Hugging Face's logo

Spaces:
TrustSafeAI
/
GREAT-Score
Running

App Files Community
zaitang commited on
Commit
0e03fed
·
verified ·
1 Parent(s): 4d22a83

Update index.html

Browse files
Files changed (1) hide show
  1. index.html +132 -90
index.html CHANGED
@@ -82,7 +82,8 @@
82
  <div class="container is-max-desktop">
83
  <div class="columns is-centered">
84
  <div class="column has-text-centered">
85
- <h1 class="title is-1 publication-title">Be Your Own Neighborhood: Detecting Adversarial Examples by the Neighborhood Relations Built on Self-Supervised Learning</h1>
 
86
  <div class="is-size-5 publication-authors">
87
  <span class="author-block">
88
  <a href="#" target="_blank">ZAITANG LI</a><sup>1</sup>,</span>
@@ -248,112 +249,153 @@
248
  <div class="columns is-centered">
249
  <div class="column container-centered">
250
  <table class="tg" border="1" style="width:100%;">
251
- <caption><strong>Table 1.</strong>The Area Under the ROC Curve (AUC) of Different Adversarial Detection Approaches on CIFAR-10. LNG
252
- is not open-sourced and the data comes from its report. To align with baselines, classifier: ResNet110, FGSM: &epsilon; = 0.05, PGD:
253
- &epsilon; = 0.02. Note that BEYOND needs no AE for training, leading to the same value on both seen and unseen settings. The <strong>bold</strong> values
254
- are the best performance, and the <u><i>underlined italicized</i></u> values are the second-best performanc</caption>
255
  <thead>
256
  <tr>
257
- <th class="tg-amwm" rowspan="2">AUC(%)</th>
258
- <th class="tg-baqh" colspan="4"><span style="font-weight:bold;font-style:italic">Unse</span><span style="font-weight:bold">e</span><span style="font-weight:bold;font-style:italic">n</span><span style="font-weight:bold">: </span>Attacks used in training are preclude from tests</th>
259
- <th class="tg-baqh" colspan="5"><span style="font-weight:bold;font-style:italic">Seen</span><span style="font-weight:bold">:</span> Attacks used in training are included in tests</th>
260
- </tr>
261
- <tr>
262
- <th class="tg-baqh">FGSM</th>
263
- <th class="tg-baqh">PGD</th>
264
- <th class="tg-baqh">AutoAttack</th>
265
- <th class="tg-baqh">Square</th>
266
- <th class="tg-baqh">FGSM</th>
267
- <th class="tg-baqh">PGD</th>
268
- <th class="tg-baqh">CW</th>
269
- <th class="tg-baqh">AutoAttack</th>
270
- <th class="tg-baqh">Square</th>
271
  </tr>
272
  </thead>
273
  <tbody>
274
  <tr>
275
- <td class="tg-baqh">DkNN</td>
276
- <td class="tg-baqh">61.55</td>
277
- <td class="tg-baqh">51.22</td>
278
- <td class="tg-baqh">52.12</td>
279
- <td class="tg-baqh">59.46</td>
280
- <td class="tg-baqh">61.55</td>
281
- <td class="tg-baqh">51.22</td>
282
- <td class="tg-baqh">61.52</td>
283
- <td class="tg-baqh">52.12</td>
284
- <td class="tg-baqh">59.46</td>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
285
  </tr>
286
  <tr>
287
- <td class="tg-baqh">kNN</td>
288
- <td class="tg-baqh">61.83</td>
289
- <td class="tg-baqh">54.52</td>
290
- <td class="tg-baqh">52.67</td>
291
- <td class="tg-baqh">73.39</td>
292
- <td class="tg-baqh">61.83</td>
293
- <td class="tg-baqh">54.52</td>
294
- <td class="tg-baqh">62.23</td>
295
- <td class="tg-baqh">52.67</td>
296
- <td class="tg-baqh">73.39</td>
297
  </tr>
298
  <tr>
299
- <td class="tg-baqh">LID</td>
300
- <td class="tg-baqh">71.08</td>
301
- <td class="tg-baqh">61.33</td>
302
- <td class="tg-baqh">55.56</td>
303
- <td class="tg-baqh">66.18</td>
304
- <td class="tg-baqh">73.61</td>
305
- <td class="tg-baqh">67.98</td>
306
- <td class="tg-baqh">55.68</td>
307
- <td class="tg-baqh">56.33</td>
308
- <td class="tg-baqh">85.94</td>
309
  </tr>
310
  <tr>
311
- <td class="tg-baqh">Hu</td>
312
- <td class="tg-baqh">84.51</td>
313
- <td class="tg-baqh">58.59</td>
314
- <td class="tg-baqh">53.55</td>
315
- <td class="tg-2imo">95.82</td>
316
- <td class="tg-baqh">84.51</td>
317
- <td class="tg-baqh">58.59</td>
318
- <td class="tg-2imo">91.02</td>
319
- <td class="tg-baqh">53.55</td>
320
- <td class="tg-baqh">95.82</td>
321
  </tr>
322
  <tr>
323
- <td class="tg-baqh">Mao</td>
324
- <td class="tg-baqh">95.33</td>
325
- <td class="tg-2imo">82.61</td>
326
- <td class="tg-2imo">81.95</td>
327
- <td class="tg-baqh">85.76</td>
328
- <td class="tg-baqh">95.33</td>
329
- <td class="tg-baqh">82.61</td>
330
- <td class="tg-baqh">83.10</td>
331
- <td class="tg-baqh">81.95</td>
332
- <td class="tg-baqh">85.76</td>
333
  </tr>
334
  <tr>
335
- <td class="tg-baqh">LNG</td>
336
- <td class="tg-2imo">98.51 </td>
337
- <td class="tg-baqh">63.14 </td>
338
- <td class="tg-baqh">58.47 </td>
339
- <td class="tg-baqh">94.71 </td>
340
- <td class="tg-amwm">99.88 </td>
341
- <td class="tg-2imo">91.39 </td>
342
- <td class="tg-baqh">89.74 </td>
343
- <td class="tg-2imo">84.03 </td>
344
- <td class="tg-2imo">98.82 </td>
345
  </tr>
346
  <tr>
347
- <td class="tg-baqh">BEYOND</td>
348
- <td class="tg-amwm">98.89</td>
349
- <td class="tg-amwm">99.28</td>
350
- <td class="tg-amwm">99.16</td>
351
- <td class="tg-amwm">99.27</td>
352
- <td class="tg-2imo">98.89</td>
353
- <td class="tg-amwm">99.28</td>
354
- <td class="tg-amwm">99.20</td>
355
- <td class="tg-amwm">99.16</td>
356
- <td class="tg-amwm">99.27</td>
357
  </tr>
358
  </tbody>
359
  </table>
@@ -525,4 +567,4 @@
525
  </footer>
526
 
