A²

Code for “Automated Adversarial Training”.

Requisite

This code is implemented in PyTorch, and we have tested the code under the following environment settings:

auto_adv: the core codes for A², contains the super-attacker in adv_x.py, the attacker space in genotypes.py, the attack cell in cell.py, the operations in operations.py, and the Gumbel Softmax in sample.py;
train_[cifar10, cifar100, svhn].py: the codes for CIFAR-10, CIFAR-100, and SVHN respectively;
other codes: the basic code from AWP.

For A² with a PreAct ResNet-18 on CIFAR-10 under $L_{\infty}$ threat model (8/255), run codes as follows,

python train_cifar10.py --data-dir DATASET_DIR --model PreActResNet18 --awp-warmup 200

where $DATASET_DIR is the path to the dataset.

For TRADES-A² with a WRN-34-10 on CIFAR10 under $L_{\infty}$ threat model (8/255), run codes as follows,

python train_cifar10.py --data-dir DATASET_DIR --model WideResNet --awp-warmup 200 --loss trades

For MART-A², just set MART to $LOSS.

For AWP-A² with a WRN-34-10 on CIFAR10 under $L_{\infty}$ threat model (8/255), run codes as follows,

python train_cifar10.py --data-dir DATASET_DIR --model WideResNet --awp-warmup 0

To verify the effectiveness of A² further, we run attack.py to evaluate the robustness of the defense model against FGSM, PGD, C&W and AutoAttack:

python attack.py --arch $ARCH --checkpoint $CKP --preprocess meanstd --attack fgsm pgd20 cw aa