def get_data(data_name, batch_size, workers):
if data_name == "image":
from data import CIFAR10
elif data_name == "featmap":
from data import CIFAR10_featmap as CIFAR10
transform = transforms.Compose(
[transforms.ToTensor(), ])
normalize = transforms.Normalize(mean=[0.485, 0.456, 0.406],
std=[0.229, 0.224, 0.225])
transform = transforms.Compose([
transforms.ToTensor(),
normalize,
])
trainset = CIFAR10(root='./data', train=True,
download=True, transform=transform)
testset = CIFAR10(root='./data', train=False,
download=True, transform=transform)
train_loader = torch.utils.data.DataLoader(trainset, batch_size=batch_size,
shuffle=True, num_workers=workers)
test_loader = torch.utils.data.DataLoader(testset, batch_size=batch_size,
shuffle=False, num_workers=workers)
classes = ('plane', 'car', 'bird', 'cat',
'deer', 'dog', 'frog', 'horse', 'ship', 'truck')
return train_loader, test_loader
def init_data_loader(dataset, data_path, batch_size, train=True, digits=None):
if dataset == "mnist":
if digits is not None:
return MNIST(data_path,
batch_size,
shuffle=False,
train=train,
condition_on=[digits])
else:
return MNIST(data_path, batch_size, shuffle=False, train=train)
elif dataset == "cifar10":
if digits is not None:
return CIFAR10(data_path,
batch_size,
shuffle=False,
train=train,
condition_on=[digits])
else:
return CIFAR10(data_path, batch_size, shuffle=False, train=train)
elif dataset == "fmnist":
if digits is not None:
return FMNIST(data_path,
batch_size,
shuffle=False,
train=train,
condition_on=[digits])
else:
return FMNIST(data_path, batch_size, shuffle=False, train=train)
elif dataset == "stl10":
if digits is not None:
return STL10(data_path,
batch_size,
shuffle=False,
train=train,
condition_on=[digits])
else:
return STL10(data_path, batch_size, shuffle=False, train=train)
mkdir(args.output_dir)
with open('%s/args' % args.output_dir, 'w') as f:
f.write(str(vars(args)) + '\n')
copy(args.arch_file + '.py', args.output_dir)
model = arch.get_model(args)
plot_model(model, to_file='%s/model.png' % args.output_dir, show_shapes=True)
if args.multigpu:
model = multi_gpu_model(model, 2)
c10 = CIFAR10()
lr_reducer = ReduceLROnPlateau(factor=np.sqrt(0.1), cooldown=0, patience=5, min_lr=1e-7)
early_stopper = EarlyStopping(min_delta=0.001, patience=10)
csv_logger = CSVLogger(args.output_dir + '/train.csv', append=False)
if args.classify == False:
model.compile(loss='mean_squared_error',
optimizer=Adam(lr=args.lr))
vis = Visualizer(args.output_dir, model, c10)
visuals = LambdaCallback(on_epoch_end=lambda epoch, logs: vis.visualize(epoch,logs))
model.fit_generator(
AutoFlow(c10.datagen_flow(args.batch_size, use_class=False)),
steps_per_epoch=c10.train_x.shape[0] // args.batch_size,
lr=_C.SOLVER.G_LR,
betas=(_C.SOLVER.BETA1, _C.SOLVER.BETA2),
)
return [optimizerG, optimizerD], []
# Define model
model = DCGAN()
# Make Output Folders
make_output_folders(_C)
# Pytorch-Lightening Trainer
trainer = pl.Trainer(
min_epochs=1,
max_epochs=_C.SOLVER.EPOCHS,
logger=comet_logger,
callbacks=[
CometGenerativeModelImageSampler(_C, 100, comet_logger),
],
gpus=_C.SYSTEM.NUM_GPU_WORKER,
)
