This is a PyTorch implementation of Diffusion Denoised Smoothing, proposed in our ICLR 2023 paper:
(Certified!!) Adversarial Robustness for Free!
Nicholas Carlini*, Florian Tramèr*, Krishnamurthy Dvijotham, Leslie Rice, Mingjie Sun, J. Zico Kolter
For more details, please check out our paper.
We show how to achieve state-of-the-art certified adversarial robustness to 2-norm bounded perturbations by relying exclusively on off-the-shelf pretrained models.
This repository is based on locuslab/smoothing, openai/improved-diffusion and openai/guided-diffusion.
Create an new conda virtual environment:
conda create -n diffusion_smoothing python=3.8 -y
conda activate diffusion_smoothing
Install Pytorch, torchvision following official instructions. For example:
conda install pytorch==1.12.0 torchvision==0.13.0 cudatoolkit=11.3 -c pytorch
Clone this repo and install the dependencies:
git clone https://github.com/ethz-privsec/diffusion_denoised_smoothing.git
pip install timm transformers statsmodels
We use these class-unconditional diffusion models from these repos:
CIFAR-10: Unconditional CIFAR-10 with L_hybrid
objective.
ImageNet: Uncondtional 256x256 diffusion.
Remember to download these model checkpoints in the corresponding directory.
We give example evaluation command to run certification on CIFAR-10 and ImageNet.
# CIFAR-10
python cifar10/certify.py \
--sigma 1.00 --skip 1 --N0 100 --N 100000 --batch_size 200 \
--outfile [file to store certification results]
# ImageNet
python imagenet/certify.py \
--sigma 1.00 --skip 50 --N0 100 --N 10000 --batch_size 200 \
--outfile [file to store certification results]
This project is released under the MIT license. Please see the LICENSE file for more information.
If you find this repository helpful, please consider citing:
@Article{carlini2023free,
author = {Carlini, Nicholas and Tramèr, Florian and Dvijotham, Krishnamurthy and Rice, Leslie and Sun, Mingjie and Kolter, Zico},
title = {(Certified!!) Adversarial Robustness for Free!},
journal = {International Conference on Learning Representations (ICLR)},
year = {2023},
}