def _attackerNet(x0, noise_rel, net, yadv_init=None, batch_size=3):
# compute noiseless measurements
y0 = OpA(x0)
if noise_rel == 0.0:
return y0, y0, y0
# compute absolute noise levels
noise_level = noise_rel * y0.norm(p=2, dim=(-2, -1), keepdim=True)
# compute noisy measurements for reference
yref = noise_ref(OpA(x0), noise_level) # noisy measurements
# attack parameters
adv_init_fac = 3.0 * noise_level
adv_param = {
"codomain_dist": mseloss,
"domain_dist": None,
"mixed_dist": None,
"weights": (1.0, 1.0, 1.0),
"optimizer": PAdam,
"projs": None,
"iter": 500,
"stepsize": 5e0,
}
# compute initialization
yadv = y0.clone().detach() + (
adv_init_fac / np.sqrt(np.prod(y0.shape[-2:]))
) * torch.randn_like(y0)
if yadv_init is not None:
yadv[0 : yadv_init.shape[0], ...] = yadv_init.clone().detach()
for idx_batch in range(0, yadv.shape[0], batch_size):
print(
"Attack for samples "
+ str(list(range(idx_batch, idx_batch + batch_size)))
)
adv_param["projs"] = [
lambda y: proj_l2_ball(
y,
y0[idx_batch : idx_batch + batch_size, ...],
noise_level[idx_batch : idx_batch + batch_size, ...],
)
]
# perform attack
yadv[idx_batch : idx_batch + batch_size, ...] = untargeted_attack(
lambda y: _reconstructNet(y, 0.0, net),
yadv[idx_batch : idx_batch + batch_size, ...]
.clone()
.requires_grad_(True),
y0[idx_batch : idx_batch + batch_size, ...],
t_out_ref=x0[idx_batch : idx_batch + batch_size, ...],
**adv_param
).detach()
return yadv, yref, y0
def _attackerL1Classification(x0, c0, noise_rel, yadv_init=None):
# compute noiseless measurements
y0 = OpA(x0)
if noise_rel == 0.0:
return y0, y0, y0
# compute absolute noise levels
noise_level = noise_rel * y0.norm(p=2, dim=(-2, -1), keepdim=True)
# compute noisy measurements for reference
yref = noise_ref(OpA(x0), noise_level)
# attack parameters
adv_init_fac = 3.0 * noise_level
adv_param = {
"codomain_dist": carlini_wagner(threshold=0.0),
"domain_dist": None,
"weights": (1.0, 1.0),
"optimizer": PAdam,
"projs": [lambda y: proj_l2_ball(y, y0, noise_level)],
"iter": 100,
"stepsize": 5e-1,
}
# compute good start values for _reconstructL1_adv
_, c0_adv, y0_adv = primaldual(y0,
OpA,
OpTVSynth,
iter=50000,
c0=torch.zeros(config.n, ).to(device),
y0=torch.zeros(config.m, ).to(device),
eta=noise_level,
silent=True,
**rec_params)
# compute initialization
yadv = y0.clone().detach() + (
adv_init_fac / np.sqrt(np.prod(y0.shape[-2:]))) * torch.randn_like(y0)
if yadv_init is not None:
yadv[0:yadv_init.shape[0], ...] = yadv_init.clone()
yadv = yadv.requires_grad_(True)
# perform attack
yadv = untargeted_attack(lambda y: convnet(
_reconstructL1_adv(y, noise_level, c0_adv, y0_adv).view(-1, 1, 28, 28)
),
yadv,
y0,
t_out_ref=c0,
**adv_param).detach()
return yadv, yref, y0
def _attackerNet(x0, noise_rel, net, yadv_init=None):
# compute noiseless measurements
y0 = OpA(x0)
if noise_rel == 0.0:
return y0, y0, y0
# compute absolute noise levels
noise_level = noise_rel * y0.norm(p=2, dim=(-2, -1), keepdim=True)
# compute noisy measurements for reference
yref = noise_ref(OpA(x0), noise_level) # noisy measurements
# attack parameters
adv_init_fac = 3.0 * noise_level
adv_param = {
"codomain_dist": torch.nn.MSELoss(reduction="sum"),
"domain_dist": None,
"weights": (1.0, 1.0),
"optimizer": PAdam,
"projs": [lambda y: proj_l2_ball(y, y0, noise_level)],
"iter": 100,
"stepsize": 5e0,
}
# compute initialization
yadv = y0.clone().detach() + (
adv_init_fac / np.sqrt(np.prod(y0.shape[-2:]))) * torch.randn_like(y0)
if yadv_init is not None:
yadv[0:yadv_init.shape[0], ...] = yadv_init.clone().detach()
yadv = yadv.requires_grad_(True)
# perform attack
yadv = untargeted_attack(lambda y: _reconstructNet(y, 0.0, net),
yadv,
y0,
t_out_ref=x0,
**adv_param).detach()
return yadv, yref, y0
def _attackerL1(x0, noise_rel, yadv_init=None, batch_size=6):
# compute noiseless measurements
y0 = OpA(x0)
if noise_rel == 0.0:
return y0, y0, y0
# compute absolute noise levels
noise_level = noise_rel * y0.norm(p=2, dim=(-2, -1), keepdim=True)
# compute noisy measurements for reference
yref = noise_ref(OpA(x0), noise_level)
# attack parameters
adv_init_fac = 3.0 * noise_level
adv_param = {
"codomain_dist": _complexloss,
"domain_dist": None,
"mixed_dist": None,
"weights": (1.0, 1.0, 1.0),
"optimizer": PAdam,
"projs": None,
"iter": 250,
"stepsize": 5e0,
}
# get ADMM tuning parameters for noise_rel
lam, rho = _get_gs_param(noise_rel.numpy())
# compute good start values for _reconstructL1_adv
x0_adv, z0_adv = admm_l1_rec_diag(
y0,
OpA,
OpTV,
OpA.adj(y0),
OpTV(OpA.adj(y0)),
lam,
rho,
iter=5000,
silent=True,
)
# compute initialization
yadv = y0.clone().detach() + (
adv_init_fac / np.sqrt(np.prod(y0.shape[-2:]))) * torch.randn_like(y0)
if yadv_init is not None:
yadv[0:yadv_init.shape[0], ...] = yadv_init.clone().detach()
for idx_batch in range(0, yadv.shape[0], batch_size):
print("Attack for samples " +
str(list(range(idx_batch, idx_batch + batch_size))))
adv_param["projs"] = [
lambda y: proj_l2_ball(
y,
y0[idx_batch:idx_batch + batch_size, ...],
noise_level[idx_batch:idx_batch + batch_size, ...],
)
]
# perform attack
yadv[idx_batch:idx_batch + batch_size, ...] = untargeted_attack(
lambda y: _reconstructL1_adv(
y,
lam,
rho,
x0_adv[idx_batch:idx_batch + batch_size, ...],
z0_adv[idx_batch:idx_batch + batch_size, ...],
),
yadv[idx_batch:idx_batch + batch_size,
...].clone().requires_grad_(True),
y0[idx_batch:idx_batch + batch_size, ...],
t_out_ref=x0[idx_batch:idx_batch + batch_size, ...],
**adv_param).detach()
return yadv, yref, y0