This is a readme document introducing our work "Adversarial example defense based on image reconstruction". Due to the capacity limitation of the platform, we upload the source code to github, which can be accessed by visiting this link: https://github.com/yuzhang866/DEFENSE_ADV 1. Brief experiment: (1) We use the Foolbox adversarial example generation toolbox, and choose FGSM, BIM, DeepFool and C&W four methods to generate adversarial samples. After that, we process the generated adversarial examples through the defense model, and input the processed results into the classifier model for testing. (2) The network model used in the experiment: LeNet, GoogLeNet, ResNet50, ResNet101 (3) Data set (dataset folder) used in the experiment: MNIST, FashionMNIST (F-MNIST), Cifar-10 MNIST dataset: https://github.com/messiLiao/mnist_helper Fashion-MNIST dataset: https://github.com/zalandoresearch/fashion-mnist CIFAR dataset: http://www. cs. toronto. edu/kriz/cifar. html (4) The experiment codes for the three data sets are located in the MNIST, FMNIST, and CIFAR folders. (5) The experiment compares two aspects: a) The result display and classification performance of the defense model b) Transferability: Can be used in combination with different classifier models without modifying the classifier model structure 2. The main process of the experiment : (1)Use the original data to train on the four network structures to obtain four training models (2) For clean samples in the original data set, four methods of FGSM, DeepFool, BIM, and CW are used to generate adversarial samples (3) Training defense model: The confrontation samples generated in (2) are compressed and reconstructed to obtain defense samples. Then, we repeated iterative training to get the final defense model. (4)Test : First, we generate adversarial samples in the test set, then compress the image through the image compression function reduce_precision_np, and use the compressed samples as the input of the defense model to obtain the defense samples. Finally, the defense sample is used as the input of the model trained in (1), and the final output is obtained. 3. The main tasks of the folder in the source code: The content of "model" folder: a) "model.py" : ResNet:include BasicBlock、BottleNeck、ResNet(resnet50 and resnet101) Defense model:ConvolutionalBlock->ResidualBlock->DefenseNet The composition of DefenseNet: convolutional layer -> several residual blocks -> convolutional layer -> convolutional layer Image compression function:reduce_precision_np b) "model_edsr.py":ESDR network c) "model_srresnet.py":SRResNet network d) "model_srresnet_128_not.py":The only difference with model_srresnet.py is that when the channel is 128, the activation function of the last convolutional layer of the network is empty "SavedNetworkModel": Store the trained model Experiments on MNIST (files are stored in the mnist folder): Train the model with clean samples (1) googlenet_train_mnist.py (2) resnet50_train_mnist.py (3) resnet101_train_mnist.py Experiments on Cifar-10 (files are stored in the cifar folder): Train the model with clean samples (1) googlenet_train_cifar.py (2) resnet50_train_cifar.py (3) resnet101_train_cifar.py Training defense model (corresponding to three network structures and four ways to generate adversarial samples) GoogleNet: (1) googlenet_train_defense_fgsm_cifar.py (2) googlenet_train_defense_deepfool_cifar.py (3) googlenet_train_defense_bim_cifar.py (4) googlenet_train_defense_cw_cifar.py ResNet50: (1) resnet50_train_defense_fgsm_cifar.py (2) resnet50_train_defense_deepfool_cifar.py (3) resnet50_train_defense_bim_cifar.py (4) resnet50_train_defense_cw_cifar.py ResNet101: (1) resnet101_train_defense_fgsm_cifar.py (2) resnet101_train_defense_deepfool_cifar.py (3) resnet101_train_defense_bim_cifar.py (4) resnet101_train_defense_cw_cifar.py Test defense model GoogleNet: (1) googlenet_test_defense_fgsm_cifar.py (2) googlenet_test_defense_deepfool_cifar.py (3) googlenet_test_defense_bim_cifar.py (4) googlenet_test_defense_cw_cifar.py ResNet50: (1) resnet50_test_defense_fgsm_cifar.py (2) resnet50_test_defense_deepfool_cifar.py (3) resnet50_test_defense_bim_cifar.py (4) resnet50_test_defense_cw_cifar.py ResNet101: (1) resnet101_test_defense_fgsm_cifar.py (2) resnet101_test_defense_deepfool_cifar.py (3) resnet101_test_defense_bim_cifar.py (4) resnet101_test_defense_cw_cifar.py