def validate_PGD(val_loader, model, log): losses = AverageMeter() top1 = AverageMeter() top5 = AverageMeter() # switch to evaluate mode model.eval() for i, (input, target) in enumerate(val_loader): if args.use_cuda: target = target.cuda(async=True) input = input.cuda() with torch.no_grad(): input_var = Variable(input) target_var = Variable(target) # get adv images pgd_attack = torchattacks.PGD(model, eps=4 / 255, alpha=8 / 255) adversarial_images = pgd_attack(input_var, target_var) # compute output output = model(adversarial_images) loss = criterion(output, target_var) # measure accuracy and record loss prec1, prec5 = accuracy(output.data, target, topk=(1, 5)) losses.update(loss.item(), input.size(0)) top1.update(prec1.item(), input.size(0)) top5.update(prec5.item(), input.size(0)) print_log( ' **Test_pgd** Prec@1 {top1.avg:.3f} Prec@5 {top5.avg:.3f} Error@1 {error1:.3f} Loss: {losses.avg:.3f} '.format( top1=top1, top5=top5, error1=100 - top1.avg, losses=losses), log) return top1.avg, losses.avg
def attack_loader(args, net): # Gradient Clamping based Attack if args.attack == "pgd": return torchattacks.PGD(model=net, eps=args.eps, alpha=args.eps / args.steps * 2.3, steps=args.steps, random_start=True) elif args.attack == "auto": return torchattacks.APGD(model=net, eps=args.eps) elif args.attack == "fab": return torchattacks.FAB(model=net, eps=args.eps, n_classes=args.n_classes) elif args.attack == "cw": return torchattacks.CW(model=net, c=0.1, lr=0.1, steps=200) elif args.attack == "fgsm": return torchattacks.FGSM(model=net, eps=args.eps) elif args.attack == "bim": return torchattacks.BIM(model=net, eps=args.eps, alpha=1 / 255) elif args.attack == "deepfool": return torchattacks.DeepFool(model=net, steps=10) elif args.attack == "sparse": return torchattacks.SparseFool(model=net) elif args.attack == "gn": return torchattacks.GN(model=net, sigma=args.eps)
def ta_pgd(x, y, model, eps=0.3, alpha=2 / 255, steps=40, random_start=False): attack = torchattacks.PGD(model, eps=eps, alpha=alpha, steps=steps, random_start=random_start) advs = attack(x, y) return advs
def get_attack(eps): if args.attack == 'no_attack': attack = lambda images, labels: images elif args.attack == 'pgd': n_steps = 100 attack = torchattacks.PGD(net_adv, eps=eps, alpha=2.5 * eps/n_steps, steps=n_steps) else: raise NotImplementedError('Not implemented attack') return attack
def get_atk(model, atk_name, eps, steps): if atk_name == 'fgsm': return torchattacks.FGSM(model, eps=eps) elif atk_name == 'bim': return torchattacks.BIM(model, eps=eps, steps=steps, alpha=eps / (steps * .5)) elif atk_name == 'deepfool': return torchattacks.DeepFool(model, steps=steps) elif atk_name == 'cw': return torchattacks.CW(model) elif atk_name == 'pgd': return torchattacks.PGD(model, eps=eps, steps=steps, alpha=eps / (steps * .5)) elif atk_name == 'rfgsm': return torchattacks.RFGSM(model, eps=eps, alpha=eps) elif atk_name == 'auto-attack': return torchattacks.AutoAttack(model, eps=eps) elif atk_name == 'mifgsm': return torchattacks.MIFGSM(model, eps=eps, steps=steps) elif atk_name == 'square': return torchattacks.Square(model, eps=eps) elif atk_name == 'fab': return torchattacks.FAB(model, eps=eps) elif atk_name == 'one-pixel': return torchattacks.OnePixel(model) elif atk_name == 'gn': return torchattacks.GN(model, sigma=eps) elif atk_name == 'apgd': return torchattacks.APGD(model, eps=eps) elif atk_name == 'eotpgd': return torchattacks.EOTPGD(model, eps=eps, steps=steps, alpha=eps / (steps * .5)) elif atk_name == 'pgddlr': return torchattacks.PGDDLR(model, eps=eps, steps=steps, alpha=eps / (steps * .5)) elif atk_name == 'ffgsm': return torchattacks.FFGSM(model, eps=eps, alpha=eps) elif atk_name == 'sparsefool': return torchattacks.SparseFool(model) else: print("Attack not valid") sys.exit(-1)
def train_epoch(model, loader, optimizer): model.train() train_loss = [] bar = tqdm(loader) for i, (data, target) in enumerate(bar): optimizer.zero_grad() if args.use_meta: data, meta = data data, meta, target = data.to(device), meta.to(device), target.to(device) logits = model(data, meta) else: # attack 추가 epss = [1, 2, 4] alphas = [1, 2] atk = torchattacks.PGD(model, eps=epss[i % len(epss)] / 255, alpha=alphas[i % len(alphas)] / 255, steps=4) data = atk(data, (target + 1) % 2) data, target = data.to(device), target.to(device) logits = model(data) loss = criterion(logits, target) if not args.use_amp: loss.backward() # else: # with amp.scale_loss(loss, optimizer) as scaled_loss: # scaled_loss.backward() if args.image_size in [896,576]: # 그라디언트가 너무 크면 값을 0.5로 잘라준다 (max_grad_norm=0.5) torch.nn.utils.clip_grad_norm_(model.parameters(), 0.5) # gradient accumulation (메모리 부족할때) if args.accumulation_step: if (i + 1) % args.accumulation_step == 0: optimizer.step() #optimizer.zero_grad() else: optimizer.step() #optimizer.zero_grad() loss_np = loss.detach().cpu().numpy() train_loss.append(loss_np) smooth_loss = sum(train_loss[-100:]) / min(len(train_loss), 100) bar.set_description('loss: %.5f, smooth_loss: %.5f' % (loss_np, smooth_loss)) train_loss = np.mean(train_loss) return train_loss
def load_attack(model, attack: str): import torchattacks if attack == 'PGD': return torchattacks.PGD(model, eps=2 / 255, alpha=2 / 255, steps=7) elif attack == 'CW': return torchattacks.CW(model, targeted=False, c=1, kappa=0, steps=1000, lr=0.01) elif attack == 'BIM': return torchattacks.BIM(model, eps=4 / 255, alpha=1 / 255, steps=0) elif attack == 'FGSM': return torchattacks.FGSM(model, eps=1 / 255) else: raise NotImplementedError()
def eval_(self): self.model.eval() adv_correct_1 = 0 adv_correct_2 = 0 nat_correct = 0 total = 0 for i, (image, label) in enumerate(self.testloader): if torch.cuda.is_available(): image = image.cuda() label = label.cuda() image, label = Variable(image), Variable(label) atk1 = torchattacks.PGD(self.model, eps=8 / 255, alpha=2 / 255, steps=4) atk2 = torchattacks.PGDL2(self.model, eps=0.5, alpha=0.1, steps=7) adversarial_images1 = atk1(image, label) adversarial_images2 = atk2(image, label) student_outputs = self.model(image) student_outputs_adv1 = self.model(adversarial_images1) student_outputs_adv2 = self.model(adversarial_images2) # checking for attack-success acc _, predicted = torch.max(student_outputs.data, 1) _, adv_pred_1 = torch.max(student_outputs_adv1, dim=1) _, adv_pred_2 = torch.max(student_outputs_adv2, dim=1) nat_correct += (predicted == label).sum() adv_correct_1 += (adv_pred_1 == label).sum() adv_correct_2 += (adv_pred_2 == label).sum() total += label.size(0) nat_acc = float(nat_correct) / total adv_acc_1 = float(adv_correct_1) / total adv_acc_2 = float(adv_correct_2) / total self._log('Natural Accuracy: {:.3f}'.format(nat_acc)) self._log('Adv Accuracy_1: {:.3f}'.format(adv_acc_1)) self._log('Adv Accuracy_2: {:.3f}'.format(adv_acc_2)) return nat_acc, adv_acc_1, adv_acc_2
def main(args): classifier = torch.load('./saved/resnet50_cifar10.pth') model = blackbox(classifier) train_set, test_set = datasets.CIFAR10(root='/home/taejoon/data/CIFAR10', normalize=False) num_classes = 10 batch_size = 64 test_loader = torch.utils.data.DataLoader(test_set, batch_size=batch_size) device = torch.device("cuda" if torch.cuda.is_available() else "cpu") # device = torch.device("cpu") if args.attack == 'FGSM': attack = torchattacks.FGSM(model, eps=float(Fraction(args.eps))) elif args.attack == 'PGD': attack = torchattacks.PGD(model, eps=float(Fraction(args.eps))) elif args.attack == 'DeepFool': attack = torchattacks.DeepFool(model) elif args.attack == 'CW': attack = torchattacks.CW(model, kappa=50) elif args.attack == 'EOT': attack = torchattacks.APGD(model, eps=float(Fraction(args.eps))) # print (dict(torchattacks)) model = model.to(device) model.eval() criterion = nn.CrossEntropyLoss() total_loss = 0 clean_acc = 0 adv_acc = 0 cp_acc = 0 tucker_acc = 0 cp_rank = int(args.cp_rank) tucker_rank = [3, int(args.tucker_rank), int(args.tucker_rank)] for i, (images, labels) in enumerate(test_loader): images = images.to(device) labels = labels.to(device) preds = model(images) _, prediction = preds.max(dim=1, keepdim=False) clean_acc += (prediction == labels).sum() adversarial_images = attack(images, labels) preds = model(adversarial_images) _, prediction = preds.max(dim=1, keepdim=False) adv_acc += (prediction == labels).sum() adversarial_images = adversarial_images.detach().cpu().numpy() # Cp_reconstructions = np.zeros_like(adversarial_images) Tucker_reconstructions = np.zeros_like(adversarial_images) for j, adv in enumerate(adversarial_images): # factors = tl.decomposition.parafac(adv,rank = cp_rank,init = 'random',tol = 1e-4,random_state = np.random.RandomState()) # cp_reconstruction = tl.kruskal_to_tensor(factors) # Cp_reconstructions[j] = cp_reconstruction core, tucker_factors = tucker(adv, ranks=tucker_rank, init='random', tol=1e-4, random_state=np.random.RandomState()) tucker_reconstruction = tl.tucker_to_tensor((core, tucker_factors)) Tucker_reconstructions[j] = tucker_reconstruction # Cp_reconstructions = torch.from_numpy(Cp_reconstructions).to(device,dtype = torch.float) # preds = model(Cp_reconstructions) # _,prediction = preds.max(dim = 1,keepdim = False) # cp_acc += (prediction == labels).sum() Tucker_reconstructions = torch.from_numpy(Tucker_reconstructions).to( device, dtype=torch.float) preds = model(Tucker_reconstructions) _, prediction = preds.max(dim=1, keepdim=False) tucker_acc += (prediction == labels).sum() # if (i%25==0): # print ("# data %f, clean_acc %f, adv_acc %f, cp_acc %f, tucker_acc %f" %((i+1)*batch_size,clean_acc,adv_acc,cp_acc,tucker_acc)) if (i % 5 == 0): print("# data %f, clean_acc %f, adv_acc %f, tucker_acc %f" % ((i + 1) * batch_size, clean_acc, adv_acc, tucker_acc)) clean_acc = float(clean_acc) / len(test_set) adv_acc = float(adv_acc) / len(test_set) # cp_acc = float(cp_acc)/len(test_set) tucker_acc = float(tucker_acc) / len(test_set) print("loss", total_loss, "adv acc", adv_acc, "tucker acc", tucker_acc) f = open("./result/20200706.txt", 'a') data = "Attack Method : " + args.attack + "\n" data += "epsilon : " + args.eps + "\n" data += "cp_rank : " + str(cp_rank) + ", tucker_rank : " + str( tucker_rank) + "\n" # data += "clean : " + str(clean_acc) + " adv_acc : " + str(adv_acc) + " cp_acc : " + str(cp_acc) + " tucker_acc : " + str(tucker_acc) + "\n" data += "clean : " + str(clean_acc) + " adv_acc : " + str( adv_acc) + " cp_acc : " + "None" + " tucker_acc : " + str( tucker_acc) + "\n" data += "=" * 50 f.write(data + '\n')
def train_model(device, dataloaders, batch_size, len_dataset, model, criterion, optimizer, scheduler, num_epochs=25): since = time.time() ''' * state_dict: 각 layer 를 매개변수 텐서로 매핑하는 Python 사전(dict) 객체 - layer; learnable parameters (convolutional layers, linear layers, etc.), registered buffers (batchnorm’s running_mean) - Optimizer objects (torch.optim) ''' best_model_wts = copy.deepcopy(model.state_dict()) best_acc = 0.0 train_loss, train_acc, valid_loss, valid_acc = [], [], [], [] for epoch in range(num_epochs): print('Epoch {}/{}'.format(epoch, num_epochs - 1)) print('-' * 10) # 각 epoch마다 training, validation phase 나눠줌. for phase in ['train', 'valid']: if phase == 'train': model.train() # training mode else: model.eval() # evaluate mode running_loss, running_corrects, num_cnt = 0.0, 0, 0 ratio_adv_ori = int((len_dataset // batch_size + 1) * 0.4) # adversarial, original data 비율 정하기 # batch 별로 나눠진 데이터 불러오기 for i, (inputs, labels) in enumerate(dataloaders[phase]): # 설정한 비율에 따라 adversarial, original input으로 나누기 if (phase == 'train' and (i < ratio_adv_ori)) or (phase == 'valid' and i % 2 == 0): inputs = inputs.to(device) else: # adversarial attack 정의 atks = [torchattacks.FGSM(model, eps=8 / 255), torchattacks.BIM(model, eps=8 / 255, alpha=2 / 255, steps=7), torchattacks.PGD(model, eps=8 / 255, alpha=2 / 255, steps=7), ] inputs = atks[i % 3](inputs, labels).to(device) # Image Processing Based Defense Methods --> tensor를 image로 변환하여 적용 for batch in range(inputs.shape[0]): tensor2pil = transforms.ToPILImage()(inputs[batch]).convert('RGB') # 1. Resizing # Image.resize(size, resample=3, box=None, reducing_gap=None) # resample(filter): PIL.Image.NEAREST, PIL.Image.BOX, PIL.Image.BILINEAR, PIL.Image.HAMMING, PIL.Image.BICUBIC tensor2pil.resize((74, 74)) tensor2pil.resize((224, 224)) # 다시 이미지를 tensor로 바꾸기 tensor_img = transforms.ToTensor()(tensor2pil) inputs[batch] = tensor_img # 2. jpeg compression tensor2numpy = inputs[batch].cpu().numpy() cv_img = np.transpose(tensor2numpy, (1, 2, 0)) # [w, h, c] cv_img = cv_img * 255 encode_param = [int(cv2.IMWRITE_JPEG_QUALITY), 15] result, encimg = cv2.imencode('.jpg', cv_img, encode_param) if False == result: print('could not encode image!') quit() # decode from jpeg format jpeg_img = cv2.imdecode(encimg, 1) jpeg2input = np.transpose(jpeg_img, (2, 0, 1)) / 255 inputs[batch] = torch.Tensor(jpeg2input).to(device) # # save adversarial examples # save_inputs = inputs.cpu().numpy() # labels = labels.cpu().numpy() # from matplotlib.pyplot import imsave # # for j in range(batch_size): # image = save_inputs[j, :, :, :] # label = labels[j] # if label == 0: # imsave( # f"C:/Users/mmclab1/Desktop/fakecheck/dataset/adv_img_examples/" # f"fake_adversarial_image_{j}.png", # np.transpose(image, (1, 2, 0))) # else: # imsave( # f"C:/Users/mmclab1/Desktop/fakecheck/dataset/adv_img_examples/" # f"real_adversarial_image_{j}.png", # np.transpose(image, (1, 2, 0))) labels = labels.to(device) # 학습 가능한 가중치인 "optimizer 객체" 사용하여, 갱신할 변수들에 대한 모든 변화도 0으로 설정 # backward() 호출시, 변화도가 buffer 에 덮어쓰지 않고 누적되기 때문. optimizer.zero_grad() # forward pass # gradient 계산하는 모드로, 학습 시에만 연산 기록을 추적 with torch.set_grad_enabled(phase == 'train'): outputs = model(inputs) # h(x) 값, 모델의 예측 값 _, preds = torch.max(outputs, 1) # dim = 1, output의 각 sample 결과값(row)에서 max값 1개만 뽑음. loss = criterion(outputs, labels) # h(x) 모델이 잘 예측했는지 판별하는 loss function # training phase에서만 backward + optimize 수행 if phase == 'train': loss.backward() # gradient 계산 optimizer.step() # parameter update # statistics running_loss += loss.item() * inputs.size(0) # inputs.size(0) == batch size running_corrects += torch.sum(preds == labels.data) # True == 1, False == 0, 총 정답 수 num_cnt += len(labels) # len(labels) == batch size if phase == 'train': scheduler.step() # Learning Rate Scheduler epoch_loss = float(running_loss / num_cnt) epoch_acc = float((running_corrects.double() / num_cnt).cpu() * 100) if phase == 'train': train_loss.append(epoch_loss) train_acc.append(epoch_acc) else: valid_loss.append(epoch_loss) valid_acc.append(epoch_acc) print('{} Loss: {:.2f} Acc: {:.1f}'.format(phase, epoch_loss, epoch_acc)) # deep copy the model if phase == 'valid' and epoch_acc > best_acc: best_idx = epoch best_acc = epoch_acc best_model_wts = copy.deepcopy(model.state_dict()) # best_model_wts = copy.deepcopy(model.module.state_dict()) print('==> best model saved - %d / %.1f' % (best_idx, best_acc)) time_elapsed = time.time() - since print('Training complete in {:.0f}m {:.0f}s'.format(time_elapsed // 60, time_elapsed % 60)) print('Best valid Acc: %d - %.1f' % (best_idx, best_acc)) # load best model weights PATH = 'pytorch_model_adv_epoch30_4_sgd_resize3_comp15.pt' model.load_state_dict(best_model_wts) # torch.save(model.state_dict(), PATH) # 모델 객체의 state_dict 저장 torch.save(model, PATH) # 전체모델 저장 torch.save(model.state_dict(), f'C:/Users/mmclab1/.cache/torch/hub/checkpoints/{PATH}') print('model saved') # train, validation의 loss, acc 그래프로 나타내기 plt.subplot(311) plt.plot(train_loss) plt.plot(valid_loss) plt.ylabel('loss') plt.xlabel('epoch') plt.legend(['train', 'validation'], loc='upper left') plt.subplot(313) plt.plot(train_acc) plt.plot(valid_acc) plt.ylabel('acc') plt.xlabel('epoch') plt.legend(['train', 'validation'], loc='upper left') plt.savefig('graph_adv_epoch30_4_sgd_resize3_comp15.png') plt.show() return model, best_idx, best_acc, train_loss, train_acc, valid_loss, valid_acc, inputs
def train_epoch(model, loader, optimizer): model.train() train_loss = [] bar = tqdm(loader) for i, (data, target, face_name, df_method) in enumerate(bar): optimizer.zero_grad() if args.use_meta: data, meta = data data, meta, target = data.to(device), meta.to(device), target.to( device) logits = model(data, meta) else: # attack 추가 method = { '0_PGD': [20, 70, 2], '1_APGD': [20, 70, 2], '2_FGSM': [2, 8], '3_FFGSM': [4, 7, 10], '4_MIFGSM': [3, 6], '5_RFGSM': [4, 7, 8], '6_BIM': [4, 10, 1], '7_CW': [1e-4, 2e-4] } # 1. original data save # img_o # 2. small sized data # img_s = scaling(image_o, scaling_factor=0.5) # out_attack = attack(small_data, target~~~) # img_gen = normalize ( scaling ((out_attack - small_data), 1/scaling_factor) + img_o) for eps in range(2): globals()['atk{}'.format(0)] = torchattacks.PGD( model, eps=method['0_PGD'][eps] / 255, alpha=method['0_PGD'][-1] / 255, steps=4) globals()['atk{}'.format(1)] = torchattacks.APGD( model, eps=method['1_APGD'][eps] / 255, alpha=method['1_APGD'][-1] / 255, steps=4) globals()['atk{}'.format(2)] = torchattacks.FGSM( model, eps=method['2_FGSM'][eps] / 255) globals()['atk{}'.format(3)] = torchattacks.FFGSM( model, eps=method['3_FFGSM'][eps] / 255, alpha=method['3_FFGSM'][-1] / 255) globals()['atk{}'.format(4)] = torchattacks.MIFGSM( model, eps=method['4_MIFGSM'][eps] / 255, steps=4) globals()['atk{}'.format(5)] = torchattacks.RFGSM( model, eps=method['5_RFGSM'][eps] / 255, alpha=method['5_RFGSM'][-1] / 255, steps=4) globals()['atk{}'.format(6)] = torchattacks.BIM( model, eps=method['6_BIM'][eps] / 255, alpha=method['6_BIM'][-1] / 255) globals()['atk{}'.format(7)] = torchattacks.CW( model, c=method['7_CW'][eps], steps=10) for count in range(8): # globals()['data_atk{}'.format(i)] globals()['data_atk{}'.format(count)] = globals()[ 'atk{}'.format(count)](data, (target + 1) % 2) globals()['data_atk{}'.format(count)], target = ( globals()['data_atk{}'.format(count)] ).to(device), target.to(device) logits = model(globals()['data_atk{}'.format(count)]) globals()['data_atk{}'.format(count)] = ( globals()['data_atk{}'.format(count)]).cpu().numpy() method_keys = list(method.keys()) bat_size = args.batch_size for j in range(bat_size): for save_cnt in range(8): globals()['im{}'.format(save_cnt)] = (globals()[ 'data_atk{}'.format(save_cnt)])[j, :, :, :] # imsave( # f"./confirm_attack2img/AE-classification/{method_keys[save_cnt]}/" # f"{target[j]}_{face_name[j]}_{i * bat_size + j}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}_wsbs.png", # np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) imsave( f"./confirm_attack2img/AE-classification/train/" f"{target[j]}_{face_name[j]}_{df_method[j]}_{i * bat_size + j}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}_wsbs.png", np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) loss = criterion(logits, target) if not args.use_amp: loss.backward() # else: # with amp.scale_loss(loss, optimizer) as scaled_loss: # scaled_loss.backward() if args.image_size in [896, 576]: # 그라디언트가 너무 크면 값을 0.5로 잘라준다 (max_grad_norm=0.5) torch.nn.utils.clip_grad_norm_(model.parameters(), 0.5) # gradient accumulation (메모리 부족할때) if args.accumulation_step: if (i + 1) % args.accumulation_step == 0: optimizer.step() # optimizer.zero_grad() else: optimizer.step() # optimizer.zero_grad() loss_np = loss.detach().cpu().numpy() train_loss.append(loss_np) smooth_loss = sum(train_loss[-100:]) / min(len(train_loss), 100) bar.set_description('loss: %.5f, smooth_loss: %.5f' % (loss_np, smooth_loss)) train_loss = np.mean(train_loss) return train_loss
def train(self): best_acc_1 = 0 best_acc_2 = 0 best_nat_acc = 0 if self.epoch < 80: for param_group in self.optimizer.param_groups: param_group['lr'] = 0.1 if self.epoch >= 80 and self.epoch < 120: for param_group in self.optimizer.param_groups: param_group['lr'] = 0.01 if self.epoch >= 120: for param_group in self.optimizer.param_groups: param_group['lr'] = 0.001 while self.epoch < self.args.epochs: self.model.train() total = 0 adv_correct_1 = 0 adv_correct_2 = 0 nat_correct = 0 for i, (image,label) in enumerate(self.trainloader): if torch.cuda.is_available(): image = image.cuda() label = label.cuda() self.optimizer.zero_grad() image, label = Variable(image), Variable(label) #load attack method atk1 = torchattacks.PGD(self.model, eps=8 / 255, alpha=2 / 255, steps=4) atk2 = torchattacks.PGDL2(self.model, eps=0.5, alpha=0.1, steps=7) adversarial_images1 = atk1(image,label) adversarial_images2 = atk2(image,label) outputs1 = self.T_net1(image) outputs2 = self.T_net2(image) student_outputs_adv1 = self.model(adversarial_images1) student_outputs_adv2 = self.model(adversarial_images2) student_output = self.model(image) loss_adv1 = self.distillation(student_outputs_adv1, outputs1, label, 3, 0.9) # learn both from pgd AND loss_adv2 = self.distillation(student_outputs_adv2, outputs2, label, 3, 0.9) loss = loss_adv1 + loss_adv2 loss.backward() self.optimizer.step() #checking for attack-success acc _, adv_pred_1 = torch.max(student_outputs_adv1, dim=1) _, adv_pred_2 = torch.max(student_outputs_adv2, dim=1) _, pred = torch.max(student_output, dim=1) adv_correct_1 += (adv_pred_1 == label).sum() adv_correct_2 += (adv_pred_2 == label).sum() nat_correct += (pred == label).sum() total += label.size(0) self.epoch += 1 acc_1 = float(adv_correct_1)/total acc_2 = float(adv_correct_2)/total nat_acc_ = float(nat_correct)/total mess = "{}th Epoch, nat_acc: {:.3f}, Acc_1: {:.3f}, Acc_2: {:.3f}, Loss: {:.3f}".format(self.epoch, nat_acc_, acc_1, acc_2, loss.item()) self._log(mess) self._save_checkpoint('checkpoint.pth') # Evaluation nat_acc, adv_acc_1, adv_acc_2 = self.eval_() if nat_acc + adv_acc_1 + adv_acc_2 > best_nat_acc + best_acc_1 + best_acc_2: best_nat_acc = nat_acc best_acc_1 = adv_acc_1 best_acc_2 = adv_acc_2 self._save_checkpoint('best_checkpoint.pth') self._log('Best Test Accuracy: {:.3f}/{:.3f}/{:.3f}'.format(best_nat_acc, best_acc_1, best_acc_2)) self._log('=======Best Test Accuracy: {:.3f}/{:.3f}/{:.3f}======'.format(best_nat_acc, best_acc_1, best_acc_2))
def main(args): if args.autoencoder == 'True': autoencoder = torch.load('./saved/DAE_cifar10.pth') else: autoencoder = None classifier = torch.load('./saved/resnet50_cifar10.pth') global device device = torch.device("cuda" if torch.cuda.is_available() else "cpu") # device = torch.device("cpu") model = DecompNet(classifier, Autoencoder=autoencoder, decomposition=args.decomposition) train_set, test_set = datasets.CIFAR10(root='/home/taejoon/data/CIFAR10', normalize=False) num_classes = 10 batch_size = 64 test_loader = torch.utils.data.DataLoader(test_set, batch_size=batch_size) criterion = nn.CrossEntropyLoss() global rank rank = int(args.rank) tucker_rank = [3, rank, rank] total_loss = 0 clean_acc = 0 adv_acc = 0 adv_clf_acc = 0 cp_acc = 0 tucker_acc = 0 tl.set_backend('pytorch') if args.attack == "BPDA": attack = torchattacks.PGD(model, eps=float(Fraction(args.eps))) elif args.attack == "EoT": attack = torchattacks.APGD(model, eps=float(Fraction(args.eps))) model.eval() # attack_classifier = torchattacks.PGD(classifier,eps = float(Fraction(args.eps))) for i, (images, labels) in enumerate(test_loader): images, labels = images.to(device), labels.to(device) preds = model(images) _, prediction = preds.max(dim=1, keepdim=False) clean_acc += (prediction == labels).sum() adversarial_images = attack(images, labels) preds = model(adversarial_images) _, prediction = preds.max(dim=1, keepdim=False) adv_acc += (prediction == labels).sum() # advs = attack_classifier(images,labels) # preds = model(advs) # _,prediction = preds.max(dim = 1,keepdim = False) # adv_clf_acc += (prediction == labels).sum() # # advs = advs.detach().cpu() # Tucker_reconstructions = torch.zeros_like(advs) # for j,adv in enumerate(advs): # core,tucker_factors = tucker(adv,ranks = tucker_rank,init = 'random', tol = 1e-4, random_state=np.random.RandomState()) # tucker_reconstruction = tl.tucker_to_tensor((core,tucker_factors)) # Tucker_reconstructions[j] = tucker_reconstruction # # Tucker_reconstructions = torch.from_numpy(Tucker_reconstructions).to(device,dtype = torch.float) # Tucker_reconstructions = Tucker_reconstructions.to(device) # preds2 = classifier(Tucker_reconstructions) # _,prediction = preds2.max(dim = 1,keepdim = False) # tucker_acc += (prediction == labels).sum() # pdb.set_trace() if (i % 5 == 0): print("method %s # data %f, clean_acc %f, adv_acc %f" % (args.decomposition, (i + 1) * batch_size, clean_acc, adv_acc)) clean_acc = float(clean_acc) / len(test_set) adv_acc = float(adv_acc) / len(test_set) print("method %s # data %f, clean_acc %f, adv_acc %f" % (args.decomposition, (i + 1) * batch_size, clean_acc, adv_acc)) print("rank %s autoencoder %s" % (args.rank, args.autoencoder)) f = open("./result/whitebox_1.txt", 'a') data = "Attack Method : " + args.attack + "\n" data += "Decomposition method : " + args.decomposition + "\n" data += "Autoencoder : " + args.autoencoder + "\n" data += "epsilon : " + args.eps + "\n" data += "rank : " + str(rank) + "\n" data += "clean : " + str(clean_acc) + " adv_acc : " + str(adv_acc) + "\n" data += "=" * 50 f.write(data + '\n')
def train_epoch(model, loader, optimizer): model.train() train_loss = [] bar = tqdm(loader) for i, (data, target, face_name) in enumerate(bar): optimizer.zero_grad() if args.use_meta: data, meta = data data, meta, target = data.to(device), meta.to(device), target.to(device) logits = model(data, meta) else: # attack 추가 method = { '1_PGD': [20,70,2], '2_APGD':[20,70,2], '3_FGSM': [2,8], '4_FFGSM': [4,7,10], '5_MIFGSM': [3,6], '6_RFGSM': [4,7,8], '7_BIM':[4,10,1], '8_CW':[1e-4, 2e-4]} #TODO: dataset에 original image와 attacked image모두 만들기 # 1. original data save img_o # 2. small sized data img_s = scaling(image_o, scaling_factor=0.5) # out_attack = attack(small_data, target~~~) # img_gen = normalize ( scaling ((out_attack - small_data), 1/scaling_factor) + img_o) scaling_factor = 0.5 img_origin = np.transpose(data.cpu().numpy()[i, :, :, :], (1, 2, 0)) img_small = cv2.resize(img_origin, dsize=(0, 0), fx=scaling_factor, fy=scaling_factor) #,interpolation=cv2.INTER_AREA for eps in range(2): globals()['atk{}'.format(1)] = torchattacks.PGD(model, eps=method['1_PGD'][eps] / 255, alpha=method['1_PGD'][-1] / 255, steps=4) globals()['atk{}'.format(2)] = torchattacks.APGD(model, eps=method['2_APGD'][eps] / 255, alpha=method['2_APGD'][-1] / 255, steps=4) globals()['atk{}'.format(3)] = torchattacks.FGSM(model, eps=method['3_FGSM'][eps] / 255) globals()['atk{}'.format(4)] = torchattacks.FFGSM(model, eps=method['4_FFGSM'][eps] / 255, alpha=method['4_FFGSM'][-1] / 255) globals()['atk{}'.format(5)] = torchattacks.MIFGSM(model, eps=method['5_MIFGSM'][eps] / 255, steps=4) globals()['atk{}'.format(6)] = torchattacks.RFGSM(model, eps=method['6_RFGSM'][eps] / 255, alpha=method['6_RFGSM'][-1] / 255, steps=4) globals()['atk{}'.format(7)] = torchattacks.BIM(model, eps=method['7_BIM'][eps] / 255, alpha=method['7_BIM'][-1] / 255) globals()['atk{}'.format(8)] = torchattacks.CW(model, c= method['8_CW'][eps], steps=10) for count in range(1,9): # regularization # torch.clamp(images + delta, min=0, max=1).detach() # torch.from_numpy(img_small) out_attack = globals()['atk{}'.format(count)](torch.from_numpy(img_small), (target + 1) % 2) img_gen = torch.clamp(cv2.resize(out_attack-img_small,dsize=(0,0),fx=1/scaling_factor, fy=1/scaling_factor), min=0, max=1).detach() + img_origin globals()['data_atk{}'.format(count)] = torch.from_numpy(img_gen) globals()['data_atk{}'.format(count)], target = (globals()['data_atk{}'.format(count)]).to(device), target.to(device) logits = model(globals()['data_atk{}'.format(count)]) globals()['data_atk{}'.format(count)] = (globals()['data_atk{}'.format(count)]).cpu().numpy() method_keys = list(method.keys()) bat_size = args.batch_size for j in range(bat_size): # save original image # im0 = data.cpu().numpy()[j, :, :, :] # imsave( # f"./confirm_attack2img/AE-real_fake/0_original/" # f"{target[j]}_{face_name[j]}_{i * bat_size + j}_0_wsbs.png", # np.transpose(im0, (1, 2, 0))) # save attacked image for save_cnt in range(1,9): globals()['im{}'.format(save_cnt)] = (globals()['data_atk{}'.format(save_cnt)])[j, :, :, :] # imsave( # f"./confirm_attack2img/AE-real_fake/{method_keys[save_cnt]}/" # f"{target[j]}_{face_name[j]}_{i * bat_size + j}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}_wsbs.png", # np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) imsave( f"./confirm_attack2img/AE-real_fake/train/" f"{target[j]}_{face_name[j]}_{i * bat_size + j}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}_wsbs.png", np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) loss = criterion(logits, target) if not args.use_amp: loss.backward() # else: # with amp.scale_loss(loss, optimizer) as scaled_loss: # scaled_loss.backward() if args.image_size in [896, 576]: # 그라디언트가 너무 크면 값을 0.5로 잘라준다 (max_grad_norm=0.5) torch.nn.utils.clip_grad_norm_(model.parameters(), 0.5) # gradient accumulation (메모리 부족할때) if args.accumulation_step: if (i + 1) % args.accumulation_step == 0: optimizer.step() # optimizer.zero_grad() else: optimizer.step() # optimizer.zero_grad() loss_np = loss.detach().cpu().numpy() train_loss.append(loss_np) smooth_loss = sum(train_loss[-100:]) / min(len(train_loss), 100) bar.set_description('loss: %.5f, smooth_loss: %.5f' % (loss_np, smooth_loss)) train_loss = np.mean(train_loss) return train_loss
def test(self): norm_layer = Normalize(mean=[0.4914, 0.4822, 0.4465], std=[0.247, 0.243, 0.261]) net1 = nn.Sequential( norm_layer, WideResNet(depth=28, widen_factor=2, num_classes=10)) net1 = net1.cuda() checkpoint_path1 = osp.join(self.args.model_load1) model_data1 = torch.load(checkpoint_path1) net1.load_state_dict(model_data1['model']) net2 = nn.Sequential( self.norm_layer, WideResNet(depth=28, widen_factor=2, num_classes=10)) net2 = net2.cuda() checkpoint_path2 = osp.join(self.args.model_load2) model_data2 = torch.load(checkpoint_path2) net2.load_state_dict(model_data2['model']) torch.backends.cudnn.deterministic = True cudnn.benchmark = True print("safely loaded models") net1.eval() net2.eval() correct1 = 0 correct2 = 0 correct3 = 0 correct4 = 0 correct5 = 0 correct6 = 0 correct7 = 0 correct8 = 0 correct13 = 0 correct14 = 0 total = 0 for batch_idx, (inputs, targets) in enumerate(self.testloader): inputs, targets = inputs.cuda(), targets.cuda() inputs, targets = Variable(inputs), Variable(targets) #Clean image output1 = net1(inputs) output2 = net2(inputs) # net1: PGD trained, net2: GD trained atk_pgd1 = torchattacks.PGD( net1, self.args.epsilon, self.args.alpha, self.args.attack_steps, random_start=self.args.random_start) #noise atk_pgd2 = torchattacks.PGD(net2, self.args.epsilon, self.args.alpha, self.args.attack_steps, random_start=self.args.random_start) atk_gd1 = torchattacks.PGDL2(net1, self.args.epsilon, self.args.alpha, self.args.attack_steps, random_start=self.args.random_start) atk_gd2 = torchattacks.PGDL2(net2, self.args.epsilon, self.args.alpha, self.args.attack_steps, random_start=self.args.random_start) adversarial_images_pgd1 = atk_pgd1(inputs, targets) adversarial_images_gd1 = atk_gd1(inputs, targets) adversarial_images_pgd2 = atk_pgd2(inputs, targets) adversarial_images_gd2 = atk_gd2(inputs, targets) net1_output_pgd1, net2_output_pgd1 = net1( adversarial_images_pgd1), net2(adversarial_images_pgd1) net1_output_gd1, net2_output_gd1 = net1( adversarial_images_gd1), net2(adversarial_images_gd1) net1_output_pgd2, net2_output_pgd2 = net1( adversarial_images_pgd2), net2(adversarial_images_pgd2) net1_output_gd2, net2_output_gd2 = net1( adversarial_images_gd2), net2(adversarial_images_gd2) _, predicted1 = torch.max(net1_output_pgd1.data, 1) _, predicted2 = torch.max(net2_output_pgd1.data, 1) _, predicted3 = torch.max(net1_output_gd1.data, 1) _, predicted4 = torch.max(net2_output_gd1.data, 1) _, predicted5 = torch.max(net1_output_pgd2.data, 1) _, predicted6 = torch.max(net2_output_pgd2.data, 1) _, predicted7 = torch.max(net1_output_gd2.data, 1) _, predicted8 = torch.max(net2_output_gd2.data, 1) _, predicted_clean1 = torch.max(output1.data, 1) _, predicted_clean2 = torch.max(output2.data, 1) # _, predicted = torch.max(student_outputs[1].data, 1) total += targets.size(0) correct1 += predicted1.eq(targets.data).cpu().sum() correct2 += predicted2.eq(targets.data).cpu().sum() correct3 += predicted3.eq(targets.data).cpu().sum() correct4 += predicted4.eq(targets.data).cpu().sum() correct5 += predicted5.eq(targets.data).cpu().sum() correct6 += predicted6.eq(targets.data).cpu().sum() correct7 += predicted7.eq(targets.data).cpu().sum() correct8 += predicted8.eq(targets.data).cpu().sum() correct13 += predicted_clean1.eq(targets.data).cpu().sum() correct14 += predicted_clean2.eq(targets.data).cpu().sum() print('Clean Accuracy Net1: %.2f' % (float(correct13) / float(total) * 100)) print('Clean Accuracy Net2: %.2f\n' % (float(correct14) / float(total) * 100)) print('Noise From Net1 with PGD: Net1: %.2f Net2: %.2f' % (float(correct1) / float(total) * 100, float(correct2) / float(total) * 100)) print('Noise From Net1 with GD: Net1: %.2f Net2: %.2f\n' % (float(correct3) / float(total) * 100, float(correct4) / float(total) * 100)) print('Noise From Net2 with PGD: Net1: %.2f Net2: %.2f' % (float(correct5) / float(total) * 100, float(correct6) / float(total) * 100)) print('Noise From Net2 with GD: Net1: %.2f Net2: %.2f\n' % (float(correct7) / float(total) * 100, float(correct8) / float(total) * 100))
def train(epoch, model, optimizer, scheduler, criterion, train_loader, config, writer, AT): global global_step run_config = config['run_config'] optim_config = config['optim_config'] data_config = config['data_config'] logger.info('Train {}'.format(epoch)) model.train() loss_meter = AverageMeter() accuracy_meter = AverageMeter() start = time.time() for step, (data, targets) in enumerate(train_loader): global_step += 1 if data_config['use_mixup']: data, targets = mixup(data, targets, data_config['mixup_alpha'], data_config['n_classes']) if run_config['tensorboard_train_images']: if step == 0: image = torchvision.utils.make_grid(data, normalize=True, scale_each=True) writer.add_image('Train/Image', image, epoch) if optim_config['scheduler'] == 'multistep': scheduler.step(epoch - 1) elif optim_config['scheduler'] == 'cosine': scheduler.step() if run_config['tensorboard']: if optim_config['scheduler'] != 'none': lr = scheduler.get_lr()[0] else: lr = optim_config['base_lr'] writer.add_scalar('Train/LearningRate', lr, global_step) if run_config['use_gpu']: data = data.cuda() targets = targets.cuda() optimizer.zero_grad() if AT: # all for the attack mean = torch.FloatTensor( np.array([0.4914, 0.4822, 0.4465])[None, :, None, None]).cuda() std = torch.FloatTensor( np.array([0.2470, 0.2435, 0.2616])[None, :, None, None]).cuda() data = data.mul_(std).add_(mean) atk = torchattacks.PGD(model, eps=5 / 255, alpha=0.5 / 255, steps=10) data = atk(data, targets) data = data.sub_(mean).div_(std) # end of attack outputs = model(data) loss = criterion(outputs, targets) # SD if optim_config['SD'] != 0.0: loss += (outputs**2).mean() * optim_config['SD'] loss.backward() optimizer.step() _, preds = torch.max(outputs, dim=1) loss_ = loss.item() if data_config['use_mixup']: _, targets = targets.max(dim=1) correct_ = preds.eq(targets).sum().item() num = data.size(0) accuracy = correct_ / num loss_meter.update(loss_, num) accuracy_meter.update(accuracy, num) if run_config['tensorboard']: writer.add_scalar('Train/RunningLoss', loss_, global_step) writer.add_scalar('Train/RunningAccuracy', accuracy, global_step) if step % 100 == 0: logger.info('Epoch {} Step {}/{} ' 'Loss {:.4f} ({:.4f}) ' 'Accuracy {:.4f} ({:.4f})'.format( epoch, step, len(train_loader), loss_meter.val, loss_meter.avg, accuracy_meter.val, accuracy_meter.avg, )) elapsed = time.time() - start logger.info('Elapsed {:.2f}'.format(elapsed)) if run_config['tensorboard']: writer.add_scalar('Train/Loss', loss_meter.avg, epoch) writer.add_scalar('Train/Accuracy', accuracy_meter.avg, epoch) writer.add_scalar('Train/Time', elapsed, epoch)
criterion = nn.CrossEntropyLoss() net = InterConv_Robust(layer_num=1, hidden_num=50, class_num=2) param_amount = 0 for p in net.named_parameters(): if not 'resnet18' in p[0]: print(p[0]) param_amount += p[1].numel() print('total param amount:', param_amount) net = net.cuda() optimizer = torch.optim.Adam(net.parameters(), lr=args.lr) atk = torchattacks.PGD(net, eps=32 / 255, alpha=2 / 255, steps=30) def test(): correct_num = 0. label_num = 0. for batch_idx, (x, target) in enumerate(test_loader): x = x.cuda() target = target.cuda() target[target == 2] = 0 target[target == 7] = 1 adv_x = atk(x, target) out = net(adv_x) _, pred_label = torch.max(out.data, 1)
correct8 = 0 correct13 = 0 correct14 = 0 total = 0 for batch_idx, (inputs, targets) in enumerate(testloader): inputs, targets = inputs.cuda(), targets.cuda() inputs, targets = Variable(inputs), Variable(targets) #Clean image output1 = net1(inputs) output2 = net2(inputs) # net1: PGD trained, net2: GD trained atk_pgd1 = torchattacks.PGD(net1, eps=8 / 255, alpha=2 / 255, steps=4) #noise atk_pgd2 = torchattacks.PGD(net2, eps=8 / 255, alpha=2 / 255, steps=4) atk_gd1 = torchattacks.PGDL2(net1, eps=0.5, alpha=0.1, steps=7) atk_gd2 = torchattacks.PGDL2(net2, eps=0.5, alpha=0.1, steps=7) adversarial_images_pgd1 = atk_pgd1(inputs, targets) adversarial_images_gd1 = atk_gd1(inputs, targets) adversarial_images_pgd2 = atk_pgd2(inputs, targets) adversarial_images_gd2 = atk_gd2(inputs, targets) net1_output_pgd1, net2_output_pgd1 = net1(adversarial_images_pgd1), net2( adversarial_images_pgd1) net1_output_gd1, net2_output_gd1 = net1(adversarial_images_gd1), net2( adversarial_images_gd1) net1_output_pgd2, net2_output_pgd2 = net1(adversarial_images_pgd2), net2( adversarial_images_pgd2) net1_output_gd2, net2_output_gd2 = net1(adversarial_images_gd2), net2(
def test(epoch, model, criterion, test_loader, run_config, writer, adv=False): logger.info('Test {}'.format(epoch)) model.eval() loss_meter = AverageMeter() correct_meter = AverageMeter() start = time.time() for step, (data, targets) in enumerate(test_loader): if run_config['tensorboard_test_images']: if epoch == 0 and step == 0: image = torchvision.utils.make_grid(data, normalize=True, scale_each=True) writer.add_image('Test/Image', image, epoch) if run_config['use_gpu']: data = data.cuda() targets = targets.cuda() if adv: # all for the attack mean = torch.FloatTensor( np.array([0.4914, 0.4822, 0.4465])[None, :, None, None]).cuda() std = torch.FloatTensor( np.array([0.2470, 0.2435, 0.2616])[None, :, None, None]).cuda() data = data.mul_(std).add_(mean) atk = torchattacks.PGD( model, eps=5 / 255, alpha=0.5 / 255, steps=10) # for Cifar 10 with SD= 0.0 vs 0.01 --> 30 vs 67 # atk = torchattacks.PGD(model, eps=5/255, alpha=0.5/255, steps=10) # for Cifar 100 with SD= 0.0 vs 0.05 --> 14 vs 25 data = atk(data, targets) data = data.sub_(mean).div_(std) # end of attack with torch.no_grad(): outputs = model(data) loss = criterion(outputs, targets) _, preds = torch.max(outputs, dim=1) loss_ = loss.item() correct_ = preds.eq(targets).sum().item() num = data.size(0) loss_meter.update(loss_, num) correct_meter.update(correct_, 1) accuracy = correct_meter.sum / len(test_loader.dataset) logger.info('Epoch {} Loss {:.4f} Accuracy {:.4f}'.format( epoch, loss_meter.avg, accuracy)) elapsed = time.time() - start logger.info('Elapsed {:.2f}'.format(elapsed)) if run_config['tensorboard']: if epoch > 0: writer.add_scalar('Test/Loss', loss_meter.avg, epoch) writer.add_scalar('Test/Accuracy', accuracy, epoch) writer.add_scalar('Test/Time', elapsed, epoch) if run_config['tensorboard_model_params']: for name, param in model.named_parameters(): writer.add_histogram(name, param, global_step) return accuracy
