def test_adversary_mnist(algorithm, step, p, model_filename): import os from advertorch.test_utils import LeNet5 from advertorch_examples.utils import get_mnist_test_loader from advertorch_examples.utils import TRAINED_MODEL_PATH # Setup torch.manual_seed(0) use_cuda = torch.cuda.is_available() device = torch.device("cuda" if use_cuda else "cpu") device = torch.device("cpu") model = LeNet5() model_path = os.path.join(TRAINED_MODEL_PATH, model_filename) model.load_state_dict(torch.load(model_path, map_location=device)) model.eval() criterion = nn.CrossEntropyLoss() constraint = chop.constraints.make_LpBall(alpha=1., p=p) test_loader = get_mnist_test_loader(batch_size=1, shuffle=True) # Just get first batch for data, target in test_loader: break data, target = data.to(device), target.to(device) adv = Adversary(algorithm) if algorithm == optim.minimize_pgd: alg_kwargs = {'prox': constraint.prox, 'max_iter': 50, 'step': step} elif algorithm == optim.minimize_pgd_madry: alg_kwargs = { 'prox': constraint.prox, 'lmo': constraint.lmo, 'max_iter': 50, 'step': step } elif algorithm == optim.minimize_frank_wolfe: alg_kwargs = { 'lmo': constraint.lmo, 'step': step if step else 'sublinear', 'max_iter': 50 } # Run and log perturbation adv_loss, delta = adv.perturb(data, target, model, criterion, **alg_kwargs)
from advertorch_examples.benchmark_utils import benchmark_attack_success_rate batch_size = 100 device = "cuda" lst_attack = [ (LinfPGDAttack, dict( loss_fn=nn.CrossEntropyLoss(reduction="sum"), eps=0.3, nb_iter=40, eps_iter=0.01, rand_init=False, clip_min=0.0, clip_max=1.0, targeted=False)), ] # each element in the list is the tuple (attack_class, attack_kwargs) mnist_clntrained_model = get_mnist_lenet5_clntrained().to(device) mnist_advtrained_model = get_mnist_lenet5_advtrained().to(device) mnist_test_loader = get_mnist_test_loader(batch_size=batch_size) lst_setting = [ (mnist_clntrained_model, mnist_test_loader), (mnist_advtrained_model, mnist_test_loader), ] info = get_benchmark_sys_info() lst_benchmark = [] for model, loader in lst_setting: for attack_class, attack_kwargs in lst_attack: lst_benchmark.append(benchmark_attack_success_rate( model, loader, attack_class, attack_kwargs))
from advertorch.test_utils import MLP from advertorch_examples.utils import TRAINED_MODEL_PATH from advertorch_examples.utils import get_mnist_test_loader import foolbox from foolbox.attacks.localsearch import SinglePixelAttack as SPAfb from foolbox.attacks.localsearch import LocalSearchAttack as LSAfb NUM_CLASS = 10 BATCH_SIZE = 10 # TODO: need to make sure these precisions are enough ATOL = 1e-4 RTOL = 1e-4 loader_test = get_mnist_test_loader(BATCH_SIZE) data_iter = iter(loader_test) img_batch, label_batch = data_iter.next() # Setup the test MLP model model = MLP() model.eval() model.load_state_dict( torch.load(os.path.join(TRAINED_MODEL_PATH, 'mlp.pkl'), map_location='cpu')) model.to("cpu") # foolbox single pixel attack do not succeed on this model # therefore using mlp.pkl # from advertorch.test_utils import LeNet5
if __name__ == '__main__': LAMBDA = 10 ITERS = 200 parser = argparse.ArgumentParser(description='Train MNIST') parser.add_argument('--seed', default=0, type=int) parser.add_argument('--train_batch_size', default=100, type=int) parser.add_argument('--test_batch_size', default=1000, type=int) parser.add_argument('--log_interval', default=10, type=int) args = parser.parse_args() model_filename = "mnist_wass_net.pt" torch.manual_seed(args.seed) train_loader = get_mnist_train_loader(batch_size=args.train_batch_size, shuffle=True) test_loader = get_mnist_test_loader(batch_size=args.test_batch_size, shuffle=False) filename = "mnist_lenet5_clntrained.pt" model = LeNet5() model.load_state_dict( torch.load(os.path.join(TRAINED_MODEL_PATH, filename), map_location='cpu')) model.to(device) model.eval() adversary = L1BasicIterativeAttack( model, loss_fn=nn.CrossEntropyLoss(reduction="sum"), eps=0.2, nb_iter=10, eps_iter=0.01, clip_min=0.0,
