def run_experiment(adv_attack, mfe, batch_size=64, seed=0, info_msg=''):
if info_msg:
print(info_msg)
fix_seed(seed)
train_dataloader = get_images_dataloader(
DATA_PATH, batch_size, transforms=get_images_transforms())
print('Starting power method...')
adv_attack.fit(mfe, train_dataloader)
print('Done power method!')
generated_pert = adv_attack.get_perturbation().cpu()
pert_imgs_dataloader = get_images_dataloader(
DATA_PATH, 128, transforms=get_images_transforms(generated_pert))
print('Starting predicting classes of perturbated images...')
pert_ans = adv_attack.predict_raw(mfe, pert_imgs_dataloader)
print('Done predicting!')
eigen_value = adv_attack.power_method.eigen_val
print('Done with experiment')
print('=' * 50)
return dict(perturbation=generated_pert,
eigen_value=eigen_value,
perturbated_answers=pert_ans)
def make_random_samples_set(size=16):
fix_seed(1324)
dataset_files = os.listdir(DATA_PATH)[64:]
random_filenames = np.random.choice(dataset_files, size=size, replace=False)
os.makedirs('./random_samples', exist_ok=True)
for fn in random_filenames:
subprocess.check_call(['cp', os.path.join(DATA_PATH, fn), './random_samples'])
def get_perturbation_with_norm(model, layer, seed=0, batch_size=64, adv_norm=1):
device = 'cuda' if torch.cuda.is_available() else 'cpu'
mfe = ModelFeatureExtracter(model, layer)
adv_attack = create_adversarial_attack(mfe, device=device)
fix_seed(seed)
train_dataloader = get_images_dataloader(DATA_PATH, batch_size, transforms=get_images_transforms())
print('Generating perturbation...')
adv_attack.fit(mfe, train_dataloader)
print('Done power method!')
return adv_attack.get_perturbation(adv_norm=adv_norm).cpu()
def get_all_perturbations(models, layers, seed=0, batch_size=64):
device = 'cuda' if torch.cuda.is_available() else 'cpu'
print('Getting perturbations for all models...')
results = {}
for model_name, model in models.items():
print(f'Starting power method for {model_name}...')
mfe = ModelFeatureExtracter(model, layers[model_name])
adv_attack = create_adversarial_attack(mfe, device=device)
fix_seed(seed)
train_dataloader = get_images_dataloader(DATA_PATH, batch_size, transforms=get_images_transforms())
adv_attack.fit(mfe, train_dataloader)
print('Done power method!')
results[model_name] = adv_attack.get_perturbation().cpu()
return results
def make_exp():
# preparing model
raw_transforms = get_images_transforms()
raw_dataloader = get_images_dataloader(IMAGES_PATH,
BATCH_SIZE,
transforms=raw_transforms)
model = torchvision.models.vgg19(pretrained=True)
layer_to_extract_from = model.features[LAYER_FOR_EXTRACTION_NUM]
mfe = ModelFeatureExtracter(model, layer_to_extract_from).to(DEVICE)
input_img = next(iter(raw_dataloader))['image'].to(DEVICE)
input_shape = input_img.shape[1:]
output_shape = mfe.extract_layer_output(input_img).shape[1:]
# running experiment
fix_seed(999)
fooling_rates = []
perturbations = []
for batch_sz in BATCH_GRID:
print(f'Trying to attack with batch {batch_sz}')
start = time()
raw_dataloader = get_images_dataloader(IMAGES_PATH,
batch_sz,
transforms=raw_transforms)
adv_attack = AdversarialAttack(input_shape,
output_shape,
device=DEVICE,
verbose=1)
adv_attack.fit(mfe, raw_dataloader)
pert = adv_attack.get_perturbation().cpu()
perturbations.append(pert)
pert_transforms = get_images_transforms(perturbation=pert)
pert_dataloader = get_images_dataloader(IMAGES_PATH,
128,
transforms=pert_transforms)
raw_dataloader_big = get_images_dataloader(IMAGES_PATH,
128,
transforms=raw_transforms)
print('Trying to evaluate raw')
raw_pred = adv_attack.predict_raw(mfe, raw_dataloader_big)
print('Trying to evaluate perturbed')
pert_pred = adv_attack.predict_raw(mfe, pert_dataloader)
fooling_rate = adv_attack.fooling_rate(raw_pred['predictions'],
pert_pred['predictions'])
fooling_rates.append(fooling_rate)
print(
f'Ended attacking with batch {batch_sz}, fooling rate {fooling_rate}, time spent {(time() - start) / 60} mins'
)
print()
# saving experiment results
plt.plot(BATCH_GRID, fooling_rates)
plt.grid(b=True)
plt.xlabel('batch size')
plt.ylabel('fooling rate')
plt.title('fooling rate dependency by batch size')
plt.savefig(EXP_PATH + '/fooling_rate_dependency.png', dpi=200)
fig, ax = plt.subplots(1, 3, figsize=(13, 13))
fig.tight_layout()
for i, idx in enumerate(range(0, len(BATCH_GRID), 4)):
ax[i].imshow(normalize_image(perturbations[idx]))
ax[i].set_axis_off()
ax[i].set_title(f'Batch size {BATCH_GRID[idx]}')
fig.savefig(EXP_PATH + '/sample_perturbations.png', dpi=200)
with open(EXP_PATH + '/exp_results', 'w') as f:
json.dump(
{
'fooling_rates': fooling_rates,
'batch_grid': list(BATCH_GRID)
}, f)