# Let's Train!
trainer.fit(
model,
CIFAR10(_C),
)
# trainer.save_checkpoint(os.path.join(_C.OUTPUT.CHECKPOINT_DIR, "DCGAN.ckpt")
def load_cifar10(batch_size, add_trigger=False):
cifar10_data = CIFAR10(batch_size=batch_size, add_trigger=add_trigger)
return cifar10_data
def compute_vulnerability(args, attack_name, net, n_attacks=-1):
"""
Computes vulnerability using foolbox package of net
Parameters
----------
args : :class:`argparse.ArgumentParser`
The arguments passed to main.py
attack_name : string
The attack type. Must be one of
{'l1', 'l2', 'itl1', 'itl2', 'pgd', 'deepfool'}
net : :class:`torch.nn.Module`
The network whose vulnerability is computed.
n_attacks : int
The number of attacks to use for the computation of vulnerbaility.
If -1 or greater than dataset-size, uses the entire dataset.
Default: -1.
"""
print('\nStarting attacks of type ' + attack_name)
# Reload data without normalizing it
print('> Loading dataset %s...' % args.dataset)
if args.dataset == 'mnist':
_, loader = MNIST(root=args.datapath,
bs=args.bs,
valid_size=0.,
size=args.img_size,
normalize=False)
elif args.dataset == 'cifar':
_, loader = CIFAR10(root=args.datapath,
bs=args.bs,
valid_size=0.,
size=args.img_size,
normalize=False)
elif args.dataset == 'imgnet12':
_, loader = IMGNET12(root=args.datapath,
bs=args.bs,
valid_size=0.,
size=args.img_size,
normalize=False)
else:
raise NotImplementedError
print('> Done.')
# Image-normalizations (must be same as in data.py)
if args.raw_inputs:
means = [0., 0., 0.]
stds = [1., 1., 1.]
elif args.dataset == "mnist":
means = [0.1307]
stds = [0.3081]
elif args.dataset == "cifar":
means = [0.4914, 0.4822, 0.4465]
stds = [0.2023, 0.1994, 0.2010]
elif args.dataset == "imgnet12":
means = [.453, .443, .403]
stds = {
256: [.232, .226, .225],
128: [.225, .218, .218],
64: [.218, .211, .211],
32: [.206, .200, .200]
}[args.img_size]
else:
raise NotImplementedError
means = np.array(means).reshape(-1, 1, 1)
stds = np.array(stds).reshape(-1, 1, 1)
net.eval()
print('> Computing test accuracy...')
te_acc = do_pass(net, loader, args, means, stds)
print('> Done. Computed test accuracy: %5.2f' % te_acc)
# construct attack
bounds = (0, 1)
model = foolbox.models.PyTorchModel(net,
bounds=bounds,
preprocessing=(means, stds),
num_classes=args.categories)
# Choosing attack type
if attack_name == 'l1':
# vulnerability increases like sqrt(d) \propto img_size
# therefore, we divide the linfty-threshold by img_size
attack = partial(foolbox.attacks.FGSM(model, distance=Linfinity),
epsilons=1000,
max_epsilon=1. / args.img_size)
elif attack_name == 'l2':
# to be visually constant, the l2-threshold increases like sqrt d;
# but vulnerability also increases like sqrt d;
# therefore, use constant max_epsilon accross dimension d
attack = partial(foolbox.attacks.GradientAttack(model, distance=MSE),
epsilons=1000,
max_epsilon=1.)
elif attack_name == 'itl1':
it, eps = 10, 1. / args.img_size
attack = partial(foolbox.attacks.LinfinityBasicIterativeAttack(
model, distance=Linfinity),
iterations=it,
epsilon=eps,
stepsize=eps / (.75 * it),
binary_search=True)
elif attack_name == 'itl2':
it, eps = 10, 1.
