NVlabs/DiffPure NVlabs/DiffPure

  • Stars
    star
    210
  • Rank 180,888 (Top 4 %)
  • Language
    Python
  • License
    Other
  • Created almost 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
NVlabs/DiffPure
github

NVlabs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A new adversarial purification method that uses the forward and reverse processes of diffusion models to remove adversarial perturbations.

Diffusion Models for Adversarial Purification

Official PyTorch implementation of the ICML 2022 paper:
Diffusion Models for Adversarial Purification
Weili Nie, Brandon Guo, Yujia Huang, Chaowei Xiao, Arash Vahdat, Anima Anandkumar
https://diffpure.github.io

Abstract: Adversarial purification refers to a class of defense methods that remove adversarial perturbations using a generative model. These methods do not make assumptions on the form of attack and the classification model, and thus can defend pre-existing classifiers against unseen threats. However, their performance currently falls behind adversarial training methods. In this work, we propose DiffPure that uses diffusion models for adversarial purification: Given an adversarial example, we first diffuse it with a small amount of noise following a forward diffusion process, and then recover the clean image through a reverse generative process. To evaluate our method against strong adaptive attacks in an efficient and scalable way, we propose to use the adjoint method to compute full gradients of the reverse generative process. Extensive experiments on three image datasets including CIFAR-10, ImageNet and CelebA-HQ with three classifier architectures including ResNet, WideResNet and ViT demonstrate that our method achieves the state-of-the-art results, outperforming current adversarial training and adversarial purification methods, often by a large margin.

Requirements

  • 1-4 high-end NVIDIA GPUs with 32 GB of memory.
  • 64-bit Python 3.8.
  • CUDA=11.0 and docker must be installed first.
  • Installation of the required library dependencies with Docker: 
    docker build -f diffpure.Dockerfile --tag=diffpure:0.0.1 .
docker run -it -d --gpus 0 --name diffpure --shm-size 8G -v $(pwd):/workspace -p 5001:6006 diffpure:0.0.1
docker exec -it diffpure bash

Data and pre-trained models

Before running our code on ImageNet and CelebA-HQ, you have to first download these two datasets. For example, you can follow the instructions to download CelebA-HQ. Note that we use the LMDB format for ImageNet, so you may need to convert the ImageNet dataset to LMDB. There is no need to download CIFAR-10 separately.

Note that you have to put all the datasets in the datasest directory.

For the pre-trained diffusion models, you need to first download them from the following links:

For the pre-trained classifiers, most of them do not need to be downloaded separately, except for

Note that you have to put all the pretrained models in the pretrained directory.

Run experiments on CIFAR-10

AutoAttack Linf

  • To get results of defending against AutoAttack Linf (the Rand version):
cd run_scripts/cifar10
bash run_cifar_rand_inf.sh [seed_id] [data_id]  # WideResNet-28-10
bash run_cifar_rand_inf_70-16-dp.sh [seed_id] [data_id]  # WideResNet-70-16
bash run_cifar_rand_inf_rn50.sh [seed_id] [data_id]  # ResNet-50
  • To get results of defending against AutoAttack Linf (the Standard version):
cd run_scripts/cifar10
bash run_cifar_stand_inf.sh [seed_id] [data_id]  # WideResNet-28-10
bash run_cifar_stand_inf_70-16-dp.sh [seed_id] [data_id]  # WideResNet-70-16
bash run_cifar_stand_inf_rn50.sh [seed_id] [data_id]  # ResNet-50

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and eight seeds (e.g., 0..7) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly. To measure the worse-case defense performance of our method, the reported robust accuracy is the minimum robust accuracy of these two versions: Rand and Standard.

AutoAttack L2

  • To get results of defending against AutoAttack L2 (the Rand version):
cd run_scripts/cifar10
bash run_cifar_rand_L2.sh [seed_id] [data_id]  # WideResNet-28-10
bash run_cifar_rand_L2_70-16-dp.sh [seed_id] [data_id]  # WideResNet-70-16
bash run_cifar_rand_L2_rn50.sh [seed_id] [data_id]  # ResNet-50
  • To get results of defending against AutoAttack L2 (the Standard version):
cd run_scripts/cifar10
bash run_cifar_stand_L2.sh [seed_id] [data_id]  # WideResNet-28-10
bash run_cifar_stand_L2_70-16-dp.sh [seed_id] [data_id]  # WideResNet-70-16
bash run_cifar_stand_L2_rn50.sh [seed_id] [data_id]  # ResNet-50

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and eight seeds (e.g., 0..7) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly. To measure the worse-case defense performance of our method, the reported robust accuracy is the minimum robust accuracy of these two versions: Rand and Standard.

