# setup attack settings
if args.adv_func == 'logits':
adv_func = LogitsAdvLoss(kappa=args.kappa)
else:
adv_func = CrossEntropyAdvLoss()
dist_func = L2Dist()
# hyper-parameters from their official tensorflow code
attacker = CWPerturb(model, adv_func, dist_func,
attack_lr=args.attack_lr,
init_weight=10., max_weight=80.,
binary_step=args.binary_step,
num_iter=args.num_iter)
# attack
test_set = ModelNet40Attack(args.data_root, num_points=args.num_points,
normalize=True)
test_sampler = DistributedSampler(test_set, shuffle=False)
test_loader = DataLoader(test_set, batch_size=args.batch_size,
shuffle=False, num_workers=4,
pin_memory=True, drop_last=False,
sampler=test_sampler)
# run attack
attacked_data, real_label, target_label, success_num = attack()
# accumulate results
data_num = len(test_set)
success_rate = float(success_num) / float(data_num)
# save results
save_path = './attack/results/{}_{}/Perturb'.\
def main():
# build model
model = PointNet2ClsSsg(num_classes=40)
model = nn.DataParallel(model).cuda()
model.eval()
# load model weight
print('Loading weight {}'.format(BEST_WEIGHTS['pointnet2']))
state_dict = torch.load(BEST_WEIGHTS['pointnet2'])
try:
model.load_state_dict(state_dict)
except RuntimeError:
model.module.load_state_dict(state_dict)
# load dataset
test_set = ModelNet40Attack('data/attack_data.npz', num_points=1024,
normalize=True)
test_loader = DataLoader(test_set, batch_size=1,
shuffle=True, num_workers=4,
pin_memory=True, drop_last=False)
ti = 412
data_iter = iter(test_loader)
for i in range(ti):
data = next(data_iter)
total_num = 0
success_num = 0
at_success_num = 0
i = 0
all_adv = []
all_real_label = []
all_target_label = []
for x, label, target in tqdm(test_loader):
# x, label, target = data
x, label, target = x.cuda(), label.long().cuda(), target.long().cuda()
x = x.transpose(2, 1).contiguous()
x.requires_grad = True
rx = x.clone()
x_pred = model(x)
R1 = LRP_scores(model, x, None, label, label)
x_pred = torch.argmax(x_pred, dim=-1)
# if x_pred != label:
# # all_adv.append(x_adv.transpose(1, 2).contiguous().detach().cpu().numpy())
# # all_real_label.append(label.detach().cpu().numpy())
# # all_target_label.append(target.detach().cpu().numpy())
# continue
total_num += x.shape[0]
x_adv = AOA_Attack(model, x, label, target)
pred, _, _ = model(x_adv)
pred = torch.argmax(pred, dim=-1)
success_num += (pred != label).sum().cpu().item()
logits_at = model_at(x_adv)
pred_at = torch.argmax(logits_at, dim=-1)
at_success_num += (pred_at != label).sum().cpu().item()
i += 1
if i % 20 == 0:
print("current attack success rate is", success_num / total_num)
print("current pointnet++ attack success rate is", at_success_num / total_num)
all_adv.append(x_adv.transpose(1, 2).contiguous().detach().cpu().numpy())
all_real_label.append(label.detach().cpu().numpy())
all_target_label.append(target.detach().cpu().numpy())
# if i % 20 == 0:
# break
# R0 = LRP_scores(model, x_adv, label, label)
# R1 = LRP_scores(model, x, label, label)
# utils.pc_heatmap(x_adv.transpose(2, 1)[0], R0[0].sum(-2).unsqueeze(-1))
attacked_data = np.concatenate(all_adv, axis=0) # [num_data, K, 3]
real_label = np.concatenate(all_real_label, axis=0) # [num_data]
target_label = np.concatenate(all_target_label, axis=0) # [num_data]
# save results
save_path = 'attack/results/{}_{}/AOA/{}'. \
format('mn40', 1024, 'pointnet')
if not os.path.exists(save_path):
os.makedirs(save_path)
save_name = '{}-budget_{}-iter_{}' \
'-success_{:.4f}-rank_{}.npz'. \
format('aoa', 0.5,
200, success_num/total_num, 0)
np.savez(os.path.join(save_path, save_name),
test_pc=attacked_data.astype(np.float32),
test_label=real_label.astype(np.uint8),
target_label=target_label.astype(np.uint8))
print("total attack success rate is", success_num/total_num)