def exp(net, model_name, attack, test_dataset, device):
original_net = None
image_size = (128, 128)
if model_name == 'baseline':
original_net = BaseCNN()
elif model_name == 'nvidia':
original_net = Nvidia()
elif model_name == 'vgg16':
original_net = Vgg16()
original_net.load_state_dict(torch.load(model_name + '.pt'))
original_net = original_net.to(device)
original_net.eval()
# print(ast_ori, ast_dist)
test_y = pd.read_csv('ch2_final_eval.csv')['steering_angle'].values
test_composed = transforms.Compose(
[Rescale(image_size),
Preprocess('baseline'),
ToTensor()])
test_dataset = UdacityDataset(dataset_path, ['testing'], test_composed,
'test')
test_generator = DataLoader(test_dataset, batch_size=64, shuffle=False)
target = 0.3
ast_ori, _ = fgsm_ex(test_generator, original_net, model_name, target,
device, len(test_dataset))
ast_dist, _ = fgsm_ex(test_generator, net, model_name, target, device,
len(test_dataset))
print('fgsm:', ast_ori, ast_dist)
advt_model = model_name + '_' + attack
ast_ori, _ = advGAN_ex(test_generator, original_net, model_name, target,
device, len(test_dataset))
ast_dist, _ = advGAN_ex(test_generator, net, advt_model, target, device,
len(test_dataset))
print('advGAN:', ast_ori, ast_dist)
advt_model = model_name + '_' + attack
ast_ori, _ = advGAN_uni_ex(test_generator, original_net, model_name,
target, device, len(test_dataset))
ast_dist, _ = advGAN_uni_ex(test_generator, net, advt_model, target,
device, len(test_dataset))
print('advGAN_uni:', ast_ori, ast_dist)
advt_model = model_name + '_' + attack
ast_ori, _ = opt_uni_ex(test_generator, original_net, model_name, target,
device, len(test_dataset))
ast_dist, _ = opt_uni_ex(test_generator, net, advt_model, target, device,
len(test_dataset))
print('opt_uni:', ast_ori, ast_dist)
ast_ori, _ = opt_ex(test_dataset, original_net, model_name, target, device,
len(test_dataset))
ast_dist, _ = opt_ex(test_dataset, net, model_name, target, device,
len(test_dataset))
print('opt:', ast_ori, ast_dist)
def advGAN_Attack(model_name, target_model_path, target, train_dataset, universal=False):
image_nc=3
epochs = 60
batch_size = 64
BOX_MIN = 0
BOX_MAX = 1
# target = 0.2
# Define what device we are using
print("CUDA Available: ",torch.cuda.is_available())
device = torch.device("cuda" if (torch.cuda.is_available()) else "cpu")
image_size = (128, 128)
if 'baseline' in target_model_path:
targeted_model = BaseCNN().to(device)
#image_size = (128, 128)
elif 'nvidia' in target_model_path:
targeted_model = Nvidia().to(device)
#image_size = (66, 200)
elif 'vgg16' in target_model_path:
targeted_model = Vgg16().to(device)
#image_size = (224, 224)
targeted_model.load_state_dict(torch.load(target_model_path))
targeted_model.eval()
if not universal:
advGAN = AdvGAN_Attack(
device,
targeted_model,
model_name,
target,
image_nc,
BOX_MIN,
BOX_MAX)
else:
advGAN = AdvGAN_Uni_Attack(
device,
targeted_model,
model_name,
image_size,
target,
image_nc,
BOX_MIN,
BOX_MAX)
advGAN.train(train_dataset, epochs)
return advGAN
def cal_detection_rate():
for model_name in ['baseline', 'nvidia', 'vgg16']:
# model_name = 'vgg16'
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
if 'baseline' in model_name:
net = BaseCNN()
elif 'nvidia' in model_name:
net = Nvidia()
elif 'vgg16' in model_name:
net = Vgg16(False)
net.load_state_dict(torch.load(model_name + '.pt'))
net.eval()
net = net.to(device)
dataset_path = '../udacity-data'
root_dir = dataset_path
test_composed = transforms.Compose([Rescale((128, 128)), Preprocess('baseline'), ToTensor()])
image_size = (128, 128)
full_dataset = UdacityDataset(root_dir, ['testing'], test_composed, type_='test')
full_indices = list(range(5614))
test_indices = list(np.random.choice(5614, int(0.2*5614), replace=False))
train_indices = list(set(full_indices).difference(set(test_indices)))
train_dataset = torch.utils.data.Subset(full_dataset, train_indices)
test_dataset = torch.utils.data.Subset(full_dataset, test_indices)
test_data_loader = DataLoader(full_dataset, batch_size=1, shuffle=False)
num_sample = len(full_dataset)
target = 0.3
# attack_detection(model_name, net, test_data_loader, attack='fgsm')
# attack_detection(model_name, net, test_data_loader, attack='advGAN')
# attack_detection(model_name, net, test_data_loader, attack='advGAN_uni')
# attack_detection(model_name, net, test_data_loader, attack='opt_uni')
# attack_detection(model_name, net, test_data_loader, attack='opt')
print('threshold', 0.01)
attack_detection(model_name, net, test_data_loader, attack='fgsm', threshold=0.01)
attack_detection(model_name, net, test_data_loader, attack='advGAN', threshold=0.01)
attack_detection(model_name, net, test_data_loader, attack='advGAN_uni', threshold=0.01)
attack_detection(model_name, net, test_data_loader, attack='opt_uni', threshold=0.01)
attack_detection(model_name, net, test_data_loader, attack='opt', threshold=0.01)
def ex3_gen_adv(generator, gen_model, device):
root_dir = '../udacity-data'
adv_root_dir = '../udacity-data/adv_data'
device = torch.device("cuda" if (torch.cuda.is_available()) else "cpu")
image_size = (128, 128)
test_composed = transforms.Compose([Rescale(image_size), Preprocess(), ToTensor()])
basecnn = 'baseline.pt'
nvidia = 'nvidia.pt'
vgg16 = 'vgg16.pt'
model1 = BaseCNN()
model1.to(device)
model1.load_state_dict(torch.load(basecnn))
model1.eval()
model2 = Nvidia()
model2.to(device)
model2.load_state_dict(torch.load(nvidia))
model2.eval()
model3 = Vgg16()
model3.to(device)
model3.load_state_dict(torch.load(vgg16))
model3.eval()
target_models = []
target_models.append(('baseline', model1))
#target_models.append(('nvidia', model2))
target_models.append(('vgg16', model3))
train = 0
attacks = ['advGAN_attack']
# attacks = ['fgsm_attack', 'universal_attack', 'advGAN_attack', 'advGAN_universal_attack', 'opt_attack',]
target = 0.3
if train:
hmb_list =[('HMB1', 1479424215880976321),('HMB2', 1479424439139199216),('HMB4', 1479425729831388501), ('HMB5', 1479425834048269765), ('HMB6', 1479426202229245710)]
else:
hmb_list = [('testing', 1479425441182877835)]
# for (model_name, model) in target_models:
# noise_u = np.load(model_name + '_universal_attack_noise.npy')
# noise_u = torch.from_numpy(noise_u).type(torch.FloatTensor).to(device)
# advGAN_generator = Generator(3,3, model_name).to(device)
# advGAN_uni_generator = Generator(3,3, model_name).to(device)
# advGAN_generator.load_state_dict(torch.load('./models/' + model_name + '_netG_epoch_60.pth'))
# advGAN_uni_generator.load_state_dict(torch.load('./models/' + model_name + '_universal_netG_epoch_60.pth'))
# noise_seed = np.load(model_name + '_noise_seed.npy')
# noise_a = advGAN_uni_generator(torch.from_numpy(noise_seed).type(torch.FloatTensor).to(device))
# save_dir = os.path.join(adv_root_dir, model_name)
for (model_name, model) in target_models:
noise_u = np.load(model_name + '_universal_attack_noise.npy')
noise_u = torch.from_numpy(noise_u).type(torch.FloatTensor).to(device)
advGAN_generator = Generator(3,3, model_name).to(device)
advGAN_uni_generator = Generator(3,3, model_name).to(device)
advGAN_generator.load_state_dict(torch.load('./models/' + model_name + '_netG_epoch_60.pth'))
advGAN_generator.eval()
advGAN_uni_generator.load_state_dict(torch.load('./models/' + model_name + '_universal_netG_epoch_60.pth'))
advGAN_uni_generator.eval()
noise_seed = np.load(model_name + '_noise_seed.npy')
noise_a = advGAN_uni_generator(torch.from_numpy(noise_seed).type(torch.FloatTensor).to(device))
save_dir = os.path.join(adv_root_dir, model_name)
for (hmb, start) in hmb_list:
print(model_name ,hmb)
if train:
train_dataset = UdacityDataset(root_dir, [hmb], test_composed, type_='train')
else:
train_dataset = UdacityDataset(root_dir, [hmb], test_composed, type_='test')
generator = DataLoader(train_dataset, batch_size=64, shuffle=False, num_workers=8)
for i, batch in enumerate(generator):
batch_x = batch['image']
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
_, plt, _, perturbed_image = attack_test.fgsm_attack_test(model, batch_x, target, device, image_size=image_size)
plt.close()
if train:
for j in range(len(perturbed_image)):
np.save('../udacity-data/adv_data/' + model_name + '/fgsm_attack/' + hmb + '/' + str(i*64 + start + j), perturbed_image[j,:,:,:])
else:
np.save('../udacity-data/adv_testing/' + model_name + '/fgsm_attack/' + hmb + '/npy/' + 'batch_' + str(i), perturbed_image)
_, plt, perturbed_image = attack_test.optimized_uni_test(model, batch_x, device, noise_u, image_size=image_size)
plt.close()
if train:
for j in range(len(perturbed_image)):
np.save('../udacity-data/adv_data/' + model_name + '/universal_attack/' + hmb + '/' + str(i*64 + start + j), perturbed_image[j,:,:,:])
else:
np.save('../udacity-data/adv_testing/' + model_name + '/universal_attack/' + hmb + '/npy/' + 'batch_' + str(i), perturbed_image)
_, plt, perturbed_image = attack_test.advGAN_test(model, batch_x, advGAN_generator, device, image_size=image_size)
plt.close()
if train:
for j in range(len(perturbed_image)):
np.save('../udacity-data/adv_data/' + model_name + '/advGAN_attack/' + hmb + '/' + str(i*64 + start + j), perturbed_image[j,:,:,:])
else:
np.save('../udacity-data/adv_testing/' + model_name + '/advGAN_attack/' + hmb + '/npy/' + 'batch_' + str(i), perturbed_image)
_, plt, perturbed_image = attack_test.advGAN_uni_test(model, batch_x, device, noise_a, image_size=image_size)
plt.close()
if train:
for j in range(len(perturbed_image)):
np.save('../udacity-data/adv_data/' + model_name + '/advGAN_universal_attack/' + hmb + '/' + str(i*64 + start + j), perturbed_image[j,:,:,:])
else:
np.save('../udacity-data/adv_testing/' + model_name + '/advGAN_universal_attack/' + hmb + '/npy/' + 'batch_' + str(i), perturbed_image)
for (model_name, model) in target_models:
for (hmb, start) in hmb_list:
print(model_name, hmb)
if train:
train_dataset = UdacityDataset(root_dir, [hmb], test_composed, type_='train')
else:
train_dataset = UdacityDataset(root_dir, [hmb], test_composed, type_='test')
# npy = np.array([], dtype=np.float64).reshape(1, 3, 128, 128)
npy = None
for i in range(0, len(train_dataset)):
batch_x = train_dataset[i]['image']
batch_x = batch_x.unsqueeze(0)
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
_, plt, perturbed_image = attack_test.optimized_attack_test(model, batch_x, target, device, image_size=image_size)
plt.close()
if train:
for j in range(len(perturbed_image)):
np.save('../udacity-data/adv_data/' + model_name + '/opt_attack/' + hmb + '/' + str(i*64 + start + j), perturbed_image[j,:,:,:])
else:
if i == 0:
npy = perturbed_image
elif i % 64 != 0:
npy = np.concatenate((npy, perturbed_image))
else:
np.save('../udacity-data/adv_testing/' + model_name + '/opt_attack/' + hmb + '/npy/' + 'batch_' + str(i // 64 - 1), npy)
npy = perturbed_image
if not train:
