parser.add_argument('--epsilon', type=float, default=0.01,
help='epsilon in the PGD attack')
parser.add_argument('--verbose', action='store_true', default=False,
help='verbose.')
parser.add_argument('--test_batch_size', type=int, default=1,
help='test batch_size')
args = parser.parse_args()
np.random.seed(args.seed)
torch.manual_seed(args.seed)
if args.dataset == "MNIST":
net = MNIST()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net,'model/mnist_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data(args.test_batch_size)
elif args.dataset == 'CIFAR10':
net = CIFAR10()
#net = VGG_plain('VGG16', 10, img_width=32)
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net,'model/cifar10_gpu.pt')
#from wideresnet import *
#device = torch.device("cuda")
#net = WideResNet().to(device)
#load_model(net, 'model/cifar10_gpu.pt')
#load_model(net, '../Label_smoothing/checkpoint/backup/cifar10_vgg_resume_multi_diri2.pth')
#load_model(net, '../Label_smoothing/checkpoint/cifar10_vgg_adv.pth')
#load_model(net, '../Label_smoothing/checkpoint/backup/cifar10_wide_resnet_trades.pth')
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data(args.test_batch_size)
elif args.dataset == 'Imagenet':
help='test batch_size')
parser.add_argument('--test_batch', type=int, default=10,
help='test batch number')
parser.add_argument('--model_dir', type=str, help='model loading directory')
args = parser.parse_args()
np.random.seed(args.seed)
torch.manual_seed(args.seed)
if args.dataset == "MNIST":
net = MNIST()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net,'model/mnist_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data(args.test_batch_size)
elif args.dataset == 'CIFAR10':
net = CIFAR10()
#net = VGG_plain('VGG16', 10, img_width=32)
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net,args.model_dir)
#device = torch.device("cuda")
#net = WideResNet().to(device)
#load_model(net, 'model/cifar10_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data(args.test_batch_size)
elif args.dataset == 'Imagenet':
net = CIFAR10()
net = torch.nn.DataParallel(net, device_ids=[0])
type=int,
default=10,
help='test batch number')
parser.add_argument('--model_dir',
type=str,
required=True,
help='model loading directory')
args = parser.parse_args()
np.random.seed(args.seed)
torch.manual_seed(args.seed)
if args.dataset == "MNIST":
net = MNIST()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, args.model_dir)
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data(
args.test_batch_size)
elif args.dataset == 'CIFAR10':
net = CIFAR10()
#net = VGG_plain('VGG16', 10, img_width=32)
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, args.model_dir)
#device = torch.device("cuda")
#net = WideResNet().to(device)
#load_model(net, 'model/cifar10_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data(
args.test_batch_size)
elif args.dataset == 'Imagenet':
lbd_hi = lbd_mid
else:
lbd_lo = lbd_mid
return lbd_hi, nquery
def __call__(self, input_xi, label_or_target, TARGETED=False):
if TARGETED:
print("Not Implemented.")
else:
adv = self.genattack_untargeted(input_xi, label_or_target)
return adv
if __name__ == '__main__':
#timestart = time.time()
random.seed(0)
net = MNIST()
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net,'mnist_gpu.pt')
net.eval()
model = net.module if torch.cuda.is_available() else net
amodel = PytorchModel(model, bounds=[0,1], num_classes=10)
attack = OPT_genattack(amodel)
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
for i, (xi,yi) in enumerate(test_loader):
if i==1:
break
xi = xi.numpy()
attack(xi,yi)
print('unsupported right now')
exit(1)
else:
print("Unsupport dataset")
logging.info(args)
#### load model
## load defense model
## clean
aa_model_dir = './model/defense_models'
if args.model == 'mnist':
# model = MNIST()
model = BasicCNN()
model = torch.nn.DataParallel(model, device_ids=[gpu])
load_model(model, 'model/mnist_gpu.pt')
elif args.model == 'cifar10':
# model = vgg16()
# model = VGG_plain('VGG16', 10, img_width=32)
#model = WideResmodel().to(device)
model = CIFAR10()
model = torch.nn.DataParallel(model, device_ids=[gpu])
load_model(model, 'model/cifar10_gpu.pt')
## linf
elif args.model == 'Sehwag2020Hydra' or args.model == 'hydra': # Hydra
model = load_model_aa(model_name='Sehwag2020Hydra',
model_dir=aa_model_dir,
norm=norm)
elif args.model == 'Wang2020Improving' or args.model == 'mart': #
model = load_model_aa(model_name='Wang2020Improving',
model_dir=aa_model_dir,
def attack(algorithm,
dataset,
targeted,
norm='l2',
num=50,
stopping_criteria=None,
query_limit=40000,
start_from=0,
gpu=0):
os.environ["CUDA_VISIBLE_DEVICES"] = str(gpu)
print("Attacking:".format(num))
print(" Number of samples - {0}".format(num))
print(" Dataset - {0}".format(dataset.upper()))
print(" Targeted - {0}".format(targeted))
print(" Norm - {0}".format(norm))
print(" Query Limit - {0}".format(query_limit))
print(" GPU - {0}".format(gpu))
print()
if stopping_criteria is not None:
print(" Stopping criteria - {0}".format(stopping_criteria))
if start_from > 0:
print(" Start from {0}".format(start_from))
if dataset == 'mnist':
net = MNIST()
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, '../mnist_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data(
)
elif dataset == 'cifar':
net = CIFAR10()
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, '../cifar10_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data(
)
elif dataset == 'imagenet':
net = models.__dict__["resnet50"](pretrained=True)
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
train_loader, test_loader, train_dataset, test_dataset = load_imagenet_data(
)
else:
print("Invalid dataset")
return
net.eval()
model = net.module if torch.cuda.is_available() else net
#amodel = PytorchModel(model, bounds=[0,1], num_classes=10)
fmodel = foolbox.models.PyTorchModel(model, bounds=[0, 1], num_classes=10)
#if targeted:
# criterion = TargetClass(target)
# attack = foolbox.attacks.BoundaryAttack(fmodel,criterion)
#else:
# attack = foolbox.attacks.BoundaryAttack(fmodel)
print("using BoundaryAttack from foolbox")
#print("Invalid algorithm")
np.random.seed(0)
seeds = np.random.randint(10000, size=[2 * num])
count = 0
for i, (xi, yi) in enumerate(test_loader):
if i < start_from:
continue
if count == num:
break
image, label = xi[0].numpy(), yi.item()
seed_index = i - start_from
np.random.seed(seeds[seed_index])
target = np.random.randint(10) * torch.ones(
1, dtype=torch.long).cuda() if targeted else None
print("Attacking Source: {0} Target: {1} Seed: {2} Number {3}".format(
yi.item(), target, seeds[seed_index], i))
if targeted:
target = target.item()
criterion = TargetClass(target)
attack = foolbox.attacks.BoundaryAttack(fmodel, criterion)
for i, (xi, yi) in enumerate(train_loader):
if i == 1:
break
#print(yi, target)
index = (yi == target).nonzero()
image_t = xi[index[0]][0]
image_t = image_t.numpy()
adv = attack(image,
label,
iterations=6000,
verbose=False,
unpack=False,
log_every_n_steps=100,
starting_point=image_t)
else:
attack = foolbox.attacks.BoundaryAttack(fmodel)
adv = attack(image,
label,
iterations=6000,
verbose=False,
unpack=False,
log_every_n_steps=100)
if adv.image is None:
continue
dis = LA.norm(adv.image - image)
#print("Norm L2 and queries of image {} is {} and {}".format(dis, adv._total_prediction_calls))
print(
"adversarial Example Found Successfully: distortion {} target {} queries {}"
.format(dis, np.argmax(fmodel.predictions(adv.image)),
adv._total_prediction_calls))
#adv, dist = attack(xi.cuda(), yi.cuda(), target=target,
# seed=seeds[seed_index], query_limit=query_limit)
#if dist > 1e-8 and dist != float('inf'):
# count += 1
print()
def attack(algorithm,
dataset,
targeted,
norm='l2',
num=50,
stopping_criteria=None,
query_limit=40000,
start_from=0,
gpu=0):
os.environ["CUDA_VISIBLE_DEVICES"] = str(gpu)
print("Attacking:".format(num))
print(" Number of samples - {0}".format(num))
print(" Dataset - {0}".format(dataset.upper()))
print(" Targeted - {0}".format(targeted))
print(" Norm - {0}".format(norm))
print(" Query Limit - {0}".format(query_limit))
print(" GPU - {0}".format(gpu))
print()
if stopping_criteria is not None:
print(" Stopping criteria - {0}".format(stopping_criteria))
if start_from > 0:
print(" Start from {0}".format(start_from))
if dataset == 'mnist':
net = MNIST()
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, 'mnist_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data(
)
elif dataset == 'cifar':
net = CIFAR10()
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, 'cifar10_gpu.pt')
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data(
)
elif dataset == 'imagenet':
net = models.__dict__["resnet50"](pretrained=True)
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
train_loader, test_loader, train_dataset, test_dataset = load_imagenet_data(
)
else:
print("Invalid dataset")
return
net.eval()
model = net.module if torch.cuda.is_available() else net
amodel = PytorchModel(model, bounds=[0, 1], num_classes=10)
attack_type = None
if algorithm == 'opt':
if norm == 'l2':
attack_type = OPT_attack
elif norm == 'linf':
attack_type = OPT_attack_lf
elif algorithm == 'sign_sgd':
if norm == 'l2':
attack_type = OPT_attack_sign_SGD
elif norm == 'linf':
attack_type = OPT_attack_sign_SGD_lf
else:
print("Invalid algorithm")
if attack_type is None:
print("Invalid norm")
if targeted:
attack = attack_type(amodel, train_dataset=train_dataset)
else:
attack = attack_type(amodel)
np.random.seed(0)
seeds = np.random.randint(10000, size=[2 * num])
count = 0
for i, (xi, yi) in enumerate(test_loader):
if i < start_from:
continue
if count == num:
break
seed_index = i - start_from
np.random.seed(seeds[seed_index])
target = np.random.randint(10) * torch.ones(
1, dtype=torch.long).cuda() if targeted else None
print("Attacking Source: {0} Target: {1} Seed: {2} Number {3}".format(
yi.item(), target, seeds[seed_index], i))
adv, dist = attack(xi.cuda(),
yi.cuda(),
target=target,
seed=seeds[seed_index],
query_limit=query_limit)
if dist > 1e-8 and dist != float('inf'):
count += 1
print()