Hugging Face's logo

Spaces:
TrustSafeAI
/
GREAT-Score
Running

App Files Community
zaitang commited on
Commit
82fd2c3
·
verified ·
1 Parent(s): f4a2536

Update index.html

Browse files
Files changed (1) hide show
  1. index.html +188 -171
index.html CHANGED
@@ -196,14 +196,15 @@
196
  <!-- Overview -->
197
  <section class="section">
198
  <div class="container is-max-desktop">
199
- <h2 class="title is-3">Method Overview of BEYOND</h2>
200
  <div class="columns is-centered">
201
  <div class="column container-centered">
202
- <img src="./static/images/overview.png" alt="Method Overview of BEYOND"/>
203
- <p><strong>Figure 2. Overview of BEYOND.</strong> First, we augment the input image to obtain a bunch of its neighbors. Then, we
204
- perform the label consistency detection mechanism on the classifier’s prediction of the input image and that of neighbors predicted by
205
- SSL’s classification head. Meanwhile, the representation similarity mechanism employs cosine distance to measure the similarity among
206
- the input image and its neighbors. Finally, The input image with poor label consistency or representation similarity is flagged as AE.</p>
 
207
  </div>
208
  </div>
209
  </div>
@@ -274,9 +275,181 @@
274
  </div>
275
  </div>
276
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
277
  <div class="columns is-centered">
278
  <div class="column is-full-width">
279
- <h3 class="title is-4">Model Ranking Comparison</h3>
280
  <div class="content has-text-justified">
281
  <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
282
  <caption><strong>Table 2.</strong> Spearman's rank correlation coefficient on CIFAR-10 using GREAT Score, RobustBench (with test set), and Auto-Attack (with generated samples).</caption>
@@ -315,7 +488,14 @@
315
  </div>
316
  </div>
317
  </div>
 
 
 
318
 
 
 
 
 
319
  <div class="columns is-centered">
320
  <div class="column container-centered">
321
  <div>
@@ -330,174 +510,11 @@
330
  </div>
331
  </div>
332
  </div>
333
-
334
-
335
  </section>
 