np.save('../udacity-data/adv_testing/' + model_name + '/opt_attack/' + hmb + '/npy/' + 'batch_' + str(5614 // 64), npy)
def experiment_1():
device = torch.device("cuda" if (torch.cuda.is_available()) else "cpu")
target_models = []
basecnn = 'baseline.pt'
nvidia = 'nvidia.pt'
vgg16 = 'vgg16.pt'
model1 = BaseCNN()
model1.to(device)
model1.load_state_dict(torch.load(basecnn))
model1.eval()
model2 = Nvidia()
model2.to(device)
model2.load_state_dict(torch.load(nvidia))
model2.eval()
model3 = Vgg16()
model3.to(device)
model3.load_state_dict(torch.load(vgg16))
model3.eval()
target_models.append(('baseline', model1))
# target_models.append(('vgg16', model3))
# target_models.append(('nvidia', model2))
root_dir = '../udacity-data'
target = 0.3
attacks = ('FGSM', 'Optimization', 'Optimization Universal', 'AdvGAN', 'AdvGAN Universal')
fgsm_result = []
opt_result = []
optu_result = []
advGAN_result = []
advGANU_result = []
fgsm_diff = []
opt_diff = []
optu_diff = []
advGAN_diff = []
advGANU_diff = []
# models = ('baseline')
full_indices = list(range(5614))
test_indices = list(np.random.choice(5614, int(0.2*5614), replace=False))
train_indices = list(set(full_indices).difference(set(test_indices)))
image_size = (128, 128)
# if model_name == 'baseline':
# image_size = (128, 128)
# elif model_name == 'nvidia':
# image_size = (66, 200)
# elif model_name == 'vgg16':
# image_size = (224, 224)
test_composed = transforms.Compose([Rescale((image_size[1],image_size[0])), Preprocess(), ToTensor()])
# train_dataset = UdacityDataset(root_dir, ['HMB1', 'HMB2', 'HMB4'], test_composed, type_='train')
full_dataset = UdacityDataset(root_dir, ['testing'], test_composed, type_='test')
train_dataset = torch.utils.data.Subset(full_dataset, train_indices)
test_dataset = torch.utils.data.Subset(full_dataset, test_indices)
for (model_name, model) in target_models:
# train_size = int(0.8*len(full_dataset))
# test_size =len(full_dataset) - train_size
test_data_loader = torch.utils.data.DataLoader(full_dataset,batch_size=64,shuffle=False)
num_sample = len(full_dataset)
# universal perturbation generation
if not os.path.exists(model_name + '_universal_attack_noise.npy'):
print('Start universal attack training')
perturbation = generate_noise(train_dataset, model, model_name, device, target)
np.save(model_name + '_universal_attack_noise', perturbation)
print('Finish universal attack training.')
# # advGAN training
if not os.path.exists('./models/' + model_name + '_netG_epoch_60.pth'):
print('Start advGAN training')
advGAN = advGAN_Attack(model_name, model_name + '.pt', target + 0.2, train_dataset)
torch.save(advGAN.netG.state_dict(), './models/' + model_name +'_netG_epoch_60.pth')
print('Finish advGAN training')
# # advGAN_uni training
if not os.path.exists('./models/' + model_name + '_universal_netG_epoch_60.pth'):
print('Start advGAN_uni training')
advGAN_uni = advGAN_Attack(model_name, model_name + '.pt', target + 0.2, train_dataset, universal=True)
advGAN_uni.save_noise_seed(model_name + '_noise_seed.npy')
torch.save(advGAN_uni.netG.state_dict(), './models/' + model_name +'_universal_netG_epoch_60.pth')
print('Finish advGAN_uni training')
print("Testing: " + model_name)
#fgsm attack
fgsm_ast, diff = fgsm_ex(test_data_loader, model, model_name, target, device, num_sample, image_size)
print(fgsm_ast)
fgsm_result.append(fgsm_ast)
fgsm_diff.append(diff)
# # optimization attack
opt_ast, diff = opt_ex(test_dataset, model, model_name, target, device, num_sample, image_size)
print(opt_ast)
opt_result.append(opt_ast)
opt_diff.append(diff)
