Skip to content

iamafi/deepg

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DeepG portfolio_view

DeepG is state-of-the-art system for certification of robustness of neural networks to geometric transformations. The key idea behind DeepG is to efficiently compute linear constraints of common geometric transformations. These constraints are then used as inputs to the state-of-the-art verifier ERAN which can then use these constraints to prove robustness of a neural network. The method is based on our NeurIPS 2019 paper and repository contains all code necessary to reproduce the results from the paper. The system is developed at the SRI Lab, Department of Computer Science, ETH Zurich as part of the Safe AI project.

However, the initial tutorial is quite old, so I've provided an updated version. If you encounter any issues during running these commands, feel free to reach out to me on Slack or via email [email protected]. Please note that I have also modified parts of the code to ensure everything works smoothly, even though you may still see many warnings :D

Setup instructions

Clone this repository:

git clone https://github.com/iamafi/deepg.git

Download Gurobi, update environment variables and install C++ bindings:

But before that you should obtain Gurobi Free Academic License. You can do this by using your university's network.

wget https://packages.gurobi.com/9.1/gurobi9.1.0_linux64.tar.gz
tar -xzvf gurobi9.1.0_linux64.tar.gz
rm gurobi9.1.0_linux64.tar.gz
export GUROBI_HOME="$(pwd)/gurobi910/linux64"
export PATH="${PATH}:${GUROBI_HOME}/bin"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:${GUROBI_HOME}/lib
grbgetkey <your key>
cd gurobi910/linux64/src/build
make
cp libgurobi_c++.a ../../lib/
sudo cp ../../lib/libgurobi91.so /usr/lib
cd ../../../../

Please note that you may need to set up environment variables in every new session, unless you add them to the list of global environment variables.

Now you should be able to compile DeepG:

cd deepg/code
mkdir build
make deepg_constraints

Next, create a virtual environment, install Gurobi Python bindings and other required packages:

virtualenv venv
source venv/bin/activate
cd ..    # it's deepg folder
pip install -r requirements.txt

Don't forget to activate virtual environment in new sessions.

Next, we install ERAN. Note that this is a fork of official ERAN analyzer. As of now, ERAN will run only on CPU. GPU support will be added soon. The outputs will be the same, just the timing will be improved.

cd ERAN/
sudo ./install.sh

Example of certification

As an example, we will certify that MNIST network is robust to rotation between -1 and 1 degrees for a single image. First, we need to generate the constraints which capture the above rotation:

cd ../code
./build/deepg_constraints examples/example1

Then we need to download the network and run the verifier:

cd ../ERAN/tf_verify
wget https://files.sri.inf.ethz.ch/deepg/networks/mnist_1_rotation.pyt
python deepg.py --net mnist_1_rotation.pyt --dataset mnist --data_dir ../../code/examples/example1 --num_params 1 --num_tests 1

Format of configuration file

Each experiment directory should have config.txt file which containts the following information:

dataset               dataset which we are working with, should be one of {mnist, fashion, cifar10}
noise                 L_infinity noise that should be composed with geometric transformations
chunks                number of splits along each dimension (each split is certified separately)
inside_splits         number of refinement splits for interval bound propagation
method                method to compute the constraints, to use DeepG it should be set to polyhedra
spatial_transform     description of geometric transformation in predefined format, see the examples
num_tests             number of images to certify
ub_estimate           estimate for the upper bound, usually set to Triangle
num_attacks           number of random attacks to perform for each image
poly_eps              epsilon tolerance used in Lipschitz optimization in DeepG
num_threads           number of threads (determines for how many pixels to compute the constraints in parallel)
max_coeff             maximum coefficient value in LP which DeepG is solving
lp_samples            number of samples in LP which estimates the optimal constraints
num_poly_check        number of samples in sanity check for soundness
set                   whether to certify test or training set

Parameter name and value are always separated by spaces. You can look at provided configuration files in constraints.zip to see the values used in our experiments.

Reproducing the experiments

In order to reproduce the experiments from our paper, please download and unzip the constraints and configurations used in our experiments:

cd ../..  # it's deepg folder
wget https://files.sri.inf.ethz.ch/deepg/constraints.zip
unzip constraints.zip
rm constraints.zip

Each folder in folder constraints is named after one of the experiments in our paper. It contains constraints for 100 images. To perform certification, you need to download the network with the same name as folder and then run deepg.py script. Here is an example how to reproduce the results for the experiment with MNIST and translation:

cd ERAN/tf_verify
wget https://files.sri.inf.ethz.ch/deepg/networks/mnist_2_translation.pyt
python deepg.py --net mnist_2_translation.pyt --dataset mnist --data_dir ../../constraints/mnist_2_translation --num_params 2 --num_tests 100

You can also reproduce the constraints by running DeepG yourself (it will take some time). For example, the command for MNIST and translation is:

cd ../../code
./build/deepg_constraints ../constraints/mnist_2_translation

Mini-note

I hope you find this tutorial helpful. Once again, feel free to reach out to me if you have any questions. Happy coding!

Citing this work

If you are using this library please use the following citation to reference this work:

@incollection{balunovic2019geometric,
	title = {Certifying Geometric Robustness of Neural Networks},
	author = {Balunovic, Mislav and Baader, Maximilian and Singh, Gagandeep and Gehr, Timon and Vechev, Martin},
	booktitle = {Advances in Neural Information Processing Systems 32},
	year = {2019}
}	

Contributors

License and Copyright

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages