def concat_adversarial(args): assert not args.partition_size == 0, \ "partition_size can't be zero" assert 'learning_rate' in args, \ "adv_params are not provided" assert len(args.learning_rate) == 1, \ "adv_params are not provided" defense_name = None if not args.defenses else args.defenses[0] adv_params = { 'learning_rate': args.learning_rate[0], 'adv_strength': None } end_idx = args.n_samples nfiles = end_idx // args.partition_size for i in range(nfiles): start_idx = (i * args.partition_size) + 1 partition_end = (i + 1) * args.partition_size partition_file = get_adversarial_file_path( args, args.adversarial_root, defense_name, adv_params, partition_end, start_idx, with_defense=False) assert os.path.isfile(partition_file), \ "No file found at " + partition_file print('| Reading file ' + partition_file) result = torch.load(partition_file) inputs = result['all_inputs'] outputs = result['all_outputs'] targets = result['all_targets'] status = result['status'] targets = torch.LongTensor(targets) if i == 0: all_inputs = inputs all_outputs = outputs all_targets = targets all_status = status else: all_inputs = torch.cat((all_inputs, inputs), 0) all_outputs = torch.cat((all_outputs, outputs), 0) all_status = torch.cat((all_status, status), 0) all_targets = torch.cat((all_targets, targets), 0) # print(all_inputs.size()) out_file = get_adversarial_file_path(args, args.adversarial_root, defense_name, adv_params, nfiles * args.partition_size, args.partition + 1, with_defense=False) if not os.path.isdir(args.adversarial_root): os.mkdir(args.adversarial_root) print('| Writing concatenated adversarial data to ' + out_file) torch.save({'status': all_status, 'all_inputs': all_inputs, 'all_outputs': all_outputs, 'all_targets': all_targets}, out_file)
def load_adversarial(args, img_dir, defense_name, adv_params, data_batch_idx=None): # assertions: assert isinstance(img_dir, string_types) data_file = paths.get_adversarial_file_path( args, img_dir, defense_name, adv_params, args.n_samples, data_batch_idx=data_batch_idx, with_defense=args.preprocessed_data) assert os.path.isfile(data_file), \ "No file found at " + data_file # load the adversarial examples" print('| loading adversarial examples from %s...' % data_file) if not (args.adversary == 'cwl2' or args.adversary == 'fgs'): adv_strength = 0.0 else: adv_strength = adv_params['adv_strength'] normalize = True if args.adversary == 'cwl2' and adv_strength > 0: normalize = False return _load_adversarial_helper(data_file, adv_strength, normalize=normalize, preprocessed=args.preprocessed_data)
def compute_stats(args): assert not args.partition_size == 0, \ "partition_size can't be zero" assert 'learning_rate' in args and 'adv_strength' in args, \ "adv_params are not provided" defense_name = None if not args.defenses else args.defenses[0] adv_params = constants.get_adv_params(args) print('| adv_params:', adv_params) start_idx = 0 end_idx = args.n_samples in_file = get_adversarial_file_path( args, args.adversarial_root, defense_name, adv_params, end_idx, start_idx, with_defense=True) assert os.path.isfile(in_file), \ "No file found at " + in_file print('| Reading file ' + in_file) result = torch.load(in_file) all_inputs = result['all_inputs'] all_outputs = result['all_outputs'] normalize = Normalize(args.data_params['MEAN_STD']['MEAN'], args.data_params['MEAN_STD']['STD']) all_inputs = normalize(all_inputs) all_outputs = normalize(all_outputs) rb, _ssim, sc = adversary.compute_stats( all_inputs, all_outputs, result['status']) print('average robustness = ' + str(rb)) print('success rate = ' + str(sc))
def transformation_on_adv(args, dataset, defense_name, adv_params, data_batch_idx=None): pool = ThreadPool(args.n_threads) def generate(idx): return dataset[idx] dataset = pool.map(generate, range(len(dataset))) pool.close() pool.join() # save all data in a file all_adv = [] all_targets = [] for item in dataset: all_adv.append(item[0]) all_targets.append(item[1]) all_adv = torch.stack(all_adv, 0) all_targets = torch.LongTensor(all_targets) if not os.path.isdir(args.partition_dir): os.makedir(args.partition_dir) start_idx, end_idx = _get_start_end_index(args) out_file = paths.get_adversarial_file_path(args, args.partition_dir, defense_name, adv_params, end_idx, start_idx, data_batch_idx) torch.save({'all_outputs': all_adv, 'all_targets': all_targets}, out_file) print('Saved Transformed tensor at ' + out_file) dataset = None all_adv = None
def concatenate_data(args, defense_name, adv_params, data_batch_idx=None): assert not args.partition_size == 0, \ "partition_size can't be zero" end_idx = args.n_samples nfiles = end_idx // args.partition_size for i in range(nfiles): start_idx = (i * args.partition_size) + 1 partition_end = (i + 1) * args.partition_size partition_file = paths.get_adversarial_file_path( args, args.partition_dir, defense_name, adv_params, partition_end, start_idx, data_batch_idx) assert os.path.isfile(partition_file), \ "No file found at " + partition_file print('| Reading file ' + partition_file) result = torch.load(partition_file) inputs = result['all_outputs'] targets = result['all_targets'] targets = torch.LongTensor(targets) if i == 0: all_imgs = inputs all_targets = targets else: all_imgs = torch.cat((all_imgs, inputs), 0) all_targets = torch.cat((all_targets, targets), 0) out_file = paths.get_adversarial_file_path(args, args.out_dir, defense_name, adv_params, nfiles * args.partition_size, args.partition + 1) if not os.path.isdir(args.out_dir): os.mkdir(args.out_dir) print('| Writing concatenated data to ' + out_file) torch.save({'all_outputs': all_imgs, 'all_targets': all_targets}, out_file)
def generate_adversarial_images(args): # assertions assert args.adversary_to_generate is not None, \ "adversary_to_generate can't be None" assert AdversaryType.has_value(args.adversary_to_generate), \ "\"{}\" adversary_to_generate not defined".format(args.adversary_to_generate) defense_name = None if not args.defenses else args.defenses[0] # defense = get_defense(defense_name, args) data_indices = _get_data_indices(args) data_type = args.data_type if args.data_type == "train" else "valid" dataset = load_dataset(args, data_type, None, data_indices=data_indices) data_loader = get_data_loader( dataset, batchsize=args.batchsize, device=args.device, shuffle=False) model, _, _ = get_model(args, load_checkpoint=True, defense_name=defense_name) adv_params = constants.get_adv_params(args) print('| adv_params:', adv_params) status = None all_inputs = None all_outputs = None all_targets = None bar = progressbar.ProgressBar(len(data_loader)) bar.start() for batch_num, (imgs, targets) in enumerate(data_loader): if args.adversary_to_generate == str(AdversaryType.DEEPFOOL): assert adv_params['learning_rate'] is not None s, r = adversary.deepfool( model, imgs, targets, args.data_params['NUM_CLASSES'], train_mode=(args.data_type == 'train'), max_iter=args.max_adv_iter, step_size=adv_params['learning_rate'], batch_size=args.batchsize, labels=dataset.get_classes()) elif args.adversary_to_generate == str(AdversaryType.FGS): s, r = adversary.fgs( model, imgs, targets, train_mode=(args.data_type == 'train'), mode=args.fgs_mode) elif args.adversary_to_generate == str(AdversaryType.IFGS): assert adv_params['learning_rate'] is not None s, r = adversary.ifgs( model, imgs, targets, train_mode=(args.data_type == 'train'), max_iter=args.max_adv_iter, step_size=adv_params['learning_rate'], mode=args.fgs_mode) elif args.adversary_to_generate == str(AdversaryType.CWL2): assert args.adv_strength is not None and len(args.adv_strength) == 1 if len(args.crop_frac) == 1: crop_frac = args.crop_frac[0] else: crop_frac = 1.0 s, r = adversary.cw( model, imgs, targets, args.adv_strength[0], 'l2', tv_weight=args.tvm_weight, train_mode=(args.data_type == 'train'), max_iter=args.max_adv_iter, drop_rate=args.pixel_drop_rate, crop_frac=crop_frac, kappa=args.margin) elif args.adversary_to_generate == str(AdversaryType.CWLINF): assert args.adv_strength is not None and len(args.adv_strength) == 1 s, r = adversary.cw( model, imgs, targets, args.adv_strength[0], 'linf', bound=args.adv_bound, tv_weight=args.tvm_weight, train_mode=(args.data_type == 'train'), max_iter=args.max_adv_iter, drop_rate=args.pixel_drop_rate, crop_frac=args.crop_frac, kappa=args.margin) if status is None: status = s.clone() all_inputs = imgs.clone() all_outputs = imgs + r all_targets = targets.clone() else: status = torch.cat((status, s), 0) all_inputs = torch.cat((all_inputs, imgs), 0) all_outputs = torch.cat((all_outputs, imgs + r), 0) all_targets = torch.cat((all_targets, targets), 0) bar.update(batch_num) print("| computing adversarial stats...") if args.compute_stats: rb, ssim, sc = adversary.compute_stats(all_inputs, all_outputs, status) print('| average robustness = ' + str(rb)) print('| average SSIM = ' + str(ssim)) print('| success rate = ' + str(sc)) # Unnormalize before saving unnormalize = Unnormalize(args.data_params['MEAN_STD']['MEAN'], args.data_params['MEAN_STD']['STD']) all_inputs = unnormalize(all_inputs) all_outputs = unnormalize(all_outputs) # save output output_file = get_adversarial_file_path( args, args.adversarial_root, defense_name, adv_params, data_indices['end_idx'], start_idx=data_indices['start_idx'], with_defense=False) print("| Saving adversarial data at " + output_file) if not os.path.isdir(args.adversarial_root): os.makedirs(args.adversarial_root) torch.save({'status': status, 'all_inputs': all_inputs, 'all_outputs': all_outputs, 'all_targets': all_targets}, output_file)