Theoretical findings have shown that, in suitably defined large data limit, BNNs posteriors are robust to gradient-based adversarial attacks.Thus, this study aims to demonstrate the theoretical robustness of Bayesian neural architectures against multiple white-box attacks and list empirical findings from the same.
Part of this work has been inspired by @kumar-shridhar github:PyTorch-BayesianCNN which was used to estimate robustness against five state-of-the-art Gradient-based attacks: -
This repository contains two types of bayesian lauer implementation:
-
BBB (Bayes by Backprop):
Based on this paper. This layer samples all the weights individually and then combines them with the inputs to compute a sample from the activations. -
BBB_LRT (Bayes by Backprop w/ Local Reparametrization Trick):
This layer combines Bayes by Backprop with local reparametrization trick from this paper. This trick makes it possible to directly sample from the distribution over activations.
python main_bayesian.py
- set hyperparameters in
config_bayesian.py
python main_frequentist.py
- set hyperparameters in
config_frequentist.py
layers/: Contains ModuleWrapper, FlattenLayer, BBBLinear and BBBConv2d.
models/BayesianModels/: Contains standard Bayesian models (BBBLeNet, BBBAlexNet, BBB3Conv3FC).
models/NonBayesianModels/: Contains standard Non-Bayesian models (LeNet, AlexNet).
checkpoints/: Checkpoint directory: Models will be saved here.
tests/: Basic unittest cases for layers and models.
main_bayesian.py: Train and Evaluate Bayesian models.
config_bayesian.py: Hyperparameters for main_bayesian file.
main_frequentist.py: Train and Evaluate non-Bayesian (Frequentist) models.
config_frequentist.py: Hyperparameters for main_frequentist file.
AttackingModels.ipynb : Attacks performed on BNNs and plot generated
A detailed Report here written as a part of course project for CS690- Deep Learning Course at Purdue University is given.