Comments (14)
hendrycks
commented on July 23, 2024
We optimize in [0,1] and repeatedly convert it to [-1,1] on line 61.
https://github.com/hendrycks/ss-ood/blob/master/adversarial/attacks.py#L61
from ss-ood.
pratik18v
commented on July 23, 2024
Thank you for the response. I am using your code in the 'adversarial' directory to replicate the numbers in table 1 of the paper. To get the standard adversarial training numbers I modified https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py as follows:
- Set
attack_rotations = Falsein the attack definition - Replace https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py#L135-L142 with
bx, by = bx.cuda(), by.cuda() - Set
by_prime = None - Comment out https://github.com/hendrycks/ss-ood/blob/master/adversarial/train.py#L153
However, I am getting similar robustness numbers for both the cases (with and without rotation loss). Can you please tell me how one can replicate the numbers in table 1 of your paper?
from ss-ood.
hendrycks
commented on July 23, 2024
Are you still using rotations in any way? If so, then it's not standard adversarial training.
from ss-ood.
pratik18v
commented on July 23, 2024
I don't think I am using rotations at all in my standard adversarial training script. Based on the changes above, I am never generating rotated images or using the rotation loss.
from ss-ood.
hendrycks
commented on July 23, 2024
What's your adversarial accuracy?
…On Thu, Feb 20, 2020 at 12:19 PM Pratik Vaishnavi ***@***.***> wrote:
I don't think I am using rotations at all in my standard adversarial
training script. Based on the changes above, I am never generating rotated
images or using the rotation loss.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#8?email_source=notifications&email_token=ACZBITUYY4KGNWYSPTQ6B6DRD3QU5A5CNFSM4KVMVC4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMP5M3A#issuecomment-589289068>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACZBITUGSNRYEL3DUFWMD53RD3QU5ANCNFSM4KVMVC4A>
.
from ss-ood.
pratik18v
commented on July 23, 2024
I am getting around 50% for both cases, for a 10-step PGD attack (eps = 8/255, step size = 2/255)
from ss-ood.
hendrycks
commented on July 23, 2024
That simply cannot be. Try the code from
https://drive.google.com/file/d/16B7Bt-lqQlD24XTmMip40D077VX-Lc5L/view?usp=sharing
for normal adversarial training.
…On Thu, Feb 20, 2020 at 12:42 PM Pratik Vaishnavi ***@***.***> wrote:
I am getting around 50% for both cases, for a 10-step PGD attack (eps =
8/255, step size = 2/255)
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#8?email_source=notifications&email_token=ACZBITTOCARAYJWSTVSC3H3RD3TM7A5CNFSM4KVMVC4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEMP7Y3A#issuecomment-589298796>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACZBITS7L4LOVW2T5KU65ODRD3TM7ANCNFSM4KVMVC4A>
.
from ss-ood.
pratik18v
commented on July 23, 2024
Thank you for taking out time to answer my queries and sharing your code, I really appreciate it.
I tried the code that you provided for baseline, and re-ran the code for the rotation model and I got the following results:
[Baseline]
{'batch_size': 128, 'dataset': 'cifar10', 'decay': 0.0005, 'device': 1, 'droprate': 0.0, 'epochs': 100, 'layers': 40, 'learning_rate': 0.1, 'load': 'snapshots/baseline/', 'model': 'wrn', 'momentum': 0.9, 'prefetch': 2, 'save': './snapshots/baseline', 'test': True, 'test_bs': 200, 'widen_factor': 2, 'test_loss': 1.5106859993934632, 'test_accuracy': 0.4858}
[Rotation model]
{'batch_size': 128, 'dataset': 'cifar10', 'decay': 0.0005, 'device': 0, 'droprate': 0.0, 'epochs': 100, 'layers': 40, 'learning_rate': 0.1, 'load': 'snapshots/rot_five', 'model': 'wrn', 'momentum': 0.9, 'prefetch': 4, 'save': './snapshots/rot_five', 'test': True, 'test_bs': 200, 'widen_factor': 2, 'test_loss': 1.4669106388092041, 'test_accuracy': 0.4916}
I trained both the models against a 10-step PGD attack and the results I am sharing are for a 20-step attack on the said model.
from ss-ood.
hendrycks
commented on July 23, 2024
I would not be surprised if I uploaded the wrong rotation code. But I am surprised that the baseline is 48.6%. If that's a 40-2 WRN, then I'd expect around 44.8%. Even a much larger 28-10 network https://github.com/MadryLab/cifar10_challenge should only be 47.0%.
from ss-ood.
pratik18v
commented on July 23, 2024
Yeah I have the same concern, however both my code and your code for the baseline is returning the same numbers. Maybe a bug elsewhere (like the attack code)? Do you get 44.8% when you run the baseline code (the one you shared) on your machine?