336
 
337
 
338
 
339
- <!-- Results -->
340
- <section class="section">
341
- <div class="container is-max-desktop">
342
- <h2 class="title is-3">GREAT Score Results</h2>
343
- <div class="columns is-centered">
344
- <div class="column container-centered">
345
- <table class="tg" border="1" style="width:100%;">
346
- <caption><strong>Table 1.</strong> Comparison of (Calibrated) GREAT Score v.s. minimal distortion found by CW attack on CIFAR-10. The results are averaged over 500 samples from StyleGAN2.</caption>
347
- <thead>
348
- <tr>
349
- <th class="tg-amwm">Model Name</th>
350
- <th class="tg-baqh">RobustBench Accuracy(%)</th>
351
- <th class="tg-baqh">AutoAttack Accuracy(%)</th>
352
- <th class="tg-baqh">GREAT Score</th>
353
- <th class="tg-baqh">Calibrated GREAT Score</th>
354
- <th class="tg-baqh">CW Distortion</th>
355
- </tr>
356
- </thead>
357
- <tbody>
358
- <tr>
359
- <td class="tg-baqh">Rebuffi_extra</td>
360
- <td class="tg-baqh">82.32</td>
361
- <td class="tg-baqh">87.20</td>
362
- <td class="tg-baqh">0.507</td>
363
- <td class="tg-baqh">1.216</td>
364
- <td class="tg-baqh">1.859</td>
365
- </tr>
366
- <tr>
367
- <td class="tg-baqh">Gowal_extra</td>
368
- <td class="tg-baqh">80.53</td>
369
- <td class="tg-baqh">85.60</td>
370
- <td class="tg-baqh">0.534</td>
371
- <td class="tg-baqh">1.213</td>
372
- <td class="tg-baqh">1.324</td>
373
- </tr>
374
- <tr>
375
- <td class="tg-baqh">Rebuffi_70_ddpm</td>
376
- <td class="tg-baqh">80.42</td>
377
- <td class="tg-baqh">90.60</td>
378
- <td class="tg-baqh">0.451</td>
379
- <td class="tg-baqh">1.208</td>
380
- <td class="tg-baqh">1.943</td>
381
- </tr>
382
- <tr>
383
- <td class="tg-baqh">Rebuffi_28_ddpm</td>
384
- <td class="tg-baqh">78.80</td>
385
- <td class="tg-baqh">90.00</td>
386
- <td class="tg-baqh">0.424</td>
387
- <td class="tg-baqh">1.214</td>
388
- <td class="tg-baqh">1.796</td>
389
- </tr>
390
- <tr>
391
- <td class="tg-baqh">Augustin_WRN_extra</td>
392
- <td class="tg-baqh">78.79</td>
393
- <td class="tg-baqh">86.20</td>
394
- <td class="tg-baqh">0.525</td>
395
- <td class="tg-baqh">1.206</td>
396
- <td class="tg-baqh">1.340</td>
397
- </tr>
398
- <tr>
399
- <td class="tg-baqh">Sehwag</td>
400
- <td class="tg-baqh">77.24</td>
401
- <td class="tg-baqh">89.20</td>
402
- <td class="tg-baqh">0.227</td>
403
- <td class="tg-baqh">1.143</td>
404
- <td class="tg-baqh">1.392</td>
405
- </tr>
406
- <tr>
407
- <td class="tg-baqh">Augustin_WRN</td>
408
- <td class="tg-baqh">76.25</td>
409
- <td class="tg-baqh">86.40</td>
410
- <td class="tg-baqh">0.583</td>
411
- <td class="tg-baqh">1.206</td>
412
- <td class="tg-baqh">1.332</td>
413
- </tr>
414
- <tr>
415
- <td class="tg-baqh">Rade</td>
416
- <td class="tg-baqh">76.15</td>
417
- <td class="tg-baqh">86.60</td>
418
- <td class="tg-baqh">0.413</td>
419
- <td class="tg-baqh">1.200</td>
420
- <td class="tg-baqh">1.486</td>
421
- </tr>
422
- <tr>
423
- <td class="tg-baqh">Rebuffi_R18</td>
424
- <td class="tg-baqh">75.86</td>
425
- <td class="tg-baqh">87.60</td>
426
- <td class="tg-baqh">0.369</td>
427
- <td class="tg-baqh">1.210</td>
428
- <td class="tg-baqh">1.413</td>
429
- </tr>
430
- <tr>
431
- <td class="tg-baqh">Gowal</td>
432
- <td class="tg-baqh">74.50</td>
433
- <td class="tg-baqh">86.40</td>
434
- <td class="tg-baqh">0.124</td>
435
- <td class="tg-baqh">1.116</td>
436
- <td class="tg-baqh">1.253</td>
437
- </tr>
438
- <tr>
439
- <td class="tg-baqh">Sehwag_R18</td>
440
- <td class="tg-baqh">74.41</td>
441
- <td class="tg-baqh">88.60</td>
442
- <td class="tg-baqh">0.236</td>
443
- <td class="tg-baqh">1.135</td>
444
- <td class="tg-baqh">1.343</td>
445
- </tr>
446
- <tr>
447
- <td class="tg-baqh">Wu2020Adversarial</td>
448
- <td class="tg-baqh">73.66</td>
449
- <td class="tg-baqh">84.60</td>
450
- <td class="tg-baqh">0.128</td>
451
- <td class="tg-baqh">1.110</td>
452
- <td class="tg-baqh">1.369</td>
453
- </tr>
454
- <tr>
455
- <td class="tg-baqh">Augustin2020Adversarial</td>
456
- <td class="tg-baqh">72.91</td>
457
- <td class="tg-baqh">85.20</td>
458
- <td class="tg-baqh">0.569</td>
459
- <td class="tg-baqh">1.199</td>
460
- <td class="tg-baqh">1.285</td>
461
- </tr>
462
- <tr>
463
- <td class="tg-baqh">Engstrom2019Robustness</td>
464
- <td class="tg-baqh">69.24</td>
465
- <td class="tg-baqh">82.20</td>
466
- <td class="tg-baqh">0.160</td>
467
- <td class="tg-baqh">1.020</td>
468
- <td class="tg-baqh">1.084</td>
469
- </tr>
470
- <tr>
471
- <td class="tg-baqh">Rice2020Overfitting</td>
472
- <td class="tg-baqh">67.68</td>
473
- <td class="tg-baqh">81.80</td>
474
- <td class="tg-baqh">0.152</td>
475
- <td class="tg-baqh">1.040</td>
476
- <td class="tg-baqh">1.097</td>
477
- </tr>
478
- <tr>
479
- <td class="tg-baqh">Rony2019Decoupling</td>
480
- <td class="tg-baqh">66.44</td>
481
- <td class="tg-baqh">79.20</td>
482
- <td class="tg-baqh">0.275</td>
483
- <td class="tg-baqh">1.101</td>
484
- <td class="tg-baqh">1.165</td>
485
- </tr>
486
- <tr>
487
- <td class="tg-baqh">Ding2020MMA</td>
488
- <td class="tg-baqh">66.09</td>
489
- <td class="tg-baqh">77.60</td>
490
- <td class="tg-baqh">0.112</td>
491
- <td class="tg-baqh">0.909</td>
492
- <td class="tg-baqh">1.095</td>
493
- </tr>
494
- </tbody>
495
- </table>
496
- </div>
497
- </div>
498
- </div>
499
- </section>
500
- <!-- Results -->
501
 
