Robust-ml is a library of training methods designed to improve the robustness of computer vision models. Warning : This library requires to have a GPU, CPU-only mode is not supported.
To install and use the library, it is recommended to create a Python virtual environment. You can do that with virtualenv, as follows:
pip install virtualenv
virtualenv -p <path/to/python3.10> myenv
source myenv/bin/activateOnce your virtual environment is activated, you can install the uqmodels library directly from Pypi by typing :
pip install robust-mlThis command will install the robust-ml package and all required dependencies.
Advertrain takes a torch dataloader as input.
As output, the library returns a model saved as a local .pth file.
You have to generate a dataloader in pytorch.
trainer = AdversarialTraining(model=your_architecture, optimizer=your_optimizer, loss_func=your_criterion, device=your_device, epsilon=your_epsilon)
trainer.fit(epochs=2, train_dataloader=your_train_dataloader, val_dataloader=your_val_dataloader, patience=2, checkpoint=your_path)
For more informations, you can follow the notebook example here : Notebook
-
Download the example dataset here and unzip it in the
examples/folder. Once done, you should have subfolder named/examples/dataset/c00 -
Launch the jupyter notebook
examples/training.ipynb
The library provides six neural network architectures. More specifically, two main architectures are implemented, as well as two derived architectures for each of them :
- ConvNet
- ConvNet with DropBlock regularization
- ResNet
- ResNet with DropBlock regularization
A Convolutional Neural Network (ConvNet or CNN) is a type of deep learning algorithm primarily used for processing data with a grid-like topology, such as images, using convolutional layers to automatically and adaptively learn spatial hierarchies of features.
ResNet, short for Residual Network, is a type of convolutional neural network (CNN) that introduces residual connections or "shortcuts" to jump over some layers, helping to solve the vanishing gradient problem and enabling the training of much deeper networks.
Dropout is a regularization technique for reducing overfitting in neural networks by preventing complex co-adaptations on training data.
"DropBlock is a structured form of dropout directed at regularizing convolutional networks. In DropBlock, units in a contiguous region of a feature map are dropped together. As DropBlock discards features in a correlated area, the networks must look elsewhere for evidence to fit the data."
Acutally two training methods are available. They take the form of three classes :
- ClassicalTraining
- AdversarialTraining
- AutoAttackTraining
- FireTraining
- TradesTraining
This is the class to train a model without considering improved robustness.
All other training methods inherit from this class.
This is the class to train model against adversarial attack. This method is based on an external : cleverhans
"Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks" Francesco Croce, Matthias Hein ICML 2020 AutoAttack
"Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks" Francesco Croce, Matthias Hein ICML 2020 Fire
TRADES minimizes a regularized surrogate loss L(.,.) (e.g., the cross-entropy loss) for adversarial training Trades
Robust-ml is developed by