# optimized-based universal attack
optu_ast, diff = opt_uni_ex(test_data_loader, model, model_name, target, device, num_sample, image_size)
print(optu_ast)
optu_result.append(optu_ast)
optu_diff.append(diff)
# advGAN attack
advGAN_ast, diff = advGAN_ex(test_data_loader, model, model_name, target, device, num_sample, image_size)
print(advGAN_ast)
advGAN_result.append(advGAN_ast)
advGAN_diff.append(diff)
# advGAN_universal attack
advGANU_ast, diff = advGAN_uni_ex(test_data_loader, model, model_name, target, device, num_sample, image_size)
print(advGANU_ast)
advGANU_result.append(advGANU_ast)
advGANU_diff.append(diff)
def experiment_2(gen=True):
device = torch.device("cuda" if (torch.cuda.is_available()) else "cpu")
target_models = []
basecnn = 'baseline.pt'
nvidia = 'nvidia.pt'
vgg16 = 'vgg16.pt'
model1 = BaseCNN()
model1.to(device)
model1.load_state_dict(torch.load(basecnn))
model1.eval()
model2 = Nvidia()
model2.to(device)
model2.load_state_dict(torch.load(nvidia))
model2.eval()
model3 = Vgg16()
model3.to(device)
model3.load_state_dict(torch.load(vgg16))
model3.eval()
target_models.append(('baseline', model1))
target_models.append(('nvidia', model2))
target_models.append(('vgg16', model3))
root_dir = '../udacity-data'
target = 0.3
models = ('baseline', 'nvidia', 'vgg16')
# ex2_fun(target_models[0], target_models[1], device)
attacks = ('fgsm_attack', 'opt_attack', 'universal_attack', 'advGAN_attack', 'advGAN_universal_attack')
# blackbox test adv image from baseline on nvidia
print('No.1')
result = ex2_fun(target_models[0], target_models[1], device)
# plt_ = ex2_draw(result)
# plt_.title('Test ' + target_models[0][0] + ' adv_image on ' + target_models[1][0] + ' model')
# plt_.savefig('experiment_result/experiment_2/0-1.jpg')
# plt_.close()
print('No.2')
result = ex2_fun(target_models[0], target_models[2], device)
# plt_ = ex2_draw(result)
# plt_.title('Test ' + target_models[0][0] + ' adv_image on ' + target_models[2][0] + ' model')
# plt_.savefig('experiment_result/experiment_2/0-2.jpg')
# plt_.close()
print('No.3')
result = ex2_fun(target_models[1], target_models[0], device)
# plt_ = ex2_draw(result)
# plt_.title('Test ' + target_models[1][0] + ' adv_image on ' + target_models[0][0] + ' model')
# plt_.savefig('experiment_result/experiment_2/1-0.jpg')
# plt_.close()
print('No.4')
result = ex2_fun(target_models[1], target_models[2], device)
# plt_ = ex2_draw(result)
# plt_.title('Test ' + target_models[1][0] + ' adv_image on ' + target_models[2][0] + ' model')
# plt_.savefig('experiment_result/experiment_2/1-2.jpg')
# plt_.close()
print('No.5')
result = ex2_fun(target_models[2], target_models[0], device)
# plt_ = ex2_draw(result)
# plt_.title('Test ' + target_models[2][0] + ' adv_image on ' + target_models[0][0] + ' model')
# plt_.savefig('experiment_result/experiment_2/2-0.jpg')
# plt_.close()
print('No.6')
result = ex2_fun(target_models[2], target_models[1], device)
# resized_image_height = 128
# resized_image_width = 128
# elif model_name == "vgg16":
# resized_image_height = 224
# resized_image_width = 224
# elif model_name == "nvidia":
# resized_image_height = 66
# resized_image_width = 200
image_size = (resized_image_width, resized_image_height)
dataset_path = args.root_dir
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
# print(device)
if model_name == 'baseline':
net = BaseCNN()
elif model_name == 'nvidia':
net = Nvidia()
elif model_name == 'vgg16':
net = Vgg16()
net.apply(weight_init)
net = net.to(device)
# net.to(device)
if train != 0:
if train == 2:
net.load_state_dict(torch.load(model_name + '.pt'))
composed = transforms.Compose([
