This is the official repository for "How to Steer Your Adversary: Targeted and Efficient Model Stealing Defenses with Gradient Redirection" (ICML 2022)
First, clone the repository, then clone the Outlier Exposure repository into the model-stealing-defenses folder. This is used to provide a strong anomaly detector for the Adaptive Misinformation baseline on CIFAR experiments. Next, follow the instructions in batch_training/condor_scripts/data/README.md to setup the distribution-aware datasets. Optionally download and untar the outputs and condor_outputs folders from here, replacing the empty folders by the same name with the respective untarred folders. These contain perturbed posteriors and trained models, which can be used to replicate results from the paper, but this requires around 60GB of space.
Note: In order to load the ImageNet_CIFAR100 data, you will have to comment out the "raise FileNotFoundError(msg)" line in your torchvision DatasetFolder class. This is to allow using empty folders with DatasetFolder, which aligns the labels with CIFAR-100 labels.
The GRAD2 method from the paper can be run using the models currently in the outputs folder. The functions for running GRAD2 are in defenses.py, and example usage from the experiments in the paper is in get_queries.py and makebatches.sh.
To regenerate results from the paper, rerun the experiments in makebatches.sh in the specified order. The experiments were run on an HTCondor system, so the script would need to be adjusted for slurm. Results and figures can be generated in batch_training/condor_scripts/parse_results.ipynb using either the regenerated results or the results in outputs.tar (see download link above).
If you find this useful in your research, please consider citing:
@article{mazeika2022defense,
title={How to Steer Your Adversary: Targeted and Efficient Model Stealing Defenses with Gradient Redirection},
author={Mazeika, Mantas and Li, Bo and Forsyth, David},
journal={Proceedings of the International Conference on Machine Learning},
year={2022}
}