def main():
args = parser.parse_args()
cfgs = [config_from_string(s) for s in args.ensemble]
ensemble = create_ensemble(cfgs,
args.ensemble_weights,
checkpoint_paths=args.checkpoint_paths).cuda()
ensemble.eval()
tf = transforms.Compose([
transforms.Scale(args.img_size),
transforms.CenterCrop(args.img_size),
transforms.ToTensor()
])
dataset = Dataset(args.input_dir, transform=tf, target_file='')
defense = Base(args.input_dir,
args.output_file,
ensemble,
dataset,
img_size=args.img_size,
batch_size=args.batch_size)
defense.run()
def main():
args = parser.parse_args()
cfgs = [config_from_string(s) for s in args.ensemble]
target_model = create_ensemble(cfgs, args.ensemble_weights, args.checkpoint_paths).cuda()
target_model.eval()
if args.targeted:
dataset = Dataset(args.input_dir)
else:
dataset = Dataset(args.input_dir, target_file='')
attack = AttackIterative(
model=target_model,
targeted=args.targeted,
random_start=args.random_start,
max_epsilon=args.max_epsilon,
norm=args.norm,
step_alpha=args.step_alpha,
num_steps=args.steps,
debug=args.debug)
runner = ImageSaveAttackRunner(dataset, args.output_dir)
runner.run(attack, batch_size=args.batch_size)
def main():
args = parser.parse_args()
tf = transforms.Compose([
transforms.ToTensor(),
])
dataset = Dataset(args.input_dir, transform=tf)
loader = data.DataLoader(dataset, batch_size=8, shuffle=False)
model_config_srings = ['Resnet18', 'InceptionResnetV2']
cfgs = [config_from_string(s) for s in model_config_srings]
ensemble = create_ensemble(cfgs, [1.0 for _ in cfgs])
augment = augmentations.AugmentationComposer([
augmentations.RandomCrop(269),
augmentations.Mirror(0.5),
augmentations.Blur(0.5, 0.5)
])
for cfg, model in zip(cfgs, ensemble.models):
checkpoint_path = os.path.join('/checkpoints/', cfg['checkpoint_file'])
checkpoint = torch.load(checkpoint_path)
if isinstance(checkpoint, dict) and 'state_dict' in checkpoint:
model.get_core_model().load_state_dict(checkpoint['state_dict'])
else:
model.get_core_model().load_state_dict(checkpoint)
ensemble.cuda()
ensemble.eval()
outputs = []
for batch_idx, (input, _) in enumerate(loader):
input = input.cuda()
input_var = autograd.Variable(input, volatile=True)
labels = ensemble(augment(input_var))
labels = labels.max(1)[1]
outputs.append(labels.data.cpu().numpy())
outputs = np.concatenate(outputs, axis=0)
with open(args.output_file, 'w') as out_file:
filenames = dataset.filenames()
for filename, label in zip(filenames, outputs):
filename = os.path.basename(filename)
out_file.write('{0},{1}\n'.format(filename, label))
def main():
args = parser.parse_args()
dataset = Dataset(args.input_dir, target_file='')
cfgs = [config_from_string(s) for s in args.ensemble]
target_model = create_ensemble(cfgs, args.ensemble_weights,
args.checkpoint_paths).cuda()
target_model.eval()
attack = SelectiveUniversal(target_model,
args.npy_files,
max_epsilon=args.max_epsilon,
try_mirrors=args.try_mirrors)
runner = ImageSaveAttackRunner(dataset, args.output_dir)
