Beispiel #1
0
def test_adversary_mnist(algorithm, step, p, model_filename):

    import os
    from advertorch.test_utils import LeNet5
    from advertorch_examples.utils import get_mnist_test_loader
    from advertorch_examples.utils import TRAINED_MODEL_PATH

    # Setup
    torch.manual_seed(0)

    use_cuda = torch.cuda.is_available()
    device = torch.device("cuda" if use_cuda else "cpu")
    device = torch.device("cpu")

    model = LeNet5()
    model_path = os.path.join(TRAINED_MODEL_PATH, model_filename)
    model.load_state_dict(torch.load(model_path, map_location=device))
    model.eval()

    criterion = nn.CrossEntropyLoss()
    constraint = chop.constraints.make_LpBall(alpha=1., p=p)

    test_loader = get_mnist_test_loader(batch_size=1, shuffle=True)
    # Just get first batch
    for data, target in test_loader:
        break

    data, target = data.to(device), target.to(device)

    adv = Adversary(algorithm)

    if algorithm == optim.minimize_pgd:
        alg_kwargs = {'prox': constraint.prox, 'max_iter': 50, 'step': step}
    elif algorithm == optim.minimize_pgd_madry:
        alg_kwargs = {
            'prox': constraint.prox,
            'lmo': constraint.lmo,
            'max_iter': 50,
            'step': step
        }

    elif algorithm == optim.minimize_frank_wolfe:
        alg_kwargs = {
            'lmo': constraint.lmo,
            'step': step if step else 'sublinear',
            'max_iter': 50
        }

    # Run and log perturbation
    adv_loss, delta = adv.perturb(data, target, model, criterion, **alg_kwargs)
Beispiel #2
0
from advertorch_examples.benchmark_utils import benchmark_attack_success_rate

batch_size = 100
device = "cuda"

lst_attack = [
    (LinfPGDAttack, dict(
        loss_fn=nn.CrossEntropyLoss(reduction="sum"), eps=0.3,
        nb_iter=40, eps_iter=0.01, rand_init=False,
        clip_min=0.0, clip_max=1.0, targeted=False)),
]  # each element in the list is the tuple (attack_class, attack_kwargs)

mnist_clntrained_model = get_mnist_lenet5_clntrained().to(device)
mnist_advtrained_model = get_mnist_lenet5_advtrained().to(device)
mnist_test_loader = get_mnist_test_loader(batch_size=batch_size)

lst_setting = [
    (mnist_clntrained_model, mnist_test_loader),
    (mnist_advtrained_model, mnist_test_loader),
]


info = get_benchmark_sys_info()

lst_benchmark = []
for model, loader in lst_setting:
    for attack_class, attack_kwargs in lst_attack:
        lst_benchmark.append(benchmark_attack_success_rate(
            model, loader, attack_class, attack_kwargs))
Beispiel #3
0
from advertorch.test_utils import MLP

from advertorch_examples.utils import TRAINED_MODEL_PATH
from advertorch_examples.utils import get_mnist_test_loader

import foolbox
from foolbox.attacks.localsearch import SinglePixelAttack as SPAfb
from foolbox.attacks.localsearch import LocalSearchAttack as LSAfb

NUM_CLASS = 10
BATCH_SIZE = 10
# TODO: need to make sure these precisions are enough
ATOL = 1e-4
RTOL = 1e-4

loader_test = get_mnist_test_loader(BATCH_SIZE)

data_iter = iter(loader_test)
img_batch, label_batch = data_iter.next()

# Setup the test MLP model
model = MLP()
model.eval()
model.load_state_dict(
    torch.load(os.path.join(TRAINED_MODEL_PATH, 'mlp.pkl'),
               map_location='cpu'))
model.to("cpu")

# foolbox single pixel attack do not succeed on this model
#   therefore using mlp.pkl
# from advertorch.test_utils import LeNet5
Beispiel #4
0

if __name__ == '__main__':
    LAMBDA = 10
    ITERS = 200
    parser = argparse.ArgumentParser(description='Train MNIST')
    parser.add_argument('--seed', default=0, type=int)
    parser.add_argument('--train_batch_size', default=100, type=int)
    parser.add_argument('--test_batch_size', default=1000, type=int)
    parser.add_argument('--log_interval', default=10, type=int)
    args = parser.parse_args()
    model_filename = "mnist_wass_net.pt"
    torch.manual_seed(args.seed)
    train_loader = get_mnist_train_loader(batch_size=args.train_batch_size,
                                          shuffle=True)
    test_loader = get_mnist_test_loader(batch_size=args.test_batch_size,
                                        shuffle=False)

