Data and code for "Generalization of Defense Effects Learned from a Single Adversarial Attack"

This dataset supports the manuscript entitled “Generalization of Defense Effects Learned from a Single Adversarial Attack”. The study investigated whether adversarial training can generalize its defense effects from one attack method to other attacks. The main hypothesis was that broader coverage of attack directions can improve cross-attack defense generalization more effectively than only increasing attack strength.

The dataset contains the source code, configuration files, trained model checkpoints, generated adversarial-example datasets, and experimental results used in the experiments. The experiments were conducted on MNIST, CIFAR-10, and CIFAR-100. The adversarial examples were generated using FGSM, PGD, and CW under the L2-norm constraint, including gradient-vicinity variants that sample perturbation directions around the original gradient direction. The generated adversarial datasets are stored as .pt files containing clean images, adversarial images, and class labels.

These data show how models trained with adversarial examples generated from different attack directions performed under clean and adversarial evaluation settings. They can be used to reproduce the training and evaluation procedures reported in the manuscript, compare standard adversarial training with Gradient Vicinity Adversarial Training, and analyze how attack direction coverage affects defense generalization across different attacks.

The original MNIST, CIFAR-10, and CIFAR-100 datasets are not redistributed in this repository. Users should download the original datasets from their official sources or through torchvision, and then follow the instructions in the README file to prepare the data, generate adversarial examples, train models, and evaluate the checkpoints.

The source code is also available at: https://github.com/cat12master/Generalization-of-Defense-Effects-Learned-From-A-Single-Adversarial-Attack