def _calculate_benchmark_results(model, loader, attack_class, attack_kwargs,
norm, device, num_batch):
adversary = attack_class(model, **attack_kwargs)
label, pred, advpred, dist = multiple_mini_batch_attack(
adversary, loader, device=device, norm=norm, num_batch=num_batch)
accuracy = 100. * (label == pred).sum().item() / len(label)
attack_success_rate = 100. * (label != advpred).sum().item() / len(label)
dist = None if dist is None else dist[(label != advpred) & (label == pred)]
return len(label), accuracy, attack_success_rate, dist
import torch.nn as nn
from advertorch.attacks import LinfPGDAttack
from advertorch.attacks.utils import multiple_mini_batch_attack
from advertorch_examples.utils import get_mnist_test_loader
from madry_et_al_utils import get_madry_et_al_tf_model
model = get_madry_et_al_tf_model("MNIST")
loader = get_mnist_test_loader(batch_size=100)
adversary = LinfPGDAttack(model,
loss_fn=nn.CrossEntropyLoss(reduction="sum"),
eps=0.3,
nb_iter=100,
eps_iter=0.01,
rand_init=False,
clip_min=0.0,
clip_max=1.0,
targeted=False)
label, pred, advpred = multiple_mini_batch_attack(adversary,
loader,
device="cuda")
print("Accuracy: {:.2f}%, Robust Accuracy: {:.2f}%".format(
100. * (label == pred).sum().item() / len(label),
100. * (label == advpred).sum().item() / len(label)))
# Accuracy: 98.53%, Robust Accuracy: 92.51%
loader = get_cifar10_test_loader(batch_size=100)
if args.attack == 'FAB':
adversary = LinfFABAttack(model,
n_restarts=1,
n_iter=args.iters,
alpha_max=0.1,
eta=1.05,
beta=0.9,
loss_fn=None,
verbose=False)
else:
adversary = LinfPGDAttack(model,
loss_fn=nn.CrossEntropyLoss(reduction="sum"),
eps=eps,
nb_iter=20,
eps_iter=2. / 255,
rand_init=False,
clip_min=0.0,
clip_max=1.0,
targeted=False)
label, pred, advpred, dist = multiple_mini_batch_attack(adversary,
loader,
device="cuda",
norm='Linf')
print("Natural Acc: {:.2f}, Robust Acc: {:.2f}".format(
100. * (label == pred).sum().item() / len(label),
100. * (dist > eps).sum().item() / len(dist)))