Closed JohnCarpenter2 closed 1 year ago
Thanks a lot for drawing attention to our work!
The printed results seem correct for all 12 attack methods. In our code, we first generate the EPSs of adversarial samples and natural samples, then detect them using the trained deep kernel MMD subsequently. The results mentioned above are the processes of generating EPSs of adversarial samples, where "robust acc: top1--top5" is the accuracy of the standard classifier against adversarial samples. If you would like to obtain the final detection accuracy of our EPS-AD, please continue to run the remaining procedures in the second step of our repositories.
Hope the answer above can help you.
Thanks for open-sourcing your wonderful work.
We have trained the MMD kernel and used the following code to evaluate the performance:
The exp result shows that:
We are doubt whether we have reproduced the proposed method.
Hope for your response.
Thanks a lot.