def test_model(model, phase='test'): # phase = 'train', 'valid', 'test' model.eval() # evaluate mode; gradient 계산 안함. running_loss, running_corrects, num_cnt = 0.0, 0, 0 ''' with torch.no_grad(): # memory save를 위해 gradient 저장하지 않음. 보통 test를 할 때, gradient를 training 시키는 것이 아니기 때문에 위와 같은 코드를 추가한다. grad = torch.autograd.grad(cost, images, retain_graph=False, create_graph=False)[0] 하지만, adversarial attack은 위와 같이 gradient를 토대로 data에 공격을 가하기 때문에 gradient가 필요하다. 따라서 test_adv 에는 with torch.no_grad()를 제외해야 한다. ''' for i, (inputs, labels) in enumerate(dataloaders[phase]): # adversarial attack 정의 atks = [ torchattacks.FGSM(model, eps=8 / 255), torchattacks.BIM(model, eps=8 / 255, alpha=2 / 255, steps=7), torchattacks.PGD(model, eps=8 / 255, alpha=2 / 255, steps=7), ] adv_images = atks[0](inputs, labels).to(device) # Image Processing Based Defense Methods --> tensor를 image로 변환하여 적용 for batch in range(inputs.shape[0]): tensor2img = transforms.ToPILImage()(inputs[batch]).convert('RGB') # 1. Resizing # Image.resize(size, resample=3, box=None, reducing_gap=None) # resample(filter): PIL.Image.NEAREST, PIL.Image.BOX, PIL.Image.BILINEAR, PIL.Image.HAMMING, PIL.Image.BICUBIC tensor2img.resize((74, 74)) tensor2img.resize((224, 224)) # 다시 이미지를 tensor로 바꾸기 tensor_img = transforms.ToTensor()(tensor2img) inputs[batch] = tensor_img # 2. jpeg compression tensor2numpy = inputs[batch].cpu().numpy() cv_img = np.transpose(tensor2numpy, (1, 2, 0)) # [w, h, c] cv_img = cv_img * 255 encode_param = [int(cv2.IMWRITE_JPEG_QUALITY), 15] result, encimg = cv2.imencode('.jpg', cv_img, encode_param) if False == result: print('could not encode image!') quit() # decode from jpeg format jpeg_img = cv2.imdecode(encimg, 1) jpeg2input = np.transpose(jpeg_img, (2, 0, 1)) / 255 inputs[batch] = torch.Tensor(jpeg2input).to(device) labels = labels.to(device) outputs = model(adv_images) # forward pass _, preds = torch.max(outputs, 1) # model이 가장 높은 확률로 예측한 label loss = criterion(outputs, labels) # loss 계산 running_loss += loss.item() * inputs.size(0) running_corrects += torch.sum(preds == labels.data) num_cnt += inputs.size(0) # batch size test_loss = running_loss / num_cnt test_acc = running_corrects.double() / num_cnt print('test done : loss/acc : %.2f / %.1f' % (test_loss, test_acc * 100))
def train_epoch(model, loader, optimizer): model.train() train_loss = [] bar = tqdm(loader) for i, (data, target, image_name) in enumerate(bar): optimizer.zero_grad() if args.use_meta: data, meta = data data, meta, target = data.to(device), meta.to(device), target.to( device) logits = model(data, meta) else: # attack 추가: 5,499장 --> 총 7개 attack x epsilon 2개 == 76,986 method = { '0_FGSM': [2, 5, 8], '1_PGD': [20, 50, 80, 2], '2_BIM': [4, 7, 10, 1] } for eps in range(3): globals()['atk{}'.format(0)] = torchattacks.FGSM( model, eps=method['0_FGSM'][eps] / 255) globals()['atk{}'.format(1)] = torchattacks.PGD( model, eps=method['1_PGD'][eps] / 255, alpha=method['1_PGD'][-1] / 255, steps=4) globals()['atk{}'.format(2)] = torchattacks.BIM( model, eps=method['2_BIM'][eps] / 255, alpha=method['2_BIM'][-1] / 255) for count in range(3): # globals()['data_atk{}'.format(i)] globals()['data_atk{}'.format(count)] = globals()[ 'atk{}'.format(count)](data, (target + 1) % 2) globals()['data_atk{}'.format(count)], target = ( globals()['data_atk{}'.format(count)] ).to(device), target.to(device) logits = model(globals()['data_atk{}'.format(count)]) globals()['data_atk{}'.format(count)] = ( globals()['data_atk{}'.format(count)]).cpu().numpy() method_keys = list(method.keys()) bat_size = args.batch_size for j in range(bat_size): for save_cnt in range(3): globals()['im{}'.format(save_cnt)] = (globals()[ 'data_atk{}'.format(save_cnt)])[j, :, :, :] # imsave( # f"./confirm_attack2img/AE-classification/{method_keys[save_cnt]}/" # f"{target[j]}_{id[j]}_{i * bat_size + j}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}.png", # np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) imsave( f"./data/Adversarial Attack/{method_keys[save_cnt]}/" f"{image_name[j].split('.')[0]}_{method_keys[save_cnt]}_eps{method[method_keys[save_cnt]][eps]}_{i * bat_size + j}.png", np.transpose(globals()['im{}'.format(save_cnt)], (1, 2, 0))) loss = criterion(logits, target) if not args.use_amp: loss.backward() # else: # with amp.scale_loss(loss, optimizer) as scaled_loss: # scaled_loss.backward() if args.image_size in [896, 576]: # 그라디언트가 너무 크면 값을 0.5로 잘라준다 (max_grad_norm=0.5) torch.nn.utils.clip_grad_norm_(model.parameters(), 0.5) # gradient accumulation (메모리 부족할때) if args.accumulation_step: if (i + 1) % args.accumulation_step == 0: optimizer.step() # optimizer.zero_grad() else: optimizer.step() # optimizer.zero_grad() loss_np = loss.detach().cpu().numpy() train_loss.append(loss_np) smooth_loss = sum(train_loss[-100:]) / min(len(train_loss), 100) bar.set_description('loss: %.5f, smooth_loss: %.5f' % (loss_np, smooth_loss)) train_loss = np.mean(train_loss) return train_loss
exit(1) logger.info("loaded model and data") CUDA_MODE = torch.cuda.is_available() if not CUDA_MODE: logger.warn( "CUDA not available. Run on a CUDA enabled platform (NVIDIA GPU with compute capability >= 3) to get memory usage and timing stats (this code makes use of CUDA events to accurately measure memory and timing). Press [ENTER] to continue anyways." ) input() # How many images we want to test IMG_NUM = 500 model.eval() attacks = [ torchattacks.PGD(model), torchattacks.DeepFool(model), torchattacks.StepLL(model), torchattacks.BIM(model) ] for attack in attacks: time = [] attack_l2 = [] peak_cuda = [] avg_cuda = [] total_success = 0 logger.info(f"Benchmarking {str(attack)} on {IMG_NUM} images") for img_id in range(IMG_NUM):
num_classes = 10 model = coreModel() tl.set_backend('pytorch') batch_size = 64 train_set,test_set = datasets.CIFAR10(root = '/home/taejoon/data/CIFAR10',normalize = False) train_loader = torch.utils.data.DataLoader(train_set,batch_size = batch_size,shuffle = True) test_loader = torch.utils.data.DataLoader(test_set, batch_size=batch_size, shuffle=False) criterion = nn.CrossEntropyLoss() optimizer = torch.optim.Adam(model.parameters(), lr = 1e-4) model.eval() model = model.to(device) running_loss = 0.0 attack= torchattacks.PGD(classifier, eps= float(8/255.0)) train_loss_epoch = [] train_acc_epoch = [] epoches = 50 for epoch in range(1,epoches): total_loss = 0 total_acc = 0 for (X,y) in tqdm(train_loader): X = X.to(device) y = y.to(device) optimizer.zero_grad() try : core = tucker_decomposition(X)