Skip to content

youbin2014/UCAN

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

9 Commits
archs
archs
Β 
Β 
examples
examples
Β 
Β 
model_saved
model_saved
Β 
Β 
scripts
scripts
Β 
Β 
utils
utils
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
architectures.py
architectures.py
Β 
Β 
certification_baseline.py
certification_baseline.py
Β 
Β 
certification_certification_noise.py
certification_certification_noise.py
Β 
Β 
certification_dataset_noise.py
certification_dataset_noise.py
Β 
Β 
certification_pattern_noise.py
certification_pattern_noise.py
Β 
Β 
core.py
core.py
Β 
Β 
core_baseline.py
core_baseline.py
Β 
Β 
datasets.py
datasets.py
Β 
Β 
environment.yml
environment.yml
Β 
Β 
noisegenerator.py
noisegenerator.py
Β 
Β 
noises.py
noises.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
setup.py
setup.py
Β 
Β 
train_baselines.py
train_baselines.py
Β 
Β 
train_certification_noise.py
train_certification_noise.py
Β 
Β 
train_dataset_noise.py
train_dataset_noise.py
Β 
Β 
train_pattern_noise.py
train_pattern_noise.py
Β 
Β 

Repository files navigation

UCAN: Towards Strong Certified Defense with Asymmetric Randomization

License: MIT Python 3.8+ PyTorch

This repository contains the official implementation of UCAN: Towards Strong Certified Defense with Asymmetric Randomization, providing code for reproducible certified adversarial robustness experiments.

πŸ“– Paper Information

Abstract: This work presents UCAN, a unified framework for customizing anisotropic noise in randomized smoothing to achieve stronger certified adversarial robustness. We propose three novel Noise Parameter Generators (NPGs) with different optimality levels and provide theoretical guarantees for anisotropic randomized smoothing.

Key Contributions:

  • Universal theory for anisotropic randomized smoothing based on linear transformations
  • Three NPG methods with different optimality-efficiency trade-offs
  • Certification-wise approach ensuring soundness without memory overhead
  • Significant improvements in certified accuracy across multiple datasets

πŸš€ Quick Start

Environment Setup

Option 1: Using Conda (Recommended)

# Clone the repository
git clone [ANONYMOUS_REPO_URL]
cd UCAN

# Create conda environment
conda env create -f environment.yml
conda activate ucan

Option 2: Using pip

# Clone the repository
git clone [ANONYMOUS_REPO_URL]
cd UCAN

# Install dependencies
pip install -r requirements.txt

Quick Demo

# Train a certification-wise model on CIFAR-10
python train_certification_noise.py cifar10 cifar_resnet110 ./model_saved/ \
    --method="PersNoise_isoR" --lr=0.01 --batch=100 --sigma=1.0 \
    --epochs=200 --gpu="0" --noise_name="Gaussian"

# Certify the test set
python certification_certification_noise.py cifar10 cifar_resnet110 \
    --method="PersNoise_isoR" --batch=1000 --sigma=1.0 --gpu="0" \
    --norm=2 --noise_name="Gaussian"

πŸ“ Project Structure

UCAN/
β”œβ”€β”€ README.md                          # This file
β”œβ”€β”€ requirements.txt                   # Python dependencies
β”œβ”€β”€ environment.yml                   # Conda environment
β”œβ”€β”€ examples/                         # Example scripts and notebooks
β”‚   β”œβ”€β”€ quick_start.py               # Minimal working example
β”‚   └── demo.ipynb                   # Interactive demo
β”œβ”€β”€ archs/                           # Neural network architectures
β”‚   └── cifar_resnet.py             # ResNet for CIFAR
β”œβ”€β”€ utils/                           # Utility functions
β”‚   β”œβ”€β”€ model_prepare.py            # Model preparation utilities
β”‚   β”œβ”€β”€ plot_examples.py            # Visualization utilities
β”‚   └── plot_runtime.py             # Runtime analysis
β”œβ”€β”€ model_saved/                     # Pre-trained models directory
β”œβ”€β”€ results/                         # Experimental results
└── Core Implementation Files:
    β”œβ”€β”€ architectures.py             # NPG architectures
    β”œβ”€β”€ noisegenerator.py           # Noise parameter generators
    β”œβ”€β”€ noises.py                   # Noise distribution definitions
    β”œβ”€β”€ datasets.py                 # Dataset loading and preprocessing
    β”œβ”€β”€ core.py                     # Core UCAN certification
    β”œβ”€β”€ core_baseline.py            # Baseline certification (Cohen et al.)
    └── Training & Certification Scripts:
        β”œβ”€β”€ train_*.py              # Training scripts for each NPG method
        └── certification_*.py      # Certification scripts for each method