with open('features/features_trainloader_tensor_' + net + '.pickle', 'rb') as handle: features_trainloader = pickle.load(handle) with open('features/labels_' + net + '.pickle', 'rb') as handle: labels = pickle.load(handle) for l in range(4): features_trainloader[str(l + 1)] = features_trainloader[str(l + 1)].to(device) if net == 'mnist': train_loader = get_mnist_train_loader(batch_size=train_batch_size, shuffle=True) train_loader_save = get_mnist_train_loader(batch_size=train_batch_size, shuffle=False) test_loader = get_mnist_test_loader(batch_size=1, shuffle=False) elif net == 'fashion_mnist': train_loader = get_fashion_mnist_train_loader(batch_size=train_batch_size, shuffle=True) test_loader = get_fashion_mnist_test_loader(batch_size=1, shuffle=False) elif net == 'svhn': train_loader = get_svhn_train_loader(batch_size=train_batch_size, shuffle=True) test_loader = get_svhn_test_loader(batch_size=1, shuffle=False) y_test = [] for i, (data, target) in enumerate(test_loader): y_test.append(target.item()) y_test = np.array(y_test) np.random.seed(1234)
from advertorch_examples.utils import get_mnist_train_loader from advertorch_examples.utils import get_mnist_test_loader import constopt from constopt.adversary import Adversary from constopt.optim import PGD, PGDMadry, FrankWolfe, MomentumFrankWolfe # Setup torch.manual_seed(0) use_cuda = torch.cuda.is_available() device = torch.device("cuda" if use_cuda else "cpu") # Data Loaders train_loader = get_mnist_train_loader(batch_size=128, shuffle=True) test_loader = get_mnist_test_loader(batch_size=512, shuffle=True) # Model setup model = LeNet5() model.to(device) criterion = nn.CrossEntropyLoss() # Outer optimization parameters nb_epochs = 20 optimizer = torch.optim.SGD(model.parameters(), lr=.1, momentum=.9) # Inner optimization parameters eps = 0.3 constraint = constopt.constraints.make_LpBall(alpha=eps, p=np.inf) inner_iter = 40 inner_iter_test = 20
def s_dist(clns, advs): sinkhorn = SinkhornDistance(eps=0.1, max_iter=1000, reduction=None) x = np.array(clns).reshape(-1, 28 * 28, 1) y = np.array(advs).reshape(-1, 28 * 28, 1) x = torch.tensor(x).float() y = torch.tensor(y).float() w_dist, _, _ = sinkhorn(x, y) return torch.mean(255 * w_dist).numpy() def w_dist(x, y): return (wass_model(x) - wass_model(y)).detach().numpy().mean() loader = get_mnist_test_loader(batch_size=args.batch_size, shuffle=True) clns = [] advs = [] trues = [] pred_clns = [] pred_advs = [] iter_counts = [] for batch_idx, (cln_data, true_label) in enumerate(loader): cln_data, true_label = cln_data.to(device), true_label.to(device) adv_untargeted, iter_count = adversary.perturb(cln_data, true_label) iter_counts.append(iter_count) pred_cln = predict_from_logits(model(cln_data)) pred_untargeted_adv = predict_from_logits(model(adv_untargeted)) clns = clns + list(cln_data.numpy()) advs = advs + list(adv_untargeted.numpy()) trues = trues + list(true_label.numpy())
def save_noisy_image(img, name): if img.size(1) == 3: img = img.view(img.size(0), 3, 32, 32) save_image(img, name) else: img = img.view(img.size(0), 1, 28, 28) save_image(img, name) # Adopt True for the first time generate_mnist = True # Generate mnist images to folder if generate_mnist == True: loader = get_mnist_test_loader(batch_size=1, shuffle=False) base_folder = f"Report/MNIST/groundtruth/1" os.makedirs(base_folder, exist_ok=True) count = 0 for cln_data, true_label in loader: image_path = os.path.join(base_folder, f"{count}.png") save_noisy_image(cln_data, image_path) count += 1 print("Generating MNIST finished!!!") noise_type = args.noise epsi = args.epsilon / 100 # Generate PGDA noise reports to folder if noise_type == 'PGDA': filename = "mnist_lenet5_clntrained.pt"