The other potential issue, like you said, might be with the rotation code. For example, you have not uploaded the wrn_prime.py code file in the adversarial folder. If the only difference between wrn.py and wrn_prime.py is the return values of the forward function (https://github.com/hendrycks/ss-ood/blob/master/adversarial/models/wrn.py#L96) then that's nothing to worry about.
Please let me know if you figure out what the issue is, as I am hoping to use your proposed model for my current research work.
Thank you!
from ss-ood.
hendrycks
commented on July 23, 2024
I'm not sure I used that rotation code, but I often use the vanilla code in
the file I sent. I'd be surprised if my baseline implementation is somehow
a few percent better than the rest of the community's. I don't have reason
to suspect the attack code. The fact that the baseline is so strong is a mystery to me.
…On Thu, Feb 27, 2020 at 3:06 PM Pratik Vaishnavi ***@***.***> wrote:
Yeah I have the same concern, however both my code and your code for the
baseline is returning the same numbers. Maybe a bug elsewhere (like the
attack code)? Do you get 44.8% when you run the baseline code (the one you
shared) on your machine?
The other potential issue, like you said, might be with the rotation code.
For example, you have not uploaded the wrn_prime.py code file in the
adversarial folder. If the only difference between wrn.py and wrn_prime.py
is the return values of the forward function (
https://github.com/hendrycks/ss-ood/blob/master/adversarial/models/wrn.py#L96)
then that's nothing to worry about.
Please let me know if you figure out what the issue is, as I am hoping to
use your proposed model for my current research work.
Thank you!
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#8?email_source=notifications&email_token=ACZBITR67A5N4PAW3XYN6ADRFBBNRA5CNFSM4KVMVC4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENGJXXY#issuecomment-592223199>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACZBITR3XFIBMNBGOLDWNITRFBBNRANCNFSM4KVMVC4A>
.
from ss-ood.
Chaimmoon
commented on July 23, 2024
Also face the same issue, can't solve it.
from ss-ood.
hendrycks
commented on July 23, 2024
Hi,
I changed
https://github.com/hendrycks/ss-ood/blob/master/adversarial/attacks.py#L64
We let lambda = 0.5 during training, and since we're taking a sum in the attack code, we divide by 8. Let me know if that helps.
from ss-ood.
Chaimmoon
commented on July 23, 2024
Hi,
Your advice doesn't address the problem of normal adversarial training performance to the 20-step PGD.
In my experiment, the finial AC of normal adversarial training to the 20-step PGD is around 48%, the same as @pratik18v , maybe there is some problem with the code or the result.
Best,
Mu
from ss-ood.
Related Issues (20)
- The DataParallel model doesn't accelerate at all HOT 1
- Code for CIFAR-10-C and OOD-CIFAR not provided.
- why bx*2 -1 ? HOT 1
- Largely deviating AUROC scores in self-implemented MSP baseline (Multi-Class OoD Detection) HOT 1
- Reproducing CIFAR-10 One-class OOD Detector with OE HOT 4
- Questions about the model HOT 1
- Question about logits, pen = model(adv_bx * 2 - 1) HOT 2
- how can I reproduce your imageNet AUROC? HOT 1
- one-class-train.tar can't be downloaded. HOT 1
- Why negative KL for classification loss when doing OOD detection HOT 2
- Can you provide parameters for multiclass_ood/train_auxiliary? HOT 1
- Question for Adversarial Attack Implementation HOT 5
- Accuracy for Common Corruptions. HOT 2
- Application of the Method on Signal Data HOT 1
- Signs of the two score components for OOD detection HOT 2
- training epochs
- Question about Adversarial Training + Rotations HOT 2
- No training data provided HOT 2
- wrn_prime not found in adversarial robustness HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ss-ood.