GitHub - google/unrestricted-adversarial-examples: Contest Proposal and infrastr...
source link: https://github.com/google/unrestricted-adversarial-examples
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Unrestricted Adversarial Examples Challenge
In the Unrestricted Adversarial Examples Challenge, attackers submit arbitrary adversarial inputs, and defenders are expected to assign low confidence to difficult inputs while retaining high confidence and accuracy on a clean, unambiguous test set. You can learn more about the motivation and structure of the contest in our recent paper
This repository contains code for the warm-up to the challenge, as well as the public proposal for the contest. We are currently accepting defenses for the warm-up.
Leaderboard for the warm-up to the contest
We include three attacks in the warm-up to the contest:
- 1000 Linfinity-ball adversarial examples generated by SPSA
- 1000 spatial adversarial examples (via grid search)
- 100 L2-ball adversarial examples generated by a decision-only attack
The top few distinct models for each dataset are shown below. You can see all submissions in the full scoreboard.
Two-Class MNIST dataset
Defense Submitted by Clean data Spatial grid attack SPSA attack L2-ball attack Submission Date MadryPGD LeNet Baseline Google Brain 100.0% ?? ?? ?? Aug 28th, 2018 Undefended LeNet Baseline Google Brain 100.0% ?? ?? ?? Aug 27th, 2018All percentages above correspond to the model's accuracy at 80% coverage.
Bird or Bicycle dataset
Defense Submitted by Clean data Spatial grid attack SPSA attack L2-ball attack Submission Date Pytorch ResNet(via bird-or-bicycle extras) Google Brain 99.0% 45.2% 12.8% ?? Sept 13th, 2018 Keras ResNet
(via ImageNet) Google Brain 99.5% ?? ?? ?? In progress
All percentages above correspond to the model's accuracy at 80% coverage.
Submitting a defense for the warm-up
The warm-up before the contest is currently underway and is accepting submissions. If you have additional questions, feel free to submit a new GitHub issue with the "question" tag and we will respond shortly.
The contest
The contest phase will begin after the warm-up attacks have been conclusively solved. We have published the contest proposal and are soliciting feedback from the community.
Paper
You can learn more about the motivation and structure of the contest in our recent paper:
Unrestricted Adversarial Examples
Tom B. Brown, Nicholas Carlini, Chiyuan Zhang, Catherine Olsson, Paul Christiano and Ian Goodfellow
[Arxiv paper preprint]
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK