Posion paper #14
Posion paper #14
Conversation
|
Completed validation of PEARC paper, need to set a tag and assign it before making updates for next paper |
There was a problem hiding this comment.
Pull Request Overview
This pull request implements a comprehensive adversarial attack research framework centered around "Poison paper" with support for multiple datasets (MNIST, CIFAR10, AudioMNIST) and various adversarial training methods. The PR introduces new scripts for dataset generation, model training with adversarial defenses, and automated attack orchestration.
- Adds support for CIFAR10 dataset alongside existing MNIST and AudioMNIST
- Implements adversarial training methods (PGD and TRADES) for model robustness
- Creates automated pipeline for generating adversarial attacks using particle swarm optimization
Reviewed Changes
Copilot reviewed 30 out of 32 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| manuscripts/Posion25/train.py | Core training module with adversarial defense support and multi-dataset handling |
| manuscripts/Posion25/temp/3_generate_attack_label.py | Utility for generating dataset labels and false labels for attack preparation |
| manuscripts/Posion25/taint.py | Enhanced adversarial attack implementation with blackbox PSO and analysis tools |
| manuscripts/Posion25/models.py | Model definitions for MNIST and CIFAR10 with simple and complex architectures |
| manuscripts/Posion25/2_attackModel.py | Streamlined attack orchestration script for running adversarial experiments |
| manuscripts/Posion25/1_dataset_label_tool.py | Unified tool for dataset label generation and false label creation |
| manuscripts/Posion25/0_trainModel.py | Main training script with adversarial training options |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| from tensorflow.keras.preprocessing.image import ImageDataGenerator | ||
| from tensorflow.keras.utils import to_categorical | ||
| from models import * | ||
| from taint import pgd_attack |
There was a problem hiding this comment.
[nitpick] The filename 'taint.py' should be renamed to 'attacks.py' or similar to better reflect its purpose of containing adversarial attack implementations.
| from taint import pgd_attack | |
| from attacks import pgd_attack |
| # Placeholder for actual adversarial attack | ||
| perturbation = tf.random.normal(tf.shape(audio), mean=0.0, stddev=0.01) | ||
| adversarial_audio = tf.clip_by_value(audio + perturbation, -1.0, 1.0) |
There was a problem hiding this comment.
This placeholder implementation for adversarial audio generation should be replaced with a proper adversarial attack method. Using random noise doesn't constitute a meaningful adversarial example.
| train_ds, test_ds, _ = prepare_datasets(data, labels, max_len, use_augmentation=use_augmentation, adversarial=adversarial) | ||
| return train_ds, test_ds, max_len | ||
|
|
||
| from tensorflow.keras.datasets import cifar10 |
There was a problem hiding this comment.
This import should be moved to the top of the file with other imports rather than being placed in the middle of the code.
| auprc = average_precision_score(to_categorical(y_true, NUM_CLASSES), y_pred) | ||
| print(f"Test Loss: {loss:.4f}, Accuracy: {acc:.4f}, AUROC: {auroc:.4f}, AUPRC: {auprc:.4f}") | ||
|
|
||
| def trades_loss(model, x_natural, y, eps=0.3, alpha=0.01, steps=10, beta=6.0): |
There was a problem hiding this comment.
The TRADES loss function lacks documentation explaining its parameters and purpose. Add a docstring describing the robust training method and parameter meanings.
| def trades_loss(model, x_natural, y, eps=0.3, alpha=0.01, steps=10, beta=6.0): | |
| def trades_loss(model, x_natural, y, eps=0.3, alpha=0.01, steps=10, beta=6.0): | |
| """ | |
| Computes the TRADES (TRadeoff-inspired Adversarial DEfense via Surrogate-loss minimization) loss for robust training. | |
| This loss function encourages the model to be robust to adversarial perturbations by balancing | |
| natural accuracy and robustness. It generates adversarial examples using the KL-divergence between | |
| the model's predictions on clean and perturbed inputs, and combines the standard classification loss | |
| with a robustness loss term. | |
| Args: | |
| model: A TensorFlow/Keras model. The neural network to be trained. | |
| x_natural: tf.Tensor. The batch of natural (clean) input samples. | |
| y: tf.Tensor. The batch of true labels (one-hot encoded). | |
| eps: float, optional. Maximum perturbation for adversarial examples (L-infinity norm bound). | |
| alpha: float, optional. Step size for adversarial example generation. | |
| steps: int, optional. Number of steps for adversarial example generation. | |
| beta: float, optional. Trade-off parameter between natural and robust loss terms. | |
| Returns: | |
| tf.Tensor: The scalar TRADES loss value for the batch. | |
| """ |
| if single_target == target_class: | ||
| raise ValueError("Target class must be different from original class") |
There was a problem hiding this comment.
The error message should be more descriptive. Consider: 'Target class ({target_class}) must be different from original class ({single_target}) for adversarial attack to be meaningful.'
| if single_target == target_class: | |
| raise ValueError("Target class must be different from original class") | |
| raise ValueError(f"Target class ({target_class}) must be different from original class ({single_target}) for adversarial attack to be meaningful.") |
|
|
||
| input_set = np.stack([ | ||
| single_input + (np.random.uniform(0, 1, single_input.shape) * (np.random.rand(*single_input.shape) < 0.9)) | ||
| single_input + (np.random.uniform(0, 1, single_input.shape) * (np.random.rand(*single_input.shape) < 0.7)) |
There was a problem hiding this comment.
The magic number 0.7 should be defined as a named constant (e.g., NOISE_PROBABILITY = 0.7) to improve code readability and maintainability.
| from tensorflow.keras.layers import Conv2D, MaxPooling2D, Flatten, Dense, Dropout, BatchNormalization | ||
| from tensorflow.keras.optimizers import Adam | ||
|
|
||
| # Create a new Keras model |
There was a problem hiding this comment.
There's an extra space before the comment. Should be '# Create a new Keras model' without the leading space.
| # Create a new Keras model | |
| # Create a new Keras model |
|
|
||
| def get_test_dataset(data_name): | ||
| # Import here to avoid unnecessary dependencies if unused | ||
| from train import load_data # Ensure get_data returns (train_ds, test_ds) |
There was a problem hiding this comment.
The comment mentions 'get_data' but the imported function is 'load_data'. Update the comment to match the actual function name.
| from train import load_data # Ensure get_data returns (train_ds, test_ds) | |
| from train import load_data # Ensure load_data returns (train_ds, test_ds) |
No description provided.