# Only supports batch size of 1
runner.run(attack, 1)
def main():
args = parser.parse_args()
cfgs = [config_from_string(s) for s in args.ensemble]
target_model = create_ensemble(cfgs, args.ensemble_weights,
args.checkpoint_paths).cuda()
target_model.eval()
if args.targeted:
dataset = Dataset(args.input_dir)
else:
dataset = Dataset(args.input_dir, target_file='')
attack = AttackCarliniWagnerL2(targeted=args.targeted,
max_steps=args.steps,
search_steps=args.search_steps,
debug=args.debug)
runner = ImageSaveAttackRunner(dataset, args.output_dir)
runner.run(attack, batch_size=args.batch_size)
def main():
args = parser.parse_args()
cfgs = [config_from_string(s) for s in args.ensemble]
target_model = create_ensemble(cfgs, args.ensemble_weights,
args.checkpoint_paths).cuda()
target_model.eval()
if args.no_augmentation:
augmentation = lambda x: x
else:
augmentation = processing.build_anp_augmentation_module(
saturation=args.saturation,
brightness_contrast=args.brightness_contrast,
gaus_blur_prob=args.gaus_blur_prob,
gaus_blur_size=args.gaus_blur_size,
gaus_blur_sigma=args.gaus_blur_sigma).cuda()
if args.targeted:
dataset = Dataset(args.input_dir)
else:
dataset = Dataset(args.input_dir, target_file='')
attack = CWInspired(target_model,
augmentation,
max_epsilon=args.max_epsilon,
n_iter=args.n_iter,
lr=args.lr,
targeted=args.targeted,
target_nth_highest=args.target_nth_highest,
prob_dont_augment=0.0,
always_target=args.always_target,
random_start=args.random_start,
n_restarts=args.n_restarts)
runner = ImageSaveAttackRunner(dataset,
args.output_dir,
time_limit_per_100=args.time_limit_per_100)
runner.run(attack, args.batch_size)
def main():
args = parser.parse_args()
num_gpu = args.num_gpu
if num_gpu == 1:
input_devices = [0]
output_devices = [0]
elif num_gpu == 2:
input_devices = [1]
output_devices = [0]
elif num_gpu == 3:
input_devices = [0, 1]
output_devices = [2]
elif num_gpu == 4:
input_devices = [0, 1]
output_devices = [2, 3]
else:
assert False, 'Unsupported number of gpus'
master_output_device = output_devices[0]
train_dir = os.path.join(args.data, 'train')
val_dir = os.path.join(args.data, 'validation')
train_dataset = datasets.ImageFolder(
train_dir,
transforms.Compose([
transforms.RandomSizedCrop(args.img_size),
transforms.RandomHorizontalFlip(),
transforms.ToTensor()
]))
train_loader = torch.utils.data.DataLoader(train_dataset,
batch_size=args.batch_size,
shuffle=True,
num_workers=args.workers,
pin_memory=True)
attack_cfgs = [
{
'attack_name': 'iterative',
'targeted': True,
'num_steps': 10,
'target_rand': True
},
{
'attack_name': 'iterative',
'targeted': False,
'num_steps': 1,
'random_start': True
},
{
'attack_name': 'cw_inspired',
'targeted': True,
'n_iter': 38
},
{
'attack_name': 'cw_inspired',
'targeted': False,
'n_iter': 38
},
]
attack_model_cfgs = [ # FIXME these are currently just test configs, need to setup properly
{
'models': ['inception_v3_tf']
},
{
'models': ['inception_resnet_v2', 'resnet34'],
