This repository contains the reproducibility package for the paper:
Frequency-Adaptive Spectral Evasion for Split-Learning Inference
The codebase implements a modular split-learning inference pipeline for evaluating frequency-adaptive adversarial evasion against image backbones. It separates reusable backend components in src/ from notebook-style execution scripts in scripts/, so reviewers can inspect the method implementation, reproduce the quantitative results, and regenerate the paper figures from the same code path.
The framework trains a split image classifier composed of:
- an
ImageClientthat extracts image embeddings from frozen pretrained backbones; - a
VFLServerthat performs downstream classification from the client embedding; - a full-model wrapper used for adversarial evaluation and visualization.
The attack pipeline evaluates standard first-order baselines and the proposed adaptive spectral attack. AT-SPGD perturbs inputs through a frequency-aware optimization path, while preserving a clean interface compatible with the split-learning inference model.
Install dependencies from the reproducibility requirements file:
pip install -r requirements.txtWe strongly recommend running the experiments on accelerator-backed environments such as Kaggle, Google Colab, or an equivalent CUDA-enabled workstation. The full benchmark uses multiple datasets, several pretrained backbone families, and a diverse set of adversarial attacks, so CPU-only execution is not practical for full reproduction.
Datasets are loaded through the official torchvision.datasets APIs with download=True. Baseline adversarial attacks are implemented through torchattacks where available. The only exception is SSA: src/attacks/ssa.py provides a PyTorch wrapper following the official Spectrum Simulation Attack release methodology for integration with this split-learning pipeline.
Execution order:
- Run
scripts/01_train_vfl.pyto train the split-learning models. This script exports model checkpoints required by the attack stage. - Run
scripts/02_evaluate_attacks.pyto evaluate baseline attacks and AT-SPGD. This script exports both metric tables and saved adversarial tensors for downstream analysis. - Run
scripts/03_visualize_results.pyto regenerate the paper-style plots and analysis tables from the saved attack artifacts.
The backend modules in src/ define the canonical model, data, attack, evaluation, and plotting behavior. The frontend scripts call these backend modules directly, so the exported notebooks and scripts produce the same plots and tables used for reporting.
Reviewer-facing notebooks are exported from the same script executions on Kaggle, including the results, tables, and plots, and placed in the project root:
These notebooks are intended to mirror the corresponding scripts in scripts/ while providing an interactive execution record for review.
src/
attacks/ # AT-SPGD and SSA attack implementations
data/ # Dataset loading and transforms
engine/ # Training and attack evaluation loops
models/ # Split-learning model components
utils/ # Metrics and evaluation utilities
visualization/ # Publication plotting functions
scripts/
01_train_vfl.py # Split-model training and checkpoint export
02_evaluate_attacks.py # Attack evaluation and artifact export
03_visualize_results.py # Figure/table regeneration
01_train_vfl.ipynb # Generated from 01_train_vfl.py
02_evaluate_attacks.ipynb # Generated from 02_evaluate_attacks.py
03_visualize_results.ipynb # Generated from 03_visualize_results.py
Generated outputs such as checkpoints, result tables, adversarial tensors, and figures are intentionally excluded from version control. They are recreated by running the scripts above in order.
This project is provided for research and scientific use. You are welcome to use and build upon these materials in your own academic work, provided that appropriate reference is given to this repository and its authors. Please cite the project in any publications, presentations, or derivative works that make use of the code or results.
Thank you for reviewing this work ♥︎