attack = partial(foolbox.attacks.L2BasicIterativeAttack(model,
distance=MSE),
iterations=it,
epsilon=eps,
stepsize=eps / (.75 * it),
binary_search=True)
elif attack_name == 'pgd':
it, eps = 10, 1. / args.img_size
attack = partial(foolbox.attacks.RandomPGD(model, distance=Linfinity),
iterations=it,
epsilon=eps,
stepsize=eps / (.75 * it),
binary_search=True)
elif attack_name == 'deepFool':
attack = foolbox.attacks.DeepFoolAttack(model, distance=MSE)
elif attack_name == 'boundary':
attack = partial(foolbox.attacks.BoundaryAttack(model, distance=MSE),
iterations=2000,
log_every_n_steps=np.Infinity,
verbose=False)
else:
raise NotImplementedError(
"attack_name must be 'l1', 'l2', 'itl1', 'itl2', "
"'deepFool' or 'boundary'")
n_iterations = 0
results = {}
results['l2_snr'] = []
results['clean_grad'] = []
results['dirty_grad'] = []
results['l2_norm'] = []
results['linf_norm'] = []
n_fooled = 0
print('> Creating empty image-tensors')
n_saved = 64 if (n_attacks == -1) else min(n_attacks, 64)
clean_images = torch.zeros(n_saved, 3, args.img_size, args.img_size)
dirty_images = torch.zeros(n_saved, 3, args.img_size, args.img_size)
print('> Done.')
myPrint(("{:>15} " * 5).format("clean_grad", "dirty_grad", "linf_norm",
"l2_norm", "l2_snr"), args)
t0 = time.time()
for i, (images, labels) in enumerate(loader):
if n_iterations == n_attacks:
break
for i, clean_image in enumerate(images):
clean_label, clean_grad = classify(net, clean_image, args, means,
stds)
dirty_image_np = attack(clean_image.numpy(), clean_label)
if dirty_image_np is not None: # i.e. if adversarial was found
dirty_image = torch.Tensor(dirty_image_np)
_, dirty_grad = classify(net, dirty_image, args, means, stds)
if i < n_saved: # only save n_saved first images
dirty_images[i] = dirty_image.clone()
clean_images[i] = clean_image.clone()
l2_norm = (clean_image - dirty_image).norm().item()
linf_norm = (clean_image - dirty_image).abs().max().item()
l2_snr = 20. * math.log10(clean_image.norm().item() /
(l2_norm + 1e-6))
else:
l2_snr = dirty_grad = l2_norm = linf_norm = np.NaN
results['l2_snr'].append(l2_snr)
results['clean_grad'].append(clean_grad)
results['dirty_grad'].append(dirty_grad)
results['l2_norm'].append(l2_norm)
results['linf_norm'].append(linf_norm)
fmt_str = "{:>15.6f} " * 5
if ((attack.func._default_distance == MSE
and l2_norm < .005 * np.sqrt(args.img_size))
or (attack.func._default_distance == Linfinity
and linf_norm < .005)):
fmt_str += " * fooled!"
