Added new models.

PiperOrigin-RevId: 434780632

adversarial_robustness/README.md

@@ -2,9 +2,11 @@
 
 This repository contains the code needed to evaluate models trained in
 [Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples](https://arxiv.org/abs/2010.03593)
-(Gowal et al., 2020) and in
+(Gowal et al., 2020), in
 [Fixing Data Augmentation to Improve Adversarial Robustness](https://arxiv.org/abs/2103.01946)
-(Rebuffi et al., 2021).
+(Rebuffi et al., 2021) and in
+[Improving Robustness using Generated Data](https://arxiv.org/abs/2110.09468)
+(Gowal et al., 2021).
 
 
 ## Contents
@@ -50,6 +52,14 @@ The following table contains the models from **Rebuffi et al., 2021**.
 | CIFAR-100 | &#8467;<sub>&infin;</sub> | 8 / 255 | WRN-28-10 | &#x2717; | 62.41% | 32.06% | [jax](https://storage.googleapis.com/dm-adversarial-robustness/cifar100_linf_wrn28-10_cutmix_ddpm.npy), [pt](https://storage.googleapis.com/dm-adversarial-robustness/cifar100_linf_wrn28-10_cutmix_ddpm.pt)
 | CIFAR-100 | &#8467;<sub>&infin;</sub> | 8 / 255 | ResNet-18 | &#x2717; | 56.87% | 28.50% | [jax](https://storage.googleapis.com/dm-adversarial-robustness/cifar100_linf_resnet18_ddpm.npy), [pt](https://storage.googleapis.com/dm-adversarial-robustness/cifar100_linf_resnet18_ddpm.pt)
 
+The following table contains additional models from **Gowal et al., 2021**.
+
+| dataset | norm | radius | architecture | extra data | clean | robust | link |
+|---|:---:|:---:|:---:|:---:|---:|---:|:---:|
+| CIFAR-10 | &#8467;<sub>&infin;</sub> | 8 / 255 | WRN-70-16 | &#x2717; | 88.74% | 66.11% | [jax](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_wrn70-16_cutmix_ddpm_100m.npy), [pt](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_wrn70-16_cutmix_ddpm_100m.pt)
+| CIFAR-10 | &#8467;<sub>&infin;</sub> | 8 / 255 | WRN-70-16 | &#x2717; | 87.50% | 63.44% | [jax](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_wrn28-10_ddpm_100m.npy), [pt](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_wrn28-10_ddpm_100m.pt)
+| CIFAR-10 | &#8467;<sub>&infin;</sub> | 8 / 255 | ResNet-18 | &#x2717; | 87.35% | 58.63% | [jax](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_resnet18_ddpm_100m.npy), [pt](https://storage.googleapis.com/dm-adversarial-robustness/cifar10_linf_resnet18_ddpm_100m.pt)
+
 ### Installing
 
 The following has been tested using Python 3.9.2.
@@ -125,8 +135,9 @@ out to Sven Gowal directly.
 
 ### Generated datasets
 
-Rebuffi et al. (2021) use samples generated by a Denoising Diffusion
+Rebuffi et al. (2021) and Gowal et al. (2021) use samples generated by a
-Probabilistic Model [(DDPM; Ho et al., 2020)](https://arxiv.org/abs/2006.11239)
+Denoising Diffusion Probabilistic Model
+[(DDPM; Ho et al., 2020)](https://arxiv.org/abs/2006.11239)
 to improve robustness. The DDPM is solely trained on the original training data
 and does not use additional external data. The following table links to datasets
 of 1M **generated** samples for CIFAR-10, CIFAR-100 and SVHN.
@@ -172,6 +183,18 @@ and/or
 }
 ```
 
+and/or
+
+```
+@article{gowal2021generated,
+  title={Improving Robustness using Generated Data},
+  author={Gowal, Sven and Rebuffi, Sylvestre-Alvise and Wiles, Olivia and Stimberg, Florian and Calian, Dan A. and Mann, Timothy},
+  journal={arXiv preprint arXiv:2110.09468},
+  year={2021},
+  url={https://arxiv.org/pdf/2110.09468}
+}
+```
+
 ## Disclaimer
 
 This is not an official Google product.