Rescale(image_size),
RandFlip(),
RandRotation(),
Preprocess(model_name),
def test_on_gen(net, model_name, dataset_path, attack, device):
original_net = None
if model_name == 'baseline':
original_net = BaseCNN()
elif model_name == 'nvidia':
original_net = Nvidia()
elif model_name == 'vgg16':
original_net = build_vgg16(False)
original_net.load_state_dict(torch.load(model_name + '.pt'))
original_net = original_net.to(device)
original_net.eval()
test_y = pd.read_csv('ch2_final_eval.csv')['steering_angle'].values
test_composed = transforms.Compose(
[Rescale(image_size),
Preprocess('baseline'),
ToTensor()])
test_dataset = UdacityDataset(dataset_path, ['testing'], test_composed,
'test')
test_generator = DataLoader(test_dataset, batch_size=1, shuffle=False)
with torch.no_grad():
# test on original dataset
yhat = []
y_original = []
# test_y = []
for _, sample_batched in enumerate(test_generator):
batch_x = sample_batched['image']
batch_y = sample_batched['steer']
batch_x = batch_x.type(torch.FloatTensor)
batch_y = batch_y.type(torch.FloatTensor)
batch_x = batch_x.to(device)
batch_y = batch_y.to(device)
output = net(batch_x)
output_ori = original_net(batch_x)
# print(output.item(), batch_y.item())
yhat.append(output.item())
y_original.append(output_ori.item())
yhat = np.array(yhat)
y_original = np.array(y_original)
rmse = np.sqrt(np.mean((yhat - test_y)**2))
rmse_ori = np.sqrt(np.mean((y_original - test_y)**2))
print('adv model on ori dataset:', rmse, 'ori model on ori dataset: ',
rmse_ori)
plt.figure(figsize=(32, 8))
plt.plot(test_y, 'r.-', label='target')
plt.plot(yhat, 'b^-', label='predict')
plt.legend(loc='best')
plt.title("RMSE: %.2f" % rmse)
# plt.show()
model_fullname = "%s_%d.png" % (model_name + '_' + attack,
int(time.time()))
plt.savefig(model_fullname)
test_generator = DataLoader(test_dataset, batch_size=64, shuffle=False)
target = 0.3
# test adv_training model on adv images generated based on itself
# ast_ori, _ = fgsm_ex(test_generator, original_net, 'baseline', target, device, len(test_dataset))
# ast_dist,_ = fgsm_ex(test_generator, net, 'baseline', target, device, len(test_dataset))
# print(ast_ori, ast_dist)
success = 0
success_ = 0
# test adv_training model on adv images generated based on original model
for _, sample_batched in enumerate(test_generator):
batch_x = sample_batched['image']
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
y_pred = net(batch_x)
y_pred_ori = original_net(batch_x)
# fgsm_attack
adv_x = fgsm_attack_(original_net, batch_x, target, device)
y_fgsm = net(adv_x)
y_ori_fgsm = original_net(adv_x)
diff = abs(y_fgsm - y_pred)
success += len(diff[diff >= abs(target)])
diff = abs(y_ori_fgsm - y_pred_ori)
success_ += len(diff[diff >= abs(target)])
print('fgsm', success / len(test_dataset), success_ / len(test_dataset))
# opt attack
# success = 0
# success_ = 0
# for _,sample_batched in enumerate(test_dataset):
# batch_x = sample_batched['image']
# batch_x = batch_x.type(torch.FloatTensor)
# batch_x = batch_x.unsqueeze(0)
# batch_x = batch_x.to(device)
# y_pred = net(batch_x)
# y_pred_ori = original_net(batch_x)
# # fgsm_attack
# # adv_x = fgsm_attack_(original_net, batch_x, target, device)
# adv_x,_,_,_ = optimized_attack(original_net, target, batch_x)
# y_fgsm = net(adv_x)
# y_ori_fgsm = original_net(adv_x)
# diff = abs(y_fgsm - y_pred)
# success += len(diff[diff >= abs(target)])
# diff = abs(y_ori_fgsm - y_pred_ori)
# success_ += len(diff[diff >= abs(target)])
# print('opt', success / len(test_dataset), success_ / len(test_dataset))
# opt universal attack
noise_u = np.load(model_name + '_universal_attack_noise.npy')