n_fooled += 1
myPrint(
fmt_str.format(clean_grad, dirty_grad, linf_norm, l2_norm,
l2_snr), args)
n_iterations += 1
if n_iterations == n_attacks:
break
# Printing summary
summary = {}
print("\n Summary for network in '{}' of test accuracy {}".format(
args.path, te_acc))
for key, value in results.items():
low95, high95 = conf95(value)
print("{:>10} mean:{:>10.5f} std:{:>10.5f} conf95:({:>10.5f}, "
"{:>10.5f}) minmax:({:>10.5f}, {:>10.5f})".format(
key, np.nanmean(value), np.nanstd(value), low95, high95,
np.nanmin(value), np.nanmax(value)))
summary[key] = [np.nanmean(value), np.nanstd(value), low95, high95]
percent = 100 * n_fooled / float(n_iterations)
print("{:>10} {:10d}s".format("Time", int(time.time() - t0)))
print("{:>10} {:10.1f}%".format("percent", percent))
# Preparing the output
output = dict()
output['summary'] = summary
output['results'] = results
output['clean_images'] = clean_images
output['dirty_images'] = dirty_images
output['percent'] = percent
output['te_acc'] = te_acc
return output
train_params = DataParams(root=root,
train=True,
transform=transform_train,
target_transform=None,
download=False,
mini=args.mini)
test_params = DataParams(root=root,
train=False,
transform=transform_test,
target_transform=None,
download=False,
mini=args.mini)
if dset == "cifar10":
trainset = CIFAR10(train_params)
testset = CIFAR10(test_params)
nclasses = 10
# TODO: Modify models to account for the different number of classes
elif dset == "cifar100":
trainset = CIFAR100(train_params)
testset = CIFAR100(test_params)
nclasses = 100
else:
raise NotImplementedError
# trainset = torchvision.datasets.CIFAR10(
# root='./data', train=True, download=False, transform=transform_train)
trainloader = torch.utils.data.DataLoader(trainset,
batch_size=args.batch_size,
shuffle=True,
# transforms.RandomCrop(160, padding=20),
# transforms.RandomHorizontalFlip(),
# transforms.RandomVerticalFlip(),
transforms.ToTensor(),
# transforms.Normalize((0.7089, 0.5047, 0.6507), (0.1280, 0.1978, 0.1358)),
# Cutout(n_holes=4, length=10)
])
transform_test = transforms.Compose([
# transforms.CenterCrop(160),
transforms.ToTensor(),
# transforms.Normalize((0.7089, 0.5047, 0.6507), (0.1280, 0.1978, 0.1358))
])
training_set = CIFAR10(root=DATA_ROOT + 'train/',
resize=224,
transform=transform_train)
test_set = CIFAR10(root=DATA_ROOT + 'test/',
resize=224,
transform=transform_test)
kwargs = {
'num_workers': 4 * len(GPU_IDS.split(',')),
'pin_memory': False
} if torch.cuda.is_available() else {}
train_loader = torch.utils.data.DataLoader(training_set,
batch_size=BATCH_SIZE,
**kwargs)
test_loader = torch.utils.data.DataLoader(test_set,
batch_size=BATCH_SIZE,
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
net = net.to(device)
torch.backends.cudnn.benchmark = True
print('> Loading dataset...')
if args.dataset == 'mnist':
tr_loader, va_loader, te_loader = MNIST(
root=args.datapath,
bs=args.bs,
valid_size=.1,
size=args.img_size,
normalize=(not args.raw_inputs))
elif args.dataset == 'cifar':
tr_loader, va_loader, te_loader = CIFAR10(
root=args.datapath,
bs=args.bs,
valid_size=.1,
size=args.img_size,
normalize=(not args.raw_inputs))
elif args.dataset == 'imgnet12':
tr_loader, va_loader, te_loader = IMGNET12(
root=args.datapath,
bs=args.bs,
valid_size=.1,
size=args.img_size,
normalize=(not args.raw_inputs))
else:
raise NotImplementedError
print('> Done.')
print('> Starting training.')
time_start = time.time()
best_testing_acc = testing_acc
best_training_acc = training_acc
best_setting = setting
# Reinitialize weights
net.apply(nets.weights_init)
except KeyboardInterrupt:
print("Terminating...")
finally:
save_plot("%s_best" % (name), best_training_acc, best_testing_acc,
best_setting)
if __name__ == "__main__":
dataset = CIFAR10()
# 0 1 2 3
# CV(relu)-Pool-CV(relu)-Pool-CV(relu)-Pool-CV(relu)-Pool-FC-FC-FC
#
depths = [64, 128, 256, 512]
kernels = [
3, # kernel sizes
3,
3,
3
]
paddings = [0, 1, 1, 1]
pools = [('Max', 2, 0), ('Avg', 2, 1), ('Avg', 2, 2), ('Avg', 2, 3)]
fullycons = [1024, 512, 10]
config = {
'input_dim': 32,