I have been using the WideResNet from the Madry CIFAR-10 challenge with the CleverHans model class and so far all attacks work fine e.g., PGD, CWL2 and do not interfere with loading the pre-trained public/secret checkpoints. My current implementation is here: https://github.com/uoguelph-mlrg/adversarial_training_vs_weight_decay/blob/master/cifar10/MadryLab/cleverhans_model.pyI'm willing to tidy this up and submit a PR if there's interest, but would require some input as to how this fits within the existing framework, without creating another tutorial to maintain. I think this would be a nice complement to the vanilla CNN and accelerate the community's understanding of the limitations of the "PGD + high capacity" defense. The original code is quite slow as perturbations are computed on the CPU with numpy and is geared toward black-box attack submissions.
--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/0b4bd71b-db85-4680-9008-382ea664f38e%40googlegroups.com.