kwargs = {'num_workers': 1, 'pin_memory': True} if use_cuda else {}
# set up data loader
transform_test = transforms.Compose([transforms.ToTensor(),])
testset = torchvision.datasets.CIFAR10(root='../data', train=False, download=True, transform=transform_test)
test_loader = torch.utils.data.DataLoader(testset, batch_size=args.batch_size, shuffle=False, **kwargs)
l = [x for (x, y) in test_loader]
x_test = torch.cat(l, 0)
l = [y for (x, y) in test_loader]
y_test = torch.cat(l, 0)
# set models
if args.model == 'WideResNet':
if args.use_FNandWN:
model = WideResNet(34, 10, widen_factor=args.widen_factor, dropRate=0.0, use_FNandWN=True, i_normalize=True)
else:
model = WideResNet(34, 10, widen_factor=args.widen_factor, dropRate=0.0, i_normalize=True)
checkpoint = torch.load(args.model_path)
# load checkpoint
print('test_acc:{}, test_robust_acc:{}'.format(checkpoint['test_acc'], checkpoint['test_robust_acc']))
state_dict = checkpoint['state_dict']
model = nn.DataParallel(model).cuda()
model.load_state_dict(state_dict)
model.eval()
else:
raise ValueError("Unknown model")
adversary = AutoAttack(model, norm=args.norm, eps=args.epsilon, log_path=args.logfile)
with torch.no_grad():
x_adv = adversary.run_standard_evaluation(x_test[:args.n_ex], y_test[:args.n_ex], bs=args.batch_size)
writelog('attack_type:{}'.format("auto-attack"), logfile)
writelog('version:{}'.format('standard'), logfile)
writelog('eps:{}'.format(eps), logfile)
""" Init attacker
Robustness Evaluation using Auto attack
Ref: https://github.com/fra31/auto-attack
"""
nb_samples = 10
x_test = data.x_test[:nb_samples]
y_test = data.y_test[:nb_samples]
model_adapted = utils_tf2.ModelAdapter(model_ensemble)
adversary = AutoAttack(model_adapted,
norm='Linf',
eps=eps,
version='standard',
is_tf_model=True,
log_path=logfile)
# Convert to required format: NHWC --> NCHW
_x = torch.from_numpy(np.moveaxis(x_test, 3, 1))
_y = torch.from_numpy(np.argmax(y_test, axis=-1))
_x.float().to("cuda")
_y.to("cuda")
x_adv = adversary.run_standard_evaluation(_x, _y, bs=bs)
x_adv = x_adv.cpu().numpy()
# Convert back to NHWC
x_adv = np.moveaxis(x_adv, 1, 3)
_, _, _, _, testX, testY = mnist_loader().get_normalized_data()
# convert to pytorch format
testY = np.argmax(testY, axis=1)
torch_testX = torch.from_numpy(np.transpose(testX,
(0, 3, 1, 2))).float().cuda()
torch_testY = torch.from_numpy(testY).float()
# load model from saved weights
print('[INFO] MODEL_PATH: {:s}'.format(MODEL_PATH))
tf_model = mnist_model()
tf_model.load_weights(MODEL_PATH)
# remove 'softmax layer' and put it into adapter
atk_model = tf.keras.models.Model(
inputs=tf_model.input, outputs=tf_model.get_layer(index=-2).output)
atk_model.summary()
model_adapted = utils_tf2.ModelAdapter(atk_model)
# run attack
adversary = AutoAttack(model_adapted,
norm='Linf',
eps=epsilon,
version='standard',
is_tf_model=True)
x_adv = adversary.run_standard_evaluation(torch_testX,
torch_testY,
bs=batch_size)
np_x_adv = np.moveaxis(x_adv.cpu().numpy(), 1, 3)
np.save("./output/mnist_adv.npy", np_x_adv)