502
 
503
 
 
196
  <!-- Overview -->
197
  <section class="section">
198
  <div class="container is-max-desktop">
199
+ <h2 class="title is-3">Method Overview of GREAT Score</h2>
200
  <div class="columns is-centered">
201
  <div class="column container-centered">
202
+ <img src="./static/images/GREAT_Score_overview.png" alt="Method Overview of GREAT Score"/>
203
+ <p><strong>Figure 1. Overview of GREAT Score.</strong> The process involves three main steps:
204
+ (1) Data Generation: We use a generative model to create synthetic samples.
205
+ (2) Local Robustness Evaluation: For each generated sample, we calculate a local robustness score based on the classifier's confidence.
206
+ (3) Global Robustness Estimation: We aggregate the local scores to estimate the overall robustness of the classifier.
207
+ This method provides a certified lower bound on the true global robustness without requiring access to the original dataset or exhaustive adversarial attacks.</p>
208
  </div>
209
  </div>
210
  </div>
 
275
  </div>
276
  </div>
277
 
278
+
279
+
280
+ </section>
281
+
282
+
283
+
284
+ <!-- Results -->
285
+ <section class="section">
286
+ <div class="container is-max-desktop">
287
+ <h2 class="title is-3">GREAT Score Results</h2>
288
+ <div class="columns is-centered">
289
+ <div class="column container-centered">
290
+ <table class="tg" border="1" style="width:100%;">
291
+ <caption><strong>Table 1.</strong> Comparison of (Calibrated) GREAT Score v.s. minimal distortion found by CW attack on CIFAR-10. The results are averaged over 500 samples from StyleGAN2.</caption>
292
+ <thead>
293
+ <tr>
294
+ <th class="tg-amwm">Model Name</th>
295
+ <th class="tg-baqh">RobustBench Accuracy(%)</th>
296
+ <th class="tg-baqh">AutoAttack Accuracy(%)</th>
297
+ <th class="tg-baqh">GREAT Score</th>
298
+ <th class="tg-baqh">Calibrated GREAT Score</th>
299
+ <th class="tg-baqh">CW Distortion</th>
300
+ </tr>
301
+ </thead>
302
+ <tbody>
303
+ <tr>
304
+ <td class="tg-baqh">Rebuffi_extra</td>
305
+ <td class="tg-baqh">82.32</td>
306
+ <td class="tg-baqh">87.20</td>
307
+ <td class="tg-baqh">0.507</td>
308
+ <td class="tg-baqh">1.216</td>
309
+ <td class="tg-baqh">1.859</td>
310
+ </tr>
311
+ <tr>
312
+ <td class="tg-baqh">Gowal_extra</td>
313
+ <td class="tg-baqh">80.53</td>
314
+ <td class="tg-baqh">85.60</td>
315
+ <td class="tg-baqh">0.534</td>
316
+ <td class="tg-baqh">1.213</td>
317
+ <td class="tg-baqh">1.324</td>
318
+ </tr>
319
+ <tr>
320
+ <td class="tg-baqh">Rebuffi_70_ddpm</td>
321
+ <td class="tg-baqh">80.42</td>
322
+ <td class="tg-baqh">90.60</td>
323
+ <td class="tg-baqh">0.451</td>
324
+ <td class="tg-baqh">1.208</td>
325
+ <td class="tg-baqh">1.943</td>
326
+ </tr>
327
+ <tr>
328
+ <td class="tg-baqh">Rebuffi_28_ddpm</td>
329
+ <td class="tg-baqh">78.80</td>
330
+ <td class="tg-baqh">90.00</td>
331
+ <td class="tg-baqh">0.424</td>
332
+ <td class="tg-baqh">1.214</td>
333
+ <td class="tg-baqh">1.796</td>
334
+ </tr>
335
+ <tr>
336
+ <td class="tg-baqh">Augustin_WRN_extra</td>
337
+ <td class="tg-baqh">78.79</td>
338
+ <td class="tg-baqh">86.20</td>
339
+ <td class="tg-baqh">0.525</td>
340
+ <td class="tg-baqh">1.206</td>
341
+ <td class="tg-baqh">1.340</td>
342
+ </tr>
343
+ <tr>
344
+ <td class="tg-baqh">Sehwag</td>
345
+ <td class="tg-baqh">77.24</td>
346
+ <td class="tg-baqh">89.20</td>
347
+ <td class="tg-baqh">0.227</td>
348
+ <td class="tg-baqh">1.143</td>
349
+ <td class="tg-baqh">1.392</td>
350
+ </tr>
351
+ <tr>
352
+ <td class="tg-baqh">Augustin_WRN</td>
353
+ <td class="tg-baqh">76.25</td>
354
+ <td class="tg-baqh">86.40</td>
355
+ <td class="tg-baqh">0.583</td>
356
+ <td class="tg-baqh">1.206</td>
357
+ <td class="tg-baqh">1.332</td>
358
+ </tr>
359
+ <tr>
360
+ <td class="tg-baqh">Rade</td>
361
