This repository contains code for reproducing the results in our NeurIPS 2022 paper "MORA: Improving Ensemble Robustness Evaluation with Model-Reweighing Attack".
Please feel free to cite our paper with the following bibtex entry:
@inproceedings{mora,
author = {Yu, Yunrui and Gao, Xitong and Xu, Cheng-Zhong},
booktitle = {Advances in Neural Information Processing Systems},
editor = {S. Koyejo and S. Mohamed and A. Agarwal and D. Belgrave and K. Cho and A. Oh},
pages = {26955--26965},
publisher = {Curran Associates, Inc.},
title = {{MORA}: Improving Ensemble Robustness Evaluation with Model Reweighing Attack},
url = {https://proceedings.neurips.cc/paper_files/paper/2022/file/ac895e51849bfc99ae25e054fd4c2eda-Paper-Conference.pdf},
volume = {35},
year = {2022}
}Create the conda environment called mora
containing all the dependencies by running:
conda env create -f environment.ymlWe used PyTorch 1.4.0 for all the experiments, and the code were tested on an NVIDIA TITAN Xp GPU.
The pretrained models
for the ensemble defense strategies (ADP, DVERGE, GAL)
can be accessed
via this link.
The pre-trained models are located
in the folder named checkpoints.
Download and place the checkpoints
into a checkpoints/ folder under this repo
before running evaluation scripts.
Examples of evaluation scripts can be found in scripts/evaluation.sh.