def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# dataset:将数据集名称转化为大写形式MNIST/CIFAR10
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取MNIST/CIFAR10的模型训练参数,模型,训练集,验证集和测试集
if dataset == 'MNIST':
training_parameters = MNIST_Training_Parameters
model_framework = MNISTConvNet().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
test_loader = get_mnist_test_loader(dir_name='../data/MNIST/',
batch_size=batch_size)
else:
training_parameters = CIFAR10_Training_Parameters
model_framework = resnet20_cifar().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
test_loader = get_cifar10_test_loader(dir_name='../data/CIFAR10/',
batch_size=batch_size)
# defense_name:防御名称为EAT
defense_name = 'NEAT'
# eat_params:防御参数
neat_params = {'eps': args.eps, 'alpha': args.alpha}
# 将各种参数传入到NEAT防御中
neat = NEATDefense(model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**neat_params)
# 如果为True则需要重新训练预定义模型
if args.train_externals:
print('\nStart to train the external models ......\n')
neat.train_external_model_group(train_loader=train_loader,
validation_loader=valid_loader)
# 加载预训练模型
pre_train_models = neat.load_external_model_group(
model_dir='../DefenseEnhancedModels/NEAT/', test_loader=test_loader)
# 进行集成对抗训练,将最佳的模型参数保存到DefenseEnhancedModels/NEAT/MNIST_NEAT_enhanced.pt中或者CIFAR10
neat.defense(pre_trained_models=pre_train_models,
train_loader=train_loader,
validation_loader=valid_loader)
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# dataset:数据集名称MNIST/CIFAR10
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取训练的超参数,获取模型,划分训练集和验证集
# training_parameters:训练超参数
# model_framework:网络
# train_loader:训练集
# valid_loader:验证集
if dataset == 'MNIST':
training_parameters = MNIST_Training_Parameters
model_framework = MNIST_CNN().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
else:
training_parameters = CIFAR10_Training_Parameters
model_framework = ResNet18().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
# defense_name:防御名称
# nat_params:对抗训练的参数
defense_name = 'RAT9'
rat9_params = {
'epsilon': args.epsilon,
'adv_ratio': args.adv_ratio,
'mean': args.mean,
'std': args.std,
'eps_mu': args.eps_mu,
'eps_sigma': args.eps_sigma,
'clip_eps_min': args.clip_eps_min,
'clip_eps_max': args.clip_eps_max
}
# 将参数传入RAT9防御中
rat9 = RAT9Defense(model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**rat9_params)
# 进行对抗训练
rat9.defense(train_loader=train_loader, validation_loader=valid_loader)
def main(args):
# Device configuration
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
# Set the random seed manually for reproducibility.
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取MNIST/MNIST的训练参数、模型、训练集和验证集
if dataset == 'MNIST':
training_parameters = RLFAT_MNIST_Training_Parameters
model_framework = MNIST_CNN().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../RawModels/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
else:
training_parameters = RLFAT_CIFAR10_Training_Parameters
model_framework = ResNet18().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../RawModels/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
augment=True,
shuffle=True)
# defense_name:防御名称
defense_name = 'NewRLFAT1'
# NewRLFAT1_params:防御参数
NewRLFAT1_params = {
'attack_step_num': args.attack_step_num,
'step_size': args.step_size,
'epsilon': args.epsilon,
'k': args.k
}
# 将参数传入NewRLFAT1防御中
NewRLFAT1 = NEWRLFAT1Defense(model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**NewRLFAT1_params)
# 利用NewRLFAT1进行防御
NewRLFAT1.defense(train_loader=train_loader,
validation_loader=valid_loader)