StAdv

  • To get results of defending against StAdv:
cd run_scripts/cifar10
bash run_cifar_stadv_rn50.sh [seed_id] [data_id]  # ResNet-50

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and eight seeds (e.g., 0..7) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly.

BPDA+EOT

  • To get results of defending against BPDA+EOT:
cd run_scripts/cifar10
bash run_cifar_bpda_eot.sh [seed_id] [data_id]  # WideResNet-28-10

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and five seeds (e.g., 0..4) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly.

Run experiments on ImageNet

AutoAttack Linf

  • To get results of defending against AutoAttack Linf (the Rand version):
cd run_scripts/imagenet
bash run_in_rand_inf.sh [seed_id] [data_id]  # ResNet-50
bash run_in_rand_inf_50-2.sh [seed_id] [data_id]  # WideResNet-50-2
bash run_in_rand_inf_deits.sh [seed_id] [data_id]  # DeiT-S
  • To get results of defending against AutoAttack Linf (the Standard version):
cd run_scripts/imagenet
bash run_in_stand_inf.sh [seed_id] [data_id]  # ResNet-50
bash run_in_stand_inf_50-2.sh [seed_id] [data_id]  # WideResNet-50-2
bash run_in_stand_inf_deits.sh [seed_id] [data_id]  # DeiT-S

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and 32 seeds (e.g., 0..31) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly. To measure the worse-case defense performance of our method, the reported robust accuracy is the minimum robust accuracy of these two versions: Rand and Standard.

Run experiments on CelebA-HQ

BPDA+EOT

  • To get results of defending against BPDA+EOT:
cd run_scripts/celebahq
bash run_celebahq_bpda_glasses.sh [seed_id] [data_id]  # the glasses attribute
bash run_celebahq_bpda_smiling.sh [seed_id] [data_id]  # the smiling attribute

Note that [seed_id] is used for getting error bars, and [data_id] is used for sampling a fixed set of images.

To reproduce the numbers in the paper, we recommend using three seeds (e.g., 121..123) for [seed_id] and 64 seeds (e.g., 0..63) for [data_id], and averaging all the results across [seed_id] and [data_id], accordingly.

License

Please check the LICENSE file. This work may be used non-commercially, meaning for research or evaluation purposes only. For business inquiries, please contact [email protected].

Citation

Please cite our paper, if you happen to use this codebase:

@inproceedings{nie2022DiffPure,
  title={Diffusion Models for Adversarial Purification},
  author={Nie, Weili and Guo, Brandon and Huang, Yujia and Xiao, Chaowei and Vahdat, Arash and Anandkumar, Anima},
  booktitle = {International Conference on Machine Learning (ICML)},
  year={2022}
}

More Repositories

1

instant-ngp

Instant neural graphics primitives: lightning fast NeRF and more
Cuda
15,102
star
2

stylegan

StyleGAN - Official TensorFlow Implementation
Python
13,882
star
3

stylegan2

StyleGAN2 - Official TensorFlow Implementation
Python
10,740
star
4

SPADE

Semantic Image Synthesis with SPADE
Python
7,518
star
5

stylegan3

Official PyTorch implementation of StyleGAN3
Python
6,108
star
6

neuralangelo

Official implementation of "Neuralangelo: High-Fidelity Neural Surface Reconstruction" (CVPR 2023)
Python
4,125
star
7

imaginaire

NVIDIA's Deep Imagination Team's PyTorch Library
Python
3,941
star
8

stylegan2-ada-pytorch

StyleGAN2-ADA - Official PyTorch implementation
Python
3,866
star
9

ffhq-dataset

Flickr-Faces-HQ Dataset (FFHQ)
Python
3,483
star
10

tiny-cuda-nn

Lightning fast C++/CUDA neural network framework
C++
3,286
star
11

eg3d

Python
3,089
star
12

MUNIT

Multimodal Unsupervised Image-to-Image Translation
Python
2,564
star
13

SegFormer

Official PyTorch implementation of SegFormer
Python
2,252
star
14

nvdiffrec

Official code for the CVPR 2022 (oral) paper "Extracting Triangular 3D Models, Materials, and Lighting From Images".
Python
2,019
star
15

few-shot-vid2vid

Pytorch implementation for few-shot photorealistic video-to-video translation.
Python
1,780
star
16

stylegan2-ada

StyleGAN2 with adaptive discriminator augmentation (ADA) - Official TensorFlow implementation
Python
1,778
star
17

FUNIT

Translate images to unseen domains in the test time with few example images.
Python
1,545
star
18

PWC-Net

PWC-Net: CNNs for Optical Flow Using Pyramid, Warping, and Cost Volume, CVPR 2018 (Oral)
Python
1,512
star
19

noise2noise

Noise2Noise: Learning Image Restoration without Clean Data - Official TensorFlow implementation of the ICML 2018 paper
Python
1,356
star
20

alias-free-gan

Alias-Free GAN project website and code
1,320
star
21

prismer

The implementation of "Prismer: A Vision-Language Model with Multi-Task Experts".
Python
1,287
star
22

