baseline is returning the same numbers. Maybe a bug elsewhere (like the attack code)? Do you get 44.8% when you run the baseline code (the one you shared) on your machine?
The other potential issue, like you said, might be with the rotation code. For example, you have not uploaded the wrn_prime.py code file in the adversarial folder. If the only difference between wrn.py and wrn_prime.py is the return values of the forward
function (https://github.com/hendrycks/ss-ood/blob/master/adversarial/models/wrn.py#L96) then that's nothing to worry about.
Please let me know if you figure out what the issue is, as I am hoping to use your proposed model for my current research work.
Thank you!
from ss-ood.
from ss-ood.
Also face the same issue, can't solve it.
from ss-ood.
Hi,
I changed
https://github.com/hendrycks/ss-ood/blob/master/adversarial/attacks.py#L64
We let lambda = 0.5 during training, and since we're taking a sum in the attack code, we divide by 8. Let me know if that helps.
from ss-ood.
Hi,
Your advice doesn't address the problem of normal adversarial training performance to the 20-step PGD.
In my experiment, the finial AC of normal adversarial training to the 20-step PGD is around 48%, the same as @pratik18v , maybe there is some problem with the code or the result.
Best,
Mu
from ss-ood.
Related Issues (20)
- The DataParallel model doesn't accelerate at all HOT 1
- Code for CIFAR-10-C and OOD-CIFAR not provided.
- why bx*2 -1 ? HOT 1
- Largely deviating AUROC scores in self-implemented MSP baseline (Multi-Class OoD Detection) HOT 1
- Reproducing CIFAR-10 One-class OOD Detector with OE HOT 4
- Questions about the model HOT 1
- Question about logits, pen = model(adv_bx * 2 - 1) HOT 2
- how can I reproduce your imageNet AUROC? HOT 1
- one-class-train.tar can't be downloaded. HOT 1
- Why negative KL for classification loss when doing OOD detection HOT 2
- Can you provide parameters for multiclass_ood/train_auxiliary? HOT 1
- Question for Adversarial Attack Implementation HOT 5
- Accuracy for Common Corruptions. HOT 2
- Application of the Method on Signal Data HOT 1
- Signs of the two score components for OOD detection HOT 2
- training epochs
- Question about Adversarial Training + Rotations HOT 2
- No training data provided HOT 2
- wrn_prime not found in adversarial robustness HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ss-ood.