def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train, y_train), (x_test, y_test), num_classes = dataset
input_shape = x_train[0].shape
for classnum in range(10):
print("-" * 80)
print("Training binary classifier on class", classnum)
print("-" * 80)
y_train_fix = np.array(y_train == classnum, dtype=np.int32)
y_test_fix = np.array(y_test == classnum, dtype=np.int32)
dataset = ((x_train, y_train_fix), (x_test, y_test_fix), num_classes)
loop = TrainLoop(FLAGS.num_filters // 4, 2, input_shape)
loop.train(dataset=dataset,
batch_size=FLAGS.batch_size,
num_epochs=FLAGS.num_epochs,
model_dir=os.path.join(FLAGS.model_dir, "binary_models",
"class_" + str(classnum)))
def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train, y_train), (x_test, y_test), num_classes = dataset
def blur(x):
x_pad = np.pad(x, [(0, 0), (1, 1), (1, 1), (0, 0)])
x_pad = (x_pad[:, :1] + x_pad[:, :-1]) / 2
x_pad = (x_pad[:, :, :1] + x_pad[:, :, :-1]) / 2
return x_pad
x_train = blur(x_train)
x_test = blur(x_test)
input_shape = x_train[0].shape
dataset = ((x_train, y_train), (x_test, y_test), num_classes)
loop = TrainLoop(FLAGS.num_filters, 10, input_shape)
loop.train(dataset=dataset,
batch_size=FLAGS.batch_size,
num_epochs=FLAGS.num_epochs,
model_dir=os.path.join(FLAGS.model_dir, "blur"))
def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train_orig, y_train_orig), (x_test, y_test), num_classes = dataset
# Make signatures num_classes * width * height * colors
# Each of these is a {-1,1}^d pattern that'll be added
backdoor = np.random.normal(size=(num_classes, ) + x_train_orig.shape[1:])
backdoor = backdoor > 0
# Start by adding a 0.04 magnitude backdoor to the dataset
x_train, y_train = backdoor_dataset(x_train_orig, y_train_orig, backdoor,
num_classes, .05)
#x_test, y_test = backdoor_dataset(x_test, y_test, backdoor, num_classes, .05)
dataset = ((x_train, y_train), (x_test, y_test), num_classes)
input_shape = x_train[0].shape
# Train the model
loop = BackdoorLoop(FLAGS.num_filters, 10, input_shape)
loop.backdoor = backdoor
loop.original_x = x_train_orig
loop.original_y = y_train_orig
# With a smaller learning rate
loop.base_lr = 0.01
loop.train(dataset=dataset,
batch_size=FLAGS.batch_size,
num_epochs=FLAGS.num_epochs,
model_dir=os.path.join(FLAGS.model_dir, "injection"))
np.save(os.path.join(FLAGS.model_dir, "injection", "backdoor.npy"),
np.array(backdoor, dtype=np.float32))
fn = get_hidden_layer(loop.ema_model, 3)
sig = []
for i in range(num_classes):