DG-Net

👫 Joint Discriminative and Generative Learning for Person Re-identification. CVPR'19 (Oral) 👫
Python
1,268
star
23

nvdiffrast

Nvdiffrast - Modular Primitives for High-Performance Differentiable Rendering
C++
1,137
star
24

edm

Elucidating the Design Space of Diffusion-Based Generative Models (EDM)
Python
1,014
star
25

Deep_Object_Pose

Deep Object Pose Estimation (DOPE) – ROS inference (CoRL 2018)
Python
955
star
26

VoxFormer

Official PyTorch implementation of VoxFormer [CVPR 2023 Highlight]
Python
937
star
27

NVAE

The Official PyTorch Implementation of "NVAE: A Deep Hierarchical Variational Autoencoder" (NeurIPS 2020 spotlight paper)
Python
889
star
28

BundleSDF

[CVPR 2023] BundleSDF: Neural 6-DoF Tracking and 3D Reconstruction of Unknown Objects
Python
842
star
29

ODISE

Official PyTorch implementation of ODISE: Open-Vocabulary Panoptic Segmentation with Text-to-Image Diffusion Models [CVPR 2023 Highlight]
Python
779
star
30

GroupViT

Official PyTorch implementation of GroupViT: Semantic Segmentation Emerges from Text Supervision, CVPR 2022.
Python
679
star
31

FasterViT

[ICLR 2024] Official PyTorch implementation of FasterViT: Fast Vision Transformers with Hierarchical Attention
Python
664
star
32

GA3C

Hybrid CPU/GPU implementation of the A3C algorithm for deep reinforcement learning.
Python
641
star
33

denoising-diffusion-gan

Tackling the Generative Learning Trilemma with Denoising Diffusion GANs https://arxiv.org/abs/2112.07804
Python
634
star
34

genvs

610
star
35

sionna

Sionna: An Open-Source Library for Next-Generation Physical Layer Research
Jupyter Notebook
580
star
36

curobo

CUDA Accelerated Robot Library
Python
545
star
37

FB-BEV

Official PyTorch implementation of FB-BEV & FB-OCC - Forward-backward view transformation for vision-centric autonomous driving perception
Python
518
star
38

Dancing2Music

Python
513
star
39

planercnn

PlaneRCNN detects and reconstructs piece-wise planar surfaces from a single RGB image
Python
502
star
40

pacnet

Pixel-Adaptive Convolutional Neural Networks (CVPR '19)
Python
490
star
41

CALM

Python
486
star
42

DeepInversion

Official PyTorch implementation of Dreaming to Distill: Data-free Knowledge Transfer via DeepInversion (CVPR 2020)
Python
474
star
43

EmerNeRF

PyTorch Implementation of EmerNeRF: Emergent Spatial-Temporal Scene Decomposition via Self-Supervision
Python
456
star
44

FAN

Official PyTorch implementation of Fully Attentional Networks
Python
454
star
45

FourCastNet

Initial public release of code, data, and model weights for FourCastNet
Python
421
star
46

GCVit

[ICML 2023] Official PyTorch implementation of Global Context Vision Transformers
Python
414
star
47

intrinsic3d

Intrinsic3D - High-Quality 3D Reconstruction by Joint Appearance and Geometry Optimization with Spatially-Varying Lighting (ICCV 2017)
C++
411
star
48

nvdiffmodeling

Differentiable rasterization applied to 3D model simplification tasks
Python
404
star
49

flip

A tool for visualizing and communicating the errors in rendered images.
C++
375
star
50

wetectron

Weakly-supervised object detection.
Python
355
star
51

FoundationPose

FoundationPose: Unified 6D Pose Estimation and Tracking of Novel Objects
JavaScript
349
star
52

nvdiffrecmc

Official code for the NeurIPS 2022 paper "Shape, Light, and Material Decomposition from Images using Monte Carlo Rendering and Denoising".
C
341
star
53

geomapnet

Geometry-Aware Learning of Maps for Camera Localization (CVPR2018)
Python
338
star
54

GLAMR

[CVPR 2022 Oral] Official PyTorch Implementation of "GLAMR: Global Occlusion-Aware Human Mesh Recovery with Dynamic Cameras”.
Python
329
star
55

LSGM

The Official PyTorch Implementation of "LSGM: Score-based Generative Modeling in Latent Space" (NeurIPS 2021)
Python
326
star
56

ssn_superpixels

Superpixel Sampling Networks (ECCV2018)
Python
323
star
57

DiffiT

Official Repository for DiffiT: Diffusion Vision Transformers for Image Generation
315
star
58

FreeSOLO

FreeSOLO for unsupervised instance segmentation, CVPR 2022
Python
307
star
59

long-video-gan

Official PyTorch implementation of LongVideoGAN
Python
297
star
60

neuralrgbd

Neural RGB→D Sensing: Per-pixel depth and its uncertainty estimation from a monocular RGB video
Python
294
star
61

selfsupervised-denoising

High-Quality Self-Supervised Deep Image Denoising - Official TensorFlow implementation of the NeurIPS 2019 paper
Python
293
star
62

Taylor_pruning

Pruning Neural Networks with Taylor criterion in Pytorch
Python
279
star
63

timeloop

Timeloop performs modeling, mapping and code-generation for tensor algebra workloads on various accelerator architectures.
C++
278
star
64

metfaces-dataset

Python
272
star
65

few_shot_gaze

Pytorch implementation and demo of FAZE: Few-Shot Adaptive Gaze Estimation (ICCV 2019, oral)
Python
272
star
66

splatnet

SPLATNet: Sparse Lattice Networks for Point Cloud Processing (CVPR2018)
Python
268
star
67

MinVIS

Python
261
star
68

edm2

Analyzing and Improving the Training Dynamics of Diffusion Models (EDM2)
Python
261
star
69

contact_graspnet

Efficient 6-DoF Grasp Generation in Cluttered Scenes
Python
260
star
70

CenterPose

Single-Stage Keypoint-based Category-level Object Pose Estimation from an RGB Image (ICRA 2022)
Python
251
star
71

trajdata

A unified interface to many trajectory forecasting datasets.
Python
245
star
72

STEP

STEP: Spatio-Temporal Progressive Learning for Video Action Detection. CVPR'19 (Oral)
Python
244
star
73

matchlib

SystemC/C++ library of commonly-used hardware functions and components for HLS.
C++
235
star
74

sim-web-visualizer

Web Based Visualizer for Simulation Environments
Python
231
star
75

SCOPS

SCOPS: Self-Supervised Co-Part Segmentation (CVPR'19)
Python
221
star
76

UMR

Self-supervised Single-view 3D Reconstruction
Python
221
star
77

DiffRL

[ICLR 2022] Accelerated Policy Learning with Parallel Differentiable Simulation
Python
220
star
78

cule

CuLE: A CUDA port of the Atari Learning Environment (ALE)
C++
216
star
79

SSV

Pytorch implementation of SSV: Self-Supervised Viewpoint Learning from Image Collections (CVPR 2020)
Python
214
star
80

latentfusion

LatentFusion: End-to-End Differentiable Reconstruction and Rendering for Unseen Object Pose Estimation
Python
197
star
81

I2SB

Python
194
star
82

nvbio

NVBIO is a library of reusable components designed to accelerate bioinformatics applications using CUDA.
C++
193
star
83

6dof-graspnet

Implementation of 6-DoF GraspNet with tensorflow and python. This repo has been tested with python 2.7 and tensorflow 1.12.
Python
186
star
84

NVBit

183
star
85

AFNO-transformer

Adaptive FNO transformer - official Pytorch implementation
Python
174
star
86

UnseenObjectClustering

Learning RGB-D Feature Embeddings for Unseen Object Instance Segmentation
Python
166
star
87

AL-MDN

Official pytorch implementation of Active Learning for deep object detection via probabilistic modeling (ICCV 2021)
Python
159
star
88

fermat

Fermat is a high performance research oriented physically based rendering system, trying to produce beautiful pictures following the mathematician’s principle of least time
C++
158
star
89

PoseCNN-PyTorch

PyTorch implementation of the PoseCNN framework
C
156
star
90

mask-auto-labeler

Python
153
star
91

mimicgen_environments

This code corresponds to simulation environments used as part of the MimicGen project.
Python
153
star
92

Bi3D

Python
150
star
93

RVT

Official Code for RVT: Robotic View Transformer for 3D Object Manipulation
Python
147
star
94

condensa

Programmable Neural Network Compression
Python
146
star
95

traffic-behavior-simulation

Python
145
star
96

learningrigidity

Learning Rigidity in Dynamic Scenes with a Moving Camera for 3D Motion Field Estimation (ECCV 2018)
Python
144
star
97

ocrodeg

document image degradation
Jupyter Notebook
142
star
98

ocropus3

Repository collecting all the submodules for the new PyTorch-based OCR System.
Shell
141
star
99

CGBN

CGBN: CUDA Accelerated Multiple Precision Arithmetic (Big Num) using Cooperative Groups
Cuda
139
star
100

PL4NN

Perceptual Losses for Neural Networks: Caffe implementation of loss layers based on perceptual image quality metrics.
Python
138
star