'weights': [1.0, 1.0]
},
{
'models': ['adv_inception_resnet_v2', 'inception_v3_tf']
},
]
adv_generator = AdversarialGenerator(
train_loader,
model_cfgs=attack_model_cfgs,
attack_cfgs=attack_cfgs,
attack_probs=[0.4, 0.4, 0.1, 0.1],
output_batch_size=args.batch_size,
input_devices=input_devices,
master_output_device=master_output_device)
if args.mp:
adv_generator = MpFeeder(adv_generator, maxsize=8)
val_dataset = datasets.ImageFolder(
val_dir,
transforms.Compose([
transforms.Scale(int(math.floor(args.img_size / 0.875))),
transforms.CenterCrop(args.img_size),
transforms.ToTensor()
]))
val_loader = torch.utils.data.DataLoader(val_dataset,
batch_size=args.batch_size,
shuffle=False,
num_workers=args.workers,
pin_memory=True)
with torch.cuda.device(master_output_device):
defense_ensemble = ['adv_inception_resnet_v2',
'dpn68b_extra'] #FIXME argument
defense_cfgs = [
config_from_string(s, output_fn='') for s in defense_ensemble
]
if len(defense_ensemble) > 1:
defense_model = create_ensemble(defense_cfgs, None)
else:
defense_model = create_model_from_cfg(defense_cfgs[0])
if args.mt:
if len(defense_ensemble) > 1:
defense_model = multi_task.MultiTaskEnsemble(
defense_model.models, use_features=False)
else:
defense_model = multi_task.MultiTask(defense_model)
if len(output_devices) > 1:
defense_model = torch.nn.DataParallel(defense_model,
output_devices).cuda()
else:
defense_model.cuda()
if args.df:
adv_generator.set_dogfood(defense_model)
if args.opt == 'sgd':
optimizer = torch.optim.SGD(get_opt_params(
defense_model, classifier_only=args.co),
args.lr,
momentum=args.momentum,
weight_decay=args.weight_decay)
elif args.opt == 'adam':
optimizer = torch.optim.Adam(get_opt_params(
defense_model, classifier_only=args.co),
args.lr,
weight_decay=args.weight_decay)
else:
assert False, "Invalid optimizer specified"
if args.resume:
if os.path.isfile(args.resume):
print("=> loading checkpoint '{}'".format(args.resume))
checkpoint = torch.load(args.resume)
if isinstance(checkpoint, dict) and 'state_dict' in checkpoint:
args.start_epoch = checkpoint['epoch']
#best_prec1 = checkpoint['best_prec1']
defense_model.load_state_dict(checkpoint['state_dict'])
optimizer.load_state_dict(checkpoint['optimizer'])
print("=> loaded checkpoint '{}' (epoch {})".format(
args.resume, checkpoint['epoch']))
else:
# load from a non-training state dict only checkpoint
defense_model.load_state_dict(checkpoint)
print("=> loaded checkpoint '{}'".format(args.resume))
else:
print("=> no checkpoint found at '{}'".format(args.resume))
exit(-1)
criterion = torch.nn.CrossEntropyLoss().cuda()
best_prec1 = 0
for epoch in range(args.start_epoch, args.epochs):
adjust_learning_rate(args.lr,
optimizer,
epoch,
decay_epochs=args.decay_epochs)
# train for one epoch
train(args, adv_generator, defense_model, criterion, optimizer,
epoch)
# evaluate on validation set
prec1 = validate(args, val_loader, defense_model, criterion)
#FIXME run another validation on all adversarial examples?