+ <td class="tg-baqh">76.15</td>
362
+ <td class="tg-baqh">86.60</td>
363
+ <td class="tg-baqh">0.413</td>
364
+ <td class="tg-baqh">1.200</td>
365
+ <td class="tg-baqh">1.486</td>
366
+ </tr>
367
+ <tr>
368
+ <td class="tg-baqh">Rebuffi_R18</td>
369
+ <td class="tg-baqh">75.86</td>
370
+ <td class="tg-baqh">87.60</td>
371
+ <td class="tg-baqh">0.369</td>
372
+ <td class="tg-baqh">1.210</td>
373
+ <td class="tg-baqh">1.413</td>
374
+ </tr>
375
+ <tr>
376
+ <td class="tg-baqh">Gowal</td>
377
+ <td class="tg-baqh">74.50</td>
378
+ <td class="tg-baqh">86.40</td>
379
+ <td class="tg-baqh">0.124</td>
380
+ <td class="tg-baqh">1.116</td>
381
+ <td class="tg-baqh">1.253</td>
382
+ </tr>
383
+ <tr>
384
+ <td class="tg-baqh">Sehwag_R18</td>
385
+ <td class="tg-baqh">74.41</td>
386
+ <td class="tg-baqh">88.60</td>
387
+ <td class="tg-baqh">0.236</td>
388
+ <td class="tg-baqh">1.135</td>
389
+ <td class="tg-baqh">1.343</td>
390
+ </tr>
391
+ <tr>
392
+ <td class="tg-baqh">Wu2020Adversarial</td>
393
+ <td class="tg-baqh">73.66</td>
394
+ <td class="tg-baqh">84.60</td>
395
+ <td class="tg-baqh">0.128</td>
396
+ <td class="tg-baqh">1.110</td>
397
+ <td class="tg-baqh">1.369</td>
398
+ </tr>
399
+ <tr>
400
+ <td class="tg-baqh">Augustin2020Adversarial</td>
401
+ <td class="tg-baqh">72.91</td>
402
+ <td class="tg-baqh">85.20</td>
403
+ <td class="tg-baqh">0.569</td>
404
+ <td class="tg-baqh">1.199</td>
405
+ <td class="tg-baqh">1.285</td>
406
+ </tr>
407
+ <tr>
408
+ <td class="tg-baqh">Engstrom2019Robustness</td>
409
+ <td class="tg-baqh">69.24</td>
410
+ <td class="tg-baqh">82.20</td>
411
+ <td class="tg-baqh">0.160</td>
412
+ <td class="tg-baqh">1.020</td>
413
+ <td class="tg-baqh">1.084</td>
414
+ </tr>
415
+ <tr>
416
+ <td class="tg-baqh">Rice2020Overfitting</td>
417
+ <td class="tg-baqh">67.68</td>
418
+ <td class="tg-baqh">81.80</td>
419
+ <td class="tg-baqh">0.152</td>
420
+ <td class="tg-baqh">1.040</td>
421
+ <td class="tg-baqh">1.097</td>
422
+ </tr>
423
+ <tr>
424
+ <td class="tg-baqh">Rony2019Decoupling</td>
425
+ <td class="tg-baqh">66.44</td>
426
+ <td class="tg-baqh">79.20</td>
427
+ <td class="tg-baqh">0.275</td>
428
+ <td class="tg-baqh">1.101</td>
429
+ <td class="tg-baqh">1.165</td>
430
+ </tr>
431
+ <tr>
432
+ <td class="tg-baqh">Ding2020MMA</td>
433
+ <td class="tg-baqh">66.09</td>
434
+ <td class="tg-baqh">77.60</td>
435
+ <td class="tg-baqh">0.112</td>
436
+ <td class="tg-baqh">0.909</td>
437
+ <td class="tg-baqh">1.095</td>
438
+ </tr>
439
+ </tbody>
440
+ </table>
441
+ </div>
442
+ </div>
443
+ </div>
444
+ </section>
445
+ <!-- Results -->
446
+
447
+ <!-- Model Ranking Comparison Section -->
448
+ <section class="section">
449
+ <div class="container is-max-desktop">
450
+ <h2 class="title is-3">Model Ranking Comparison</h2>
451
  <div class="columns is-centered">
452
  <div class="column is-full-width">
 
453
  <div class="content has-text-justified">
454
  <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
455
  <caption><strong>Table 2.</strong> Spearman's rank correlation coefficient on CIFAR-10 using GREAT Score, RobustBench (with test set), and Auto-Attack (with generated samples).</caption>
 
488
  </div>
489
  </div>
490
  </div>
491
+ </div>
492
+ </section>
493
+ <!-- Model Ranking Comparison Section -->
494
 
495
+ <!-- GREAT Score vs CW Attack Comparison Section -->
496
+ <section class="section">
497
+ <div class="container is-max-desktop">
498
+ <h2 class="title is-3">GREAT Score vs CW Attack Comparison</h2>
499
  <div class="columns is-centered">
500
  <div class="column container-centered">
501
  <div>
 
510
  </div>
511
  </div>
512
  </div>
 
 
513
  </section>
514
+ <!-- GREAT Score vs CW Attack Comparison Section -->
515
 
516
 
517
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
518
 
519
 
520