527
  </body>
528
- </html>
 
82
  <div class="container is-max-desktop">
83
  <div class="columns is-centered">
84
  <div class="column has-text-centered">
85
+ <h1 class="title is-1 publication-title">GREAT Score: Global Robustness Evaluation of
86
+ Adversarial Perturbation using Generative Models</h1>
87
  <div class="is-size-5 publication-authors">
88
  <span class="author-block">
89
  <a href="#" target="_blank">ZAITANG LI</a><sup>1</sup>,</span>
 
249
  <div class="columns is-centered">
250
  <div class="column container-centered">
251
  <table class="tg" border="1" style="width:100%;">
252
+ <caption><strong>Table 1.</strong> Comparison of (Calibrated) GREAT Score v.s. minimal distortion found by CW attack on CIFAR-10. The results are averaged over 500 samples from StyleGAN2.</caption>
 
 
 
253
  <thead>
254
  <tr>
255
+ <th class="tg-amwm">Model Name</th>
256
+ <th class="tg-baqh">RobustBench Accuracy(%)</th>
257
+ <th class="tg-baqh">AutoAttack Accuracy(%)</th>
258
+ <th class="tg-baqh">GREAT Score</th>
259
+ <th class="tg-baqh">Calibrated GREAT Score</th>
260
+ <th class="tg-baqh">CW Distortion</th>
 
 
 
 
 
 
 
