I have been using the WideResNet from the Madry CIFAR-10 challenge with the CleverHans model class and so far all attacks work fine e.g., PGD, CWL2 and do not interfere with loading the pre-trained public/secret checkpoints. My current implementation is here: https://github.com/uoguelph-mlrg/adversarial_training_vs_weight_decay/blob/master/cifar10/MadryLab/cleverhans_model.pyI'm willing to tidy this up and submit a PR if there's interest, but would require some input as to how this fits within the existing framework, without creating another tutorial to maintain. I think this would be a nice complement to the vanilla CNN and accelerate the community's understanding of the limitations of the "PGD + high capacity" defense. The original code is quite slow as perturbations are computed on the CPU with numpy and is geared toward black-box attack submissions.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/0b4bd71b-db85-4680-9008-382ea664f38e%40googlegroups.com.