Skip to content

Defending Against Physically Realizable Attacks on Image Classification

Latest
Compare
Choose a tag to compare
@tongwu2020 tongwu2020 released this 04 Feb 17:37
· 78 commits to master since this release
1841550

Face Recognition

Data

Download the Data.zip and put it in phattacks/glass file

Model

Download the models you want to test, put it in phattacks/glass/donemodel file

Original Model

  1. new_ori_model.pt

Adversarial Training Model & Curriculum Adversarial Training Model

  1. new_linf_model052.pt (adversarial training with 'epsilon = 8')

  2. new_linf_model056.pt (curriculum adversarial training with 'epsilon = 8')

Randomized Smoothing Model

  1. new_rs_model005.pt (Sigma = 0.5 )

Defending against Rectangular Occlusion Attack Model

  1. new_sticker_model074.pt (Sticker size with 70 * 70, Exhaustive search, learning rate with 4, 50 iterations)

Defending against Circle Occlusion Attack Model

  1. new_sticker_model0101.pt (Sticker size with largest circle in 80 * 80, Exhaustive search, learning rate with 4, 50 iterations)

Traffic Sign Classification

Data

Download the LISA.zip and put it in 'phattacks/sign' file