# remember best prec@1 and save checkpoint
is_best = prec1 > best_prec1
best_prec1 = max(prec1, best_prec1)
save_checkpoint(
{
'epoch': epoch + 1,
'arch': 'FIXME',
'state_dict': defense_model.state_dict(),
'best_prec1': best_prec1,
'optimizer': optimizer.state_dict(),
},
is_best,
filename='checkpoint-%d.pth.tar' % epoch)
if args.mp:
adv_generator.shutdown()
adv_generator.done()
def main():
attack_start = time.time()
args = parser.parse_args()
dataset = Dataset(args.input_dir, target_file='')
batches_of_100 = len(dataset) / 100.0
print("Batches of 100: {}".format(batches_of_100))
print("Time limit per 100: {}".format(args.time_limit_per_100))
time_limit = max(
batches_of_100 * args.time_limit_per_100, 1.0
) # Helps pass the validation tool. Otherwise we see 0 images and therefore 0 seconds
print("Time remaining: {}".format(time_limit))
FINAL_DEADLINE = attack_start + time_limit
sys.stdout.flush()
cfgs = [config_from_string(s) for s in args.ensemble]
target_model = create_ensemble(cfgs, args.ensemble_weights,
args.checkpoint_paths).cuda()
target_model.eval()
attack = SelectiveUniversal(args.max_epsilon,
target_model,
args.npy_files,
try_mirrors=args.try_mirrors)
runner = ImageSaveAttackRunner(dataset,
args.output_dir,
time_limit_per_100=args.time_limit_per_100)
performance = runner.run(attack, 1)
del attack
remaining_indices = [
idx for idx, perf in enumerate(performance) if not performance[idx]
]
dataset2 = Subset(dataset, remaining_indices)
if args.no_augmentation:
augmentation = lambda x: x
else:
augmentation = nn.Sequential(
processing.RandomMirror(0.5),
processing.RandomGaussianBlur(0.5, 5, 3),
processing.RandomCrop(),
)
attack = CWInspired(target_model,
augmentation,
max_epsilon=args.max_epsilon,
n_iter=200,
lr=args.lr,
targeted=False,
target_nth_highest=3,
prob_dont_augment=0.0,
initial_w_matrix=None)
time_remaining = FINAL_DEADLINE - time.time()
images_remaining = len(dataset2)
time_remaining_per_100 = time_remaining / (images_remaining / 100.0)
print("Images remaining for cw_inspired: {}".format(images_remaining))
print("Time remaining: {}".format(time_remaining))
print("Time remaining per 100: {}".format(time_remaining_per_100))
sys.stdout.flush()
runner = ImageSaveAttackRunner(dataset2,
args.output_dir,
time_limit_per_100=time_remaining_per_100)
runner.run(attack, args.batch_size)
preprocess_data(train_data, test_data, data_loader_params)
#train_data = train_data.drop(['31','32','34','35','50'], axis=1)
if _BLENDING_ or _HOLDOUT_:
indices = np.arange(train_data.shape[0])
train_data, holdout, train_labels, holdout_labels, idx, idy = \
cross_validation.train_test_split(train_data, train_labels, indices, test_size=0.2, random_state=88)
if _ADD_PCA_FEATURE_:
pca_holdout = pca_train.iloc[idy, :]
pca_train_data = pca_train.iloc[idx, :]
print "PCA shape: ", pca_holdout.shape, pca_train.shape
if _CREATE_ENSEMBLE_:
train_data, train_labels, ensemble = md.create_ensemble(
train_data, train_labels)
# first cross-validate
model = md._ESTIMATORS_META_[_MAIN_ESTIMATOR_]()
if _CROSS_VALIDATE_ and not _BLENDING_:
md.cross_validate_model(train_data, train_labels, _K_FOLDS_, model)
if _CREATE_ENSEMBLE_:
test_data = md.append_test_data(test_data, ensemble)
if _BLENDING_:
train_data_blended, holdout_blended, test_data_blended = md.blend_models(
_K_FOLDS_, train_data, train_labels, holdout, test_data,
_TEST_MODE_)
if _ADD_PCA_FEATURE_:
ensemble_weights = [1.0]
"""
checkpoint_paths = [
os.path.join(CHECKPOINT_DIR,
config_from_string(m)['checkpoint_file']) for m in ensemble
]
out_filename = '{}_{}_eps{}'.format(''.join(ensemble), TARGET_CLASS,
max_epsilon)
dataset = Dataset(input_dir)
img_size = 299
cfgs = [config_from_string(s) for s in ensemble]
target_model = create_ensemble(cfgs, ensemble_weights, checkpoint_paths).cuda()
target_model.eval()
eps = max_epsilon / 255.0
loader = data.DataLoader(dataset, batch_size=batch_size, shuffle=True)
tf = transforms.Compose([
transforms.Scale(img_size),
transforms.CenterCrop(img_size),
transforms.ToTensor()
])
dataset.set_transform(tf)
class PerturbationNet(nn.Module):