    filename = "mnist_lenet5_clntrained.pt"
    model = LeNet5()
    model.load_state_dict(
        torch.load(os.path.join(TRAINED_MODEL_PATH, filename),
                   map_location='cpu'))
    model.to(device)
    model.eval()
    adversary = L1BasicIterativeAttack(
        model,
        loss_fn=nn.CrossEntropyLoss(reduction="sum"),
        eps=0.2,
        nb_iter=10,
        eps_iter=0.01,
        clip_min=0.0,
Beispiel #5
0
with open('features/features_trainloader_tensor_' + net + '.pickle',
          'rb') as handle:
    features_trainloader = pickle.load(handle)
with open('features/labels_' + net + '.pickle', 'rb') as handle:
    labels = pickle.load(handle)

for l in range(4):
    features_trainloader[str(l + 1)] = features_trainloader[str(l +
                                                                1)].to(device)

if net == 'mnist':
    train_loader = get_mnist_train_loader(batch_size=train_batch_size,
                                          shuffle=True)
    train_loader_save = get_mnist_train_loader(batch_size=train_batch_size,
                                               shuffle=False)
    test_loader = get_mnist_test_loader(batch_size=1, shuffle=False)
elif net == 'fashion_mnist':
    train_loader = get_fashion_mnist_train_loader(batch_size=train_batch_size,
                                                  shuffle=True)
    test_loader = get_fashion_mnist_test_loader(batch_size=1, shuffle=False)
elif net == 'svhn':
    train_loader = get_svhn_train_loader(batch_size=train_batch_size,
                                         shuffle=True)
    test_loader = get_svhn_test_loader(batch_size=1, shuffle=False)

y_test = []
for i, (data, target) in enumerate(test_loader):
    y_test.append(target.item())
y_test = np.array(y_test)

np.random.seed(1234)
Beispiel #6
0
from advertorch_examples.utils import get_mnist_train_loader
from advertorch_examples.utils import get_mnist_test_loader

import constopt
from constopt.adversary import Adversary
from constopt.optim import PGD, PGDMadry, FrankWolfe, MomentumFrankWolfe

# Setup
torch.manual_seed(0)

use_cuda = torch.cuda.is_available()
device = torch.device("cuda" if use_cuda else "cpu")

# Data Loaders
train_loader = get_mnist_train_loader(batch_size=128, shuffle=True)
test_loader = get_mnist_test_loader(batch_size=512, shuffle=True)

# Model setup
model = LeNet5()
model.to(device)
criterion = nn.CrossEntropyLoss()

# Outer optimization parameters
nb_epochs = 20
optimizer = torch.optim.SGD(model.parameters(), lr=.1, momentum=.9)

# Inner optimization parameters
eps = 0.3
constraint = constopt.constraints.make_LpBall(alpha=eps, p=np.inf)
inner_iter = 40
inner_iter_test = 20
Beispiel #7
0
def s_dist(clns, advs):
    sinkhorn = SinkhornDistance(eps=0.1, max_iter=1000, reduction=None)
    x = np.array(clns).reshape(-1, 28 * 28, 1)
    y = np.array(advs).reshape(-1, 28 * 28, 1)
    x = torch.tensor(x).float()
    y = torch.tensor(y).float()
    w_dist, _, _ = sinkhorn(x, y)
    return torch.mean(255 * w_dist).numpy()


def w_dist(x, y):
    return (wass_model(x) - wass_model(y)).detach().numpy().mean()


loader = get_mnist_test_loader(batch_size=args.batch_size, shuffle=True)
clns = []
advs = []
trues = []
pred_clns = []
pred_advs = []
iter_counts = []
for batch_idx, (cln_data, true_label) in enumerate(loader):
    cln_data, true_label = cln_data.to(device), true_label.to(device)
    adv_untargeted, iter_count = adversary.perturb(cln_data, true_label)
    iter_counts.append(iter_count)
    pred_cln = predict_from_logits(model(cln_data))
    pred_untargeted_adv = predict_from_logits(model(adv_untargeted))
    clns = clns + list(cln_data.numpy())
    advs = advs + list(adv_untargeted.numpy())
    trues = trues + list(true_label.numpy())
Beispiel #8
0
def save_noisy_image(img, name):
    if img.size(1) == 3:
        img = img.view(img.size(0), 3, 32, 32)
        save_image(img, name)
    else:
        img = img.view(img.size(0), 1, 28, 28)
        save_image(img, name)


# Adopt True for the first time
generate_mnist = True

# Generate mnist images to folder
if generate_mnist == True:
    loader = get_mnist_test_loader(batch_size=1, shuffle=False)
    base_folder = f"Report/MNIST/groundtruth/1"
    os.makedirs(base_folder, exist_ok=True)
    count = 0
    for cln_data, true_label in loader:
        image_path = os.path.join(base_folder, f"{count}.png")
        save_noisy_image(cln_data, image_path)
        count += 1
    print("Generating MNIST finished!!!")

noise_type = args.noise
epsi = args.epsilon / 100

# Generate PGDA noise reports to folder
if noise_type == 'PGDA':
    filename = "mnist_lenet5_clntrained.pt"