πŸ§ͺ Experiments & Methods

Three NPG Methods

  1. Pattern-wise Anisotropic Noise (Low optimality)

    • Fixed hand-crafted spatial patterns
    • No training required, inference-free
    • Basic but computationally efficient

  2. Dataset-wise Anisotropic Noise (Moderate optimality)

    • Learned parameters optimized for entire dataset
    • Pre-training required, one-time inference
    • Balanced performance-efficiency trade-off

  3. Certification-wise Anisotropic Noise (High optimality)

    • Input-specific parameter optimization
    • Per-input inference required
    • Maximum adaptation capability

Supported Datasets & Models

  • Datasets: MNIST, CIFAR-10, ImageNet
  • Architectures: ResNet (various depths), CNN architectures
  • Threat Models: ℓ₁, β„“β‚‚, β„“βˆž perturbations

πŸ”§ Detailed Usage

Training Models

1. Certification-wise NPG Training

python train_certification_noise.py cifar10 cifar_resnet110 ./model_saved/ \
    --method="PersNoise_isoR" \
    --lr=0.01 \
    --batch=100 \
    --sigma=1.0 \
    --epochs=200 \
    --workers=16 \
    --lr_step_size=50 \
    --gpu="0" \
    --noise_name="Gaussian" \
    --IsoMeasure=True

2. Dataset-wise NPG Training

python train_dataset_noise.py cifar10 cifar_resnet110 ./model_saved/ \
    --method="UniversalNoise" \
    --lr=0.01 \
    --batch=100 \
    --sigma=1.0 \
    --epochs=200 \
    --gpu="0"

3. Pattern-wise NPG Training

python train_pattern_noise.py cifar10 cifar_resnet110 ./model_saved/ \
    --method="PreassignedNoise" \
    --pattern_type="center_focus" \
    --lr=0.01 \
    --batch=100 \
    --epochs=200 \
    --gpu="0"

Certification (Testing)

Certification-wise Method

python certification_certification_noise.py cifar10 cifar_resnet110 \
    --method="PersNoise_isoR" \
    --batch=1000 \
    --sigma=1.0 \
    --workers=16 \
    --gpu="0" \
    --norm=2 \
    --noise_name="Gaussian" \
    --IsoMeasure=True

Baseline Comparison

python certification_baseline.py cifar10 cifar_resnet110 \
    --sigma=1.0 \
    --batch=1000 \
    --gpu="0" \
    --norm=2

πŸ“Š Results Reproduction

Our method achieves significant improvements in certified accuracy:

  • MNIST: Up to 142.5% improvement over best baseline
  • CIFAR-10: Up to 182.6% improvement over best baseline
  • ImageNet: Up to 121.1% improvement over best baseline

To reproduce paper results:

# Download pre-trained models (if available)
# Run full experimental pipeline
bash scripts/reproduce_paper_results.sh

πŸ”¬ Key Features

Theoretical Contributions

  • Linear Transformation Theory: Direct mapping between isotropic and anisotropic noise
  • Soundness Guarantees: Certification-wise approach avoids memory-based certification
  • Universal Framework: Works with any existing randomized smoothing method

Practical Advantages

  • No Memory Overhead: Unlike ANCER/RANCER, no parameter caching required
  • Flexible Trade-offs: Choose NPG method based on efficiency requirements
  • Strong Performance: Consistent improvements across datasets and threat models

πŸ› οΈ Advanced Configuration

Custom Noise Patterns

from noises import GaussianNoise
from noisegenerator import NoiseGenerator

# Create custom pattern-wise noise
custom_pattern = lambda x, y: 0.1 + 0.9 * (x**2 + y**2) / (32**2)
noise_gen = NoiseGenerator(pattern=custom_pattern)

Multi-GPU Training

# Use multiple GPUs
python train_certification_noise.py cifar10 cifar_resnet110 ./model_saved/ \
    --gpu="0,1,2,3" \
    --batch=400  # Scale batch size accordingly

🀝 Contributing

We welcome contributions! Please see our contributing guidelines:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ“š Citation

If you use this code in your research, please cite our paper:

@article{anonymous2024ucan,
  title={UCAN: Towards Strong Certified Defense with Asymmetric Randomization},
  author={Anonymous Authors},
  journal={Under Review},
  year={2024}
}

πŸ”— Related Work

  • Cohen et al. - Certified Adversarial Robustness via Randomized Smoothing
  • ANCER - Anisotropic Certified Robustness
  • RANCER - Randomized Anisotropic Noise

πŸ“ž Contact

For questions about the code or paper, please:

  • Open an issue on GitHub
  • Contact: Anonymous submission - contact information will be provided upon acceptance

πŸ™ Acknowledgments

  • Built on top of the certified robustness framework by Cohen et al.
  • Neural network architectures adapted from pytorch-classification
  • Thanks to the randomized smoothing community for foundational work

Note: This implementation is provided for research purposes. For production use, additional testing and validation may be required.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages