zjysteven / dverge Goto Github PK

Hi @zjysteven, thanks for this insightful work!

I was wondering if you could provide the code that produces the decision region plots that are shown in the paper (Figure 1, 7)? Some of the details of these plots are unclear to me:

1. From the paper, I understand that the vertical axis is along the adversarial direction and the horizontal axis along the direction of a random Rademacher vector. What do the values of these axis represent exactly?
2. How are the adversarial direction and the random Rademacher vector combined to obtain the final sample for which the model then produces the label being plotted in the decision region plot?

I think uploading the plotting code would help to better understand these plots 🙂

Hi，would you mind providing a script for generating adversarial examples to evaluate black-block attack？

Thank you for your wonderful research. Please tell me how to calculate the robustness value of adversarial training (as shown in the figure below, AdvT Rob)? Since I didn't read the code carefully, I didn't find it in the relevant code.Thanks.

Hi @zjysteven, thanks for this solid and insightful work!

We are kind of interested in the generalization performance after using DVERGE (i.e., classification error on the clean dataset instead of robustness against adversarial samples), and I will appreciate it very much if you could share some results or ideas.

FYI, here is a paper saying that adversatial training also improves the generalization performance: B. Lakshminarayanan, A. Pritzel, C. Blundell., Simple and Scalable Predictive Uncertainty Estimation using Deep Ensembles, NIPS 2017. However, our experiment results are not quite satisfactory.