# Yes, this is 100% cheating here that the defense is taking the
# average over the *test* samples.
# However, this isn't going to alter the behavior of the defense
# significantly except to increase the clean accuracy slightly
# (Also, because we're learning just 10x512 values across 10,000
# test samples, we're likely heavily underfitting.)
ex = [
fn(backdoor_examples(x_batch, backdoor[i], .02)).numpy().mean(0)
for x_batch in x_test.reshape((500, -1, 32, 32, 3))
]
sig.append(np.array(ex).mean(0))
np.save(os.path.join(FLAGS.model_dir, "injection", "signature.npy"),
np.array(sig, dtype=np.float32))
def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train, y_train), (x_test, y_test), num_classes = dataset
input_shape = x_train[0].shape
loop = TrainLoop(FLAGS.num_filters, num_classes, input_shape)
loop.train(dataset=dataset,
batch_size=FLAGS.batch_size,
num_epochs=FLAGS.num_epochs,
model_dir=os.path.join(FLAGS.model_dir, "baseline/"))
def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train, y_train), (x_test, y_test), num_classes = dataset
input_shape = x_train[0].shape
model, ema_model = make_ema_model(FLAGS.model_arch,
FLAGS.num_filters,
num_classes,
input_shape,
make_model=make_dropout_model)
train_loop(model, ema_model, dataset, model_dir=FLAGS.model_dir)
def test_solution(defense_path, attack_name):
torch = 'torch' in attack_name
defense_model, attack_cls, task_def, dataset_name = load_defense_and_attack(
defense_path, attack_name, torch)
_, (x_test, y_test), _ = load_dataset(dataset_name, torch)
x_test = x_test[:NUM_EXAMPLES]
y_test = y_test[:NUM_EXAMPLES]
failed_examples = evaluate_defense(x_test, y_test, BATCH_SIZE, attack_cls,
defense_model, task_def)
num_failed = len(failed_examples)
# NOTE: if attack succeed on all examples then num_failed == 0
# here we just expect that attack succeed at least on one example
assert True
def main(argv):
del argv
dataset = data.load_dataset(FLAGS.dataset)
(x_train, y_train), (x_test, y_test), num_classes = dataset
input_shape = x_train[0].shape
for i in range(3):
loop = DiverseTrainLoop(FLAGS.num_filters // 3 * 2,
10,
input_shape,
noise=i)
loop.train(dataset=dataset,
batch_size=FLAGS.batch_size,
num_epochs=FLAGS.num_epochs // 2,
model_dir=os.path.join(FLAGS.model_dir,
"diverse-" + str(i)))
parser = argparse.ArgumentParser()
utils.parse_optimizer(parser)
parse_encoder(parser)
args = parser.parse_args("")
args.model_path = os.path.join("..", args.model_path)
print("Using dataset {}".format(args.dataset))
model = models.OrderEmbedder(1, args.hidden_dim, args)
model.to(utils.get_device())
model.eval()
model.load_state_dict(
torch.load(args.model_path, map_location=utils.get_device()))
train, test, task = data.load_dataset("wn18")
from collections import Counter
done = False
train_accs = []
while not done:
data_source = make_data_source(args)
loaders = data_source.gen_data_loaders(args.eval_interval *
args.batch_size,
args.batch_size,
train=True)
for batch_target, batch_neg_target, batch_neg_query in zip(*loaders):
pos_a, pos_b, neg_a, neg_b, _ = data_source.gen_batch(batch_target,
batch_neg_target,
def main(argv):
# Parse arguments
success_parse_argv, defense_path, attack_name = parse_argv(argv)
if not success_parse_argv:
show_usage()
return
print('Evaluation parameters:')
print(' Defense path: ', defense_path)
print(' Attack name: ', attack_name)
TORCH = 'torch' in attack_name
defense_model, attack_cls, task_def, dataset_name = load_defense_and_attack(
defense_path, attack_name, TORCH)
if FLAGS.ignore_threshold:
task_def.threshold = np.inf
# Loading dataset
print(' Dataset: ', dataset_name)
_, (x_test, y_test), _ = data.load_dataset(dataset_name, TORCH)
use_examples = np.arange(len(x_test))
if FLAGS.example_list is not None:
# We've got a specific set of examples to attack
use_examples = list(map(int, FLAGS.example_list.split(",")))
else:
# Attack a sequential set of examples
if FLAGS.num_examples > 0:
use_examples = np.arange(FLAGS.num_examples)
x_test = x_test[use_examples]
y_test = y_test[use_examples]
print(' Number of examples:', len(use_examples))
batch_size = FLAGS.batch_size if FLAGS.batch_size > 0 else len(x_test)
if FLAGS.test:
evaluate_clean(defense_model, x_test, y_test, batch_size)
exit(0)
if FLAGS.tune_fpr is not None:
tune_fpr(defense_model, x_test, y_test, batch_size, FLAGS.tune_fpr)
exit(0)
failed_examples = evaluate_defense(x_test, y_test, batch_size, attack_cls,
defense_model, task_def, FLAGS.verbose)
if len(failed_examples) == 0:
print('SUCCESS!')
else:
print('FAIL')
print('{0} out of {1} examples failed task'.format(
len(failed_examples), len(x_test)))
print('Indices of failed examples: ',
[use_examples[x] for x in failed_examples])
print(
'To re-run the attack on just these examples pass',
'--example_list=' +
",".join(str(use_examples[x]) for x in failed_examples))
if not FLAGS.verbose:
print(
"Run with --verbose for more information on why each adversarial example failed."
)