A diffusion-based denoising approach to mitigate online adversarial image attacks and an FFT-based detector

This code has been tested on Ubuntu 18.04 LTS and ROS melodic with Python 3.6.9 and Python 3.10.0 and GCC 8.4.0.

Open up 3 terminals

Create a catkin workspace and download the repositories as follows

# in terminal 1

mkdir -p ~/defender_ws/src && cd ~/defender_ws/src

git clone https://github.com/r-bahrami/iros_image_attack.git
git clone https://github.com/gaudelbijay/attack-defender.git
git clone https://github.com/ros-perception/vision_opencv -b melodic

cd ..

The attack-defender model requires Python 3.10.0. As such, set up a virtual environment for installing the requirements in requirements.txt.

# in terminal 2

python3.10 -m venv diffusion_env
source diffusion_env/bin/activate
cd <path to defender>/src/attack-defender
pip install -r requirements.txt

cd src/diffusion_model/ && mkdir results

Download the trained parameters of diffusion-based denoiser, named model-100.pt from this link and copy into the results folder.

# in terminal 1
# cd ~/defender_ws/

catkin_make -DPYTHON_EXECUTABLE=/usr/bin/python3

source  devel/setup.bash

Set up the AirSim and simulation environment settings (Environment 2) as described in iros_image_attack package.

For integration of the attack-defender, in model_yolo.py, uncomment the line 71 and comment line 70. This enforces the simulation to use the denoised images, and thus the RL-baed attacker is trained while the attack-defender is in the loop.

Run the ./Blocks.sh environment in terminal 3.

Run the attack-defender,

# in terminal 2
# source diffusion_env/bin/activate

cd ~/defender_ws/src/attack-defender/src/diffusion_model

python node_denoising.py

Then train the attacker using

# in terminal 1
roslaunch iros_image_attack train.launch

After 10 episodes, the code will stop and the trained model will be saved. Afterward, different experiments can be run as described below.

# in terminal 2
# source diffusion_env/bin/activate
# cd ~/defender_ws/src/attack-defender/src/diffusion_model

python node_denoising.py

# in terminal 1
roslaunch iros_image_attack run.launch

• compare the code with this commit to figure out the encoding bug.

• The reinforcement-based attacker of the RAL-paper based on the forked iros_image_attack repository.

To integrate attack-defender model with the RL-based attacker in iros_image_attack, we only added one line in the node_yolo.py module to subscribe to the denoised images. Also, we enforced the image encoding encoding="bgr8" for the published attacked images in the node_image_attacker.py module.

For integration to take place, in model_yolo.py, uncomment the line 71 and comment line 70. This enables the simulation to run using the denoised images.

• integrate the FFT code for online attack detection.
• update the FFT code for online attack detection in 2D space of Height x Width where we have a better parameterized threshold for detection.
• add the training details

We used denoising-diffusion-pytorch repo for the implementation of the training of our diffusion model of the attack-defender.

We used iros_image_attack repo for the reinforcement-based attacker.