 
261
  </tr>
262
  </thead>
263
  <tbody>
264
  <tr>
265
+ <td class="tg-baqh">Rebuffi_extra</td>
266
+ <td class="tg-baqh">82.32</td>
267
+ <td class="tg-baqh">87.20</td>
268
+ <td class="tg-baqh">0.507</td>
269
+ <td class="tg-baqh">1.216</td>
270
+ <td class="tg-baqh">1.859</td>
271
+ </tr>
272
+ <tr>
273
+ <td class="tg-baqh">Gowal_extra</td>
274
+ <td class="tg-baqh">80.53</td>
275
+ <td class="tg-baqh">85.60</td>
276
+ <td class="tg-baqh">0.534</td>
277
+ <td class="tg-baqh">1.213</td>
278
+ <td class="tg-baqh">1.324</td>
279
+ </tr>
280
+ <tr>
281
+ <td class="tg-baqh">Rebuffi_70_ddpm</td>
282
+ <td class="tg-baqh">80.42</td>
283
+ <td class="tg-baqh">90.60</td>
284
+ <td class="tg-baqh">0.451</td>
285
+ <td class="tg-baqh">1.208</td>
286
+ <td class="tg-baqh">1.943</td>
287
+ </tr>
288
+ <tr>
289
+ <td class="tg-baqh">Rebuffi_28_ddpm</td>
290
+ <td class="tg-baqh">78.80</td>
291
+ <td class="tg-baqh">90.00</td>
292
+ <td class="tg-baqh">0.424</td>
293
+ <td class="tg-baqh">1.214</td>
294
+ <td class="tg-baqh">1.796</td>
295
+ </tr>
296
+ <tr>
297
+ <td class="tg-baqh">Augustin_WRN_extra</td>
298
+ <td class="tg-baqh">78.79</td>
299
+ <td class="tg-baqh">86.20</td>
300
+ <td class="tg-baqh">0.525</td>
301
+ <td class="tg-baqh">1.206</td>
302
+ <td class="tg-baqh">1.340</td>
303
+ </tr>
304
+ <tr>
305
+ <td class="tg-baqh">Sehwag</td>
306
+ <td class="tg-baqh">77.24</td>
307
+ <td class="tg-baqh">89.20</td>
308
+ <td class="tg-baqh">0.227</td>
309
+ <td class="tg-baqh">1.143</td>
310
+ <td class="tg-baqh">1.392</td>
311
+ </tr>
312
+ <tr>
313
+ <td class="tg-baqh">Augustin_WRN</td>
314
+ <td class="tg-baqh">76.25</td>
315
+ <td class="tg-baqh">86.40</td>
316
+ <td class="tg-baqh">0.583</td>
317
+ <td class="tg-baqh">1.206</td>
318
+ <td class="tg-baqh">1.332</td>
319
+ </tr>
320
+ <tr>
321
+ <td class="tg-baqh">Rade</td>
322
+ <td class="tg-baqh">76.15</td>
323
+ <td class="tg-baqh">86.60</td>
324
+ <td class="tg-baqh">0.413</td>
325
+ <td class="tg-baqh">1.200</td>
326
+ <td class="tg-baqh">1.486</td>
327
+ </tr>
328
+ <tr>
329
+ <td class="tg-baqh">Rebuffi_R18</td>
330
+ <td class="tg-baqh">75.86</td>
331
+ <td class="tg-baqh">87.60</td>
332
+ <td class="tg-baqh">0.369</td>
333
+ <td class="tg-baqh">1.210</td>
334
+ <td class="tg-baqh">1.413</td>
335
+ </tr>
336
+ <tr>
337
+ <td class="tg-baqh">Gowal</td>
338
+ <td class="tg-baqh">74.50</td>
339
+ <td class="tg-baqh">86.40</td>
340
+ <td class="tg-baqh">0.124</td>
341
+ <td class="tg-baqh">1.116</td>
342
+ <td class="tg-baqh">1.253</td>
343
+ </tr>
344
+ <tr>
345
+ <td class="tg-baqh">Sehwag_R18</td>
346
+ <td class="tg-baqh">74.41</td>
347
+ <td class="tg-baqh">88.60</td>
348
+ <td class="tg-baqh">0.236</td>
349
+ <td class="tg-baqh">1.135</td>
350
+ <td class="tg-baqh">1.343</td>
351
  </tr>
352
  <tr>
353
+ <td class="tg-baqh">Wu2020Adversarial</td>
354
+ <td class="tg-baqh">73.66</td>
355
+ <td class="tg-baqh">84.60</td>
356
+ <td class="tg-baqh">0.128</td>
357
+ <td class="tg-baqh">1.110</td>
358
+ <td class="tg-baqh">1.369</td>
 
 
 
 
359
  </tr>
360
  <tr>
361
+ <td class="tg-baqh">Augustin2020Adversarial</td>
362
+ <td class="tg-baqh">72.91</td>
363
+ <td class="tg-baqh">85.20</td>
364
+ <td class="tg-baqh">0.569</td>
365
+ <td class="tg-baqh">1.199</td>
366
+ <td class="tg-baqh">1.285</td>
 
 
 
 
367
  </tr>
368
  <tr>
369
+ <td class="tg-baqh">Engstrom2019Robustness</td>
370
+ <td class="tg-baqh">69.24</td>
371
+ <td class="tg-baqh">82.20</td>
372
+ <td class="tg-baqh">0.160</td>
373
+ <td class="tg-baqh">1.020</td>
374
+ <td class="tg-baqh">1.084</td>
 
 
 
 
375
  </tr>
376
  <tr>
377
+ <td class="tg-baqh">Rice2020Overfitting</td>
378
+ <td class="tg-baqh">67.68</td>
379
+ <td class="tg-baqh">81.80</td>
380
+ <td class="tg-baqh">0.152</td>
381
+ <td class="tg-baqh">1.040</td>
382
+ <td class="tg-baqh">1.097</td>
 
 
 
 
383
  </tr>
384
  <tr>
385
+ <td class="tg-baqh">Rony2019Decoupling</td>
386
+ <td class="tg-baqh">66.44</td>
387
+ <td class="tg-baqh">79.20</td>
388
+ <td class="tg-baqh">0.275</td>
389
+ <td class="tg-baqh">1.101</td>
390
+ <td class="tg-baqh">1.165</td>
 
 
 
 
391
  </tr>
392
  <tr>
393
+ <td class="tg-baqh">Ding2020MMA</td>
394
+ <td class="tg-baqh">66.09</td>
395
+ <td class="tg-baqh">77.60</td>
396
+ <td class="tg-baqh">0.112</td>
397
+ <td class="tg-baqh">0.909</td>
398
+ <td class="tg-baqh">1.095</td>
 
 
 
 
399
  </tr>
400
  </tbody>
401
  </table>
 
567
  </footer>
568
 
569
  </body>
570
+ </html>