def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # dataset:将数据集名称转化为大写形式MNIST/CIFAR10 dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取MNIST/CIFAR10的模型训练参数,模型,训练集,验证集和测试集 if dataset == 'MNIST': training_parameters = MNIST_Training_Parameters model_framework = MNISTConvNet().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) test_loader = get_mnist_test_loader(dir_name='../data/MNIST/', batch_size=batch_size) else: training_parameters = CIFAR10_Training_Parameters model_framework = resnet20_cifar().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.1, shuffle=True) test_loader = get_cifar10_test_loader(dir_name='../data/CIFAR10/', batch_size=batch_size) # defense_name:防御名称为EAT defense_name = 'NEAT' # eat_params:防御参数 neat_params = {'eps': args.eps, 'alpha': args.alpha} # 将各种参数传入到NEAT防御中 neat = NEATDefense(model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **neat_params) # 如果为True则需要重新训练预定义模型 if args.train_externals: print('\nStart to train the external models ......\n') neat.train_external_model_group(train_loader=train_loader, validation_loader=valid_loader) # 加载预训练模型 pre_train_models = neat.load_external_model_group( model_dir='../DefenseEnhancedModels/NEAT/', test_loader=test_loader) # 进行集成对抗训练,将最佳的模型参数保存到DefenseEnhancedModels/NEAT/MNIST_NEAT_enhanced.pt中或者CIFAR10 neat.defense(pre_trained_models=pre_train_models, train_loader=train_loader, validation_loader=valid_loader)
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # dataset:数据集名称MNIST/CIFAR10 dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取训练的超参数,获取模型,划分训练集和验证集 # training_parameters:训练超参数 # model_framework:网络 # train_loader:训练集 # valid_loader:验证集 if dataset == 'MNIST': training_parameters = MNIST_Training_Parameters model_framework = MNIST_CNN().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) else: training_parameters = CIFAR10_Training_Parameters model_framework = ResNet18().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.1, shuffle=True) # defense_name:防御名称 # nat_params:对抗训练的参数 defense_name = 'RAT9' rat9_params = { 'epsilon': args.epsilon, 'adv_ratio': args.adv_ratio, 'mean': args.mean, 'std': args.std, 'eps_mu': args.eps_mu, 'eps_sigma': args.eps_sigma, 'clip_eps_min': args.clip_eps_min, 'clip_eps_max': args.clip_eps_max } # 将参数传入RAT9防御中 rat9 = RAT9Defense(model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **rat9_params) # 进行对抗训练