noise_u = torch.from_numpy(noise_u).type(torch.FloatTensor).to(device)
success = 0
success_ = 0
for _, sample_batched in enumerate(test_generator):
batch_x = sample_batched['image']
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
y_pred = net(batch_x)
y_pred_ori = original_net(batch_x)
# adv_x = fgsm_attack_(original_net, batch_x, target, device)
# noise = advGAN_generator(batch_x)
perturbed_image = batch_x + noise_u
adv_x = torch.clamp(perturbed_image, 0, 1)
y_fgsm = net(adv_x)
y_ori_fgsm = original_net(adv_x)
diff = abs(y_fgsm - y_pred)
success += len(diff[diff >= abs(target)])
diff = abs(y_ori_fgsm - y_pred_ori)
success_ += len(diff[diff >= abs(target)])
print('opt uni', success / len(test_dataset), success_ / len(test_dataset))
# test for advGAN attack
success = 0
success_ = 0
advGAN_generator = Generator(3, 3, model_name).to(device)
advGAN_generator.load_state_dict(
torch.load('./models/' + model_name + '_netG_epoch_60.pth'))
for _, sample_batched in enumerate(test_generator):
batch_x = sample_batched['image']
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
y_pred = net(batch_x)
y_pred_ori = original_net(batch_x)
# adv_x = fgsm_attack_(original_net, batch_x, target, device)
noise = advGAN_generator(batch_x)
perturbed_image = batch_x + torch.clamp(noise, -0.3, 0.3)
adv_x = torch.clamp(perturbed_image, 0, 1)
y_fgsm = net(adv_x)
y_ori_fgsm = original_net(adv_x)
diff = abs(y_fgsm - y_pred)
success += len(diff[diff >= abs(target)])
diff = abs(y_ori_fgsm - y_pred_ori)
success_ += len(diff[diff >= abs(target)])
print('advGAN', success / len(test_dataset), success_ / len(test_dataset))
# test for advGAN uni attack
advGAN_uni_generator = Generator(3, 3, model_name).to(device)
advGAN_uni_generator.load_state_dict(
torch.load('./models/' + model_name + '_universal_netG_epoch_60.pth'))
noise_seed = np.load(model_name + '_noise_seed.npy')
noise_a = advGAN_uni_generator(
torch.from_numpy(noise_seed).type(torch.FloatTensor).to(device))
success = 0
success_ = 0
for _, sample_batched in enumerate(test_generator):
batch_x = sample_batched['image']
batch_x = batch_x.type(torch.FloatTensor)
batch_x = batch_x.to(device)
y_pred = net(batch_x)
y_pred_ori = original_net(batch_x)
# adv_x = fgsm_attack_(original_net, batch_x, target, device)
# noise = advGAN_generator(batch_x)
perturbed_image = batch_x + torch.clamp(noise_a, -0.3, 0.3)
adv_x = torch.clamp(perturbed_image, 0, 1)
y_fgsm = net(adv_x)
y_ori_fgsm = original_net(adv_x)
diff = abs(y_fgsm - y_pred)
success += len(diff[diff >= abs(target)])
diff = abs(y_ori_fgsm - y_pred_ori)
success_ += len(diff[diff >= abs(target)])
print('advGAN uni', success / len(test_dataset),
success_ / len(test_dataset))
])
dataset = UdacityDataset(dataset_path,
['HMB1', 'HMB2', 'HMB4', 'HMB5', 'HMB6'],
composed)
train_generator = DataLoader(dataset,
batch_size=batch_size,
shuffle=True,
num_workers=8)
steps_per_epoch = int(len(dataset) / batch_size)
T = [5, 10, 15, 20, 25]
#T = [25]
for model_name in models_name:
for t in T:
distillation_net = Nvidia(type_='student')
distillation_net = distillation_net.to(device)
original_net = Nvidia(type_='student')
original_net.load_state_dict(torch.load(model_name + '.pt'))
original_net = original_net.to(device)
original_net.eval()
if train == 1:
optimizer = optim.Adam(distillation_net.parameters(),
lr=0.0001)
alpha = 1
for epoch in range(epochs):
total_loss = 0
for step, sample_batched in enumerate(train_generator):
if step <= steps_per_epoch:
batch_x = sample_batched['image']
batch_y = sample_batched['steer']