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
# Set the random seed manually for reproducibility.
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取MNIST/MNIST的训练参数、模型、训练集和验证集
if dataset == 'MNIST':
training_parameters = MNIST_Training_Parameters
model_framework = MNIST_CNN().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
else:
training_parameters = CIFAR10_Training_Parameters
model_framework = ResNet18().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
augment=True,
shuffle=True)
# defense_name:防御名称
defense_name = 'NEW_MART2'
# pat_params:防御参数
new_mart2_params = {
'attack_step_num': args.step_num,
'step_size': args.step_size,
'epsilon': args.eps,
'lamda1': args.lamda1,
'lamda2': args.lamda2
}
# 将参数传入NEW_MART2防御中
new_mart2 = NEW_MART2Defense(model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**new_mart2_params)
# 利用NEW_MART2进行防御
new_mart2.defense(train_loader=train_loader,
validation_loader=valid_loader)
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# dataset:数据集名称MNIST/CIFAR10
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取训练的超参数,获取模型,划分训练集和验证集
# training_parameters:训练超参数
# model_framework:网络
# train_loader:训练集
# valid_loader:验证集
if dataset == 'MNIST':
training_parameters = MMA_MNIST_Training_Parameters
model_framework = MNIST_CNN().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
else:
training_parameters = MMA_CIFAR10_Training_Parameters
model_framework = ResNet18().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
# 对训练集/验证集的每个分组进行编号
add_indexes_to_loader(train_loader)
add_indexes_to_loader(valid_loader)
# defense_name:防御名称
# nat_params:对抗训练的参数
defense_name = 'DeepFoolMMA'
deepfoolmma_params = {
'nb_iter': args.nb_iter,
'max_iters': args.max_iters,
'overshoot': args.overshoot,
'test_eps': args.test_eps,
'test_eps_iter': args.test_eps_iter,
'clean_loss_fn': args.clean_loss_fn,
'margin_loss_fn': args.margin_loss_fn,
'attack_loss_fn': args.attack_loss_fn,
'search_loss_fn': args.search_loss_fn,
'hinge_maxeps': args.hinge_maxeps,
'clean_loss_coeff': args.clean_loss_coeff,
'disp_interval': args.disp_interval
}
# 将参数传入OriginMMA防御中
deepfoolmma = DEEPFOOLMMADefense(loader=train_loader,
dataname="train",
verbose=True,
model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**deepfoolmma_params)
# 进行对抗训练
deepfoolmma.test_defense(validation_loader=valid_loader)
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
# Set the random seed manually for reproducibility.
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# 下载CIFAR10训练集,划分为训练集和测试集(然后进行分组),保存到CIFAR10文件夹下面
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=CIFAR10_Training_Parameters['batch_size'],
valid_size=0.1,
shuffle=True)
# 下载CIFAR10测试集(然后进行分组),保存到CIFAR10文件夹下面
test_loader = get_cifar10_test_loader(
dir_name='../data/CIFAR10/',
batch_size=CIFAR10_Training_Parameters['batch_size'])
# 设置模型
# **************引入的模型名称**************
resnet_model = ResNet18().to(device)
# 设置优化器
optimizer = optim.Adam(resnet_model.parameters(),
lr=CIFAR10_Training_Parameters['lr'])
# 训练
# 最好的验证集精度
best_val_acc = None
# 训练模型参数保存路径:/CIFAR10/model/CIFAR10_raw.pt
# **************不同模型需要修改名称**************
model_saver = './CIFAR10/model/ResNet18_' + 'raw' + '.pt'
# 进行epoch次循环训练
for epoch in range(CIFAR10_Training_Parameters['num_epochs']):
# 一次epoch训练
train_one_epoch(model=resnet_model,
train_loader=train_loader,
optimizer=optimizer,
epoch=epoch,
device=device)
# 验证集的精度
val_acc = validation_evaluation(model=resnet_model,
validation_loader=valid_loader,
device=device)
# 学习率调整
adjust_learning_rate(optimizer=optimizer, epoch=epoch)
# 每一次epoch后验证集的精度大于最好的精度时(移除模型保存路径),或者best_val_acc为None时,更新最佳精度,然后将模型参数重新写入保存路径中
if not best_val_acc or round(val_acc, 4) >= round(best_val_acc, 4):
if best_val_acc is not None:
os.remove(model_saver)
best_val_acc = val_acc
resnet_model.save(name=model_saver)
# 否则提示精度未发生提高
else:
print(
'Train Epoch{:>3}: validation dataset accuracy did not improve from {:.4f}\n'
.format(epoch, best_val_acc))
# 测试
# 复制resnet_model
final_model = copy.deepcopy(resnet_model)
# 加载final_model
final_model.load(path=model_saver, device=device)
# 计算模型在测试集上面的精度并输出
accuracy = testing_evaluation(model=final_model,
test_loader=test_loader,
device=device)
# 打印模型在测试集上的精度
print(
'Finally, the ACCURACY of saved model [{}] on testing dataset is {:.2f}%\n'
.format(final_model.model_name, accuracy * 100.0))
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# dataset:数据集名称MNIST/CIFAR10
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# 获取训练的超参数,获取模型,划分训练集和验证集
# training_parameters:训练超参数
# model_framework:网络
# train_loader:训练集
# valid_loader:验证集
if dataset == 'MNIST':
training_parameters = MNIST_Training_Parameters
model_framework = MNIST_CNN().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
uap_train_loader, uap_valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=1,
valid_size=0.9,
shuffle=True)
else:
training_parameters = CIFAR10_Training_Parameters
model_framework = ResNet18().to(device)
batch_size = training_parameters['batch_size']
train_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.1,
shuffle=True)
uap_train_loader, uap_valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=1,
valid_size=0.9,
shuffle=True)
# defense_name:防御名称
# nat_params:对抗训练的参数
defense_name = 'UAPAT'
uapat_params = {
'fool_rate': args.fool_rate,
'epsilon': args.epsilon,
'max_iter_universal': args.max_iter_universal,
'overshoot': args.overshoot,
'max_iter_deepfool': args.max_iter_deepfool
}
# 将参数传入UAPAT防御中
uapat = UAPATDefense(model=model_framework,
defense_name=defense_name,
dataset=dataset,
training_parameters=training_parameters,
device=device,
**uapat_params)
# 进行对抗训练
uapat.defense(train_loader=train_loader,
validation_loader=valid_loader,
uap_train_loader=uap_train_loader,
uap_validation_loader=uap_valid_loader)
def generate(self):
# 将参数传入到UAP攻击中
attacker = UniversalAttack(model=self.raw_model,
fooling_rate=self.fooling_rate,
max_iter_universal=self.max_iter_uni,
epsilon=self.epsilon,
overshoot=self.overshoot,
max_iter_deepfool=self.max_iter_df)
assert self.dataset.upper() == 'MNIST' or self.dataset.upper(
) == 'CIFAR10', "dataset should be MNIST or CIFAR10!"
# 获取MNIST/CIFAR10的训练集和验证集
if self.dataset.upper() == 'MNIST':
samples_loader, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=1,
valid_size=0.9,
shuffle=True)
else: # 'CIFAR10':
samples_loader, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=1,
valid_size=0.9,
augment=False,
shuffle=True)
# 计算UAP扰动并转化为numpy形式
universal_perturbation = attacker.universal_perturbation(
dataset=samples_loader,
validation=valid_loader,
device=self.device)
universal_perturbation = universal_perturbation.cpu().numpy()
# 将UAP扰动存放在AdversarialExampleDatasets/UAP_MNIST_universal_perturbation中
np.save(
'{}{}_{}_universal_perturbation'.format(self.adv_examples_dir,
self.attack_name,
self.dataset),
universal_perturbation)
# 产生UAP对抗样本
adv_samples = attacker.perturbation(xs=self.nature_samples,
uni_pert=universal_perturbation,
device=self.device)
# UAP对抗样本的预测标签softmax
adv_labels = predict(model=self.raw_model,
samples=adv_samples,
device=self.device)
# UAP对抗样本的预测标签转化为numpy
adv_labels = torch.max(adv_labels, 1)[1]
adv_labels = adv_labels.cpu().numpy()
# 将UAP对抗样本、UAP对抗样本标签和真实标签进行保存
np.save(
'{}{}_AdvExamples.npy'.format(self.adv_examples_dir,
self.attack_name), adv_samples)
np.save(
'{}{}_AdvLabels.npy'.format(self.adv_examples_dir,
self.attack_name), adv_labels)
np.save(
'{}{}_TrueLabels.npy'.format(self.adv_examples_dir,
self.attack_name),
self.labels_samples)
# 计算添加了UAP扰动对抗样本的误分类率
mis = 0
for i in range(len(adv_samples)):
if self.labels_samples[i].argmax(axis=0) != adv_labels[i]:
mis = mis + 1
print(
'\nFor **{}** on **{}**: misclassification ratio is {}/{}={:.1f}%\n'
.format(self.attack_name, self.dataset, mis, len(adv_samples),
mis / len(adv_labels) * 100))
def main(args):
os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
torch.backends.cudnn.deterministic = True
torch.backends.cudnn.benchmark = False
torch.manual_seed(args.seed)
if torch.cuda.is_available():
torch.cuda.manual_seed(args.seed)
np.random.seed(args.seed)
random.seed(args.seed)
# dataset:数据集名称转化为大写形式MNIST/CIFAR10
dataset = args.dataset.upper()
assert dataset == 'MNIST' or dataset == 'CIFAR10'
# batch_size:每个分组的大小为1000
batch_size = 1000
# 获取MNIST/CIFAR10的模型,测试集
model_location = '{}/{}/model/{}_raw.pt'.format('../data', dataset,
dataset)
if dataset == 'MNIST':
raw_model = MNIST_CNN().to(device)
test_loader = get_mnist_test_loader(dir_name='../data/MNIST/',
batch_size=batch_size)
else:
raw_model = ResNet18().to(device)
test_loader = get_cifar10_test_loader(dir_name='../data/CIFAR10/',
batch_size=batch_size)
# 加载MNIST/CIFAR10的模型
raw_model.load(path=model_location, device=device)
# defense_name:防御名称为NRC
defense_name = 'NRC'
# 将参数传入NRC防御中
nrc = NRCDefense(model=raw_model,
defense_name=defense_name,
dataset=dataset,
device=device,
num_points=args.num_points)
# 如果要进行最优半径的搜索
if args.search:
# get the validation dataset (10% with the training dataset)
print('start to search the radius r using validation dataset ...')
# 获取MNIST/CIFAR10的验证集
if dataset == 'MNIST':
_, valid_loader = get_mnist_train_validate_loader(
dir_name='../data/MNIST/',
batch_size=batch_size,
valid_size=0.02,
shuffle=True)
else:
_, valid_loader = get_cifar10_train_validate_loader(
dir_name='../data/CIFAR10/',
batch_size=batch_size,
valid_size=0.02,
shuffle=True)
# radius:通过验证集得到最优的半径值
radius = nrc.search_best_radius(validation_loader=valid_loader,
radius_min=args.radius_min,
radius_max=args.radius_max,
radius_step=args.radius_step)
# 否则半径值为默认的0.01
else:
radius = round(args.radius, 2)
print(
'######\nthe radius for NRC is set or searched as: {}\n######'.format(
radius))
# 计算NRC模型在测试集上的分类精度
print(
'\nStart to calculate the accuracy of region-based classification defense on testing dataset'
)
raw_model.eval()
total = 0.0
correct = 0.0
with torch.no_grad():
for images, labels in test_loader:
nrc_labels = nrc.region_based_classification(samples=images,
radius=radius,
mean=args.mean,
std=args.std)
nrc_labels = torch.from_numpy(nrc_labels)
total += labels.size(0)
correct += (nrc_labels == labels).sum().item()
ratio = correct / total
print(
'\nTest accuracy of the {} model on the testing dataset: {:.1f}/{:.1f} = {:.2f}%\n'
.format(raw_model.model_name, correct, total, ratio * 100))
