This package implements the experiments described in the paper Countering Adversarial Images Using Input Transformations. It contains implementations for adversarial attacks, defenses based image transformations, training, and testing convolutional networks under adversarial attacks using our defenses. We also provide pre-trained models.
If you use this code, please cite our paper:
- Chuan Guo, Mayank Rana, Moustapha Cisse, and Laurens van der Maaten. Countering Adversarial Images using Input Transformations. [PDF]
Adversarial Defenses
The code implements the following four defenses against adversarial images, all of which are based on image transformations:
- Image quilting
- Total variation minimization
- JPEG compression
- Pixel quantization
Please refer to the paper for details on these defenses. A detailed description of the original image quilting algorithm can be found here; a detailed description of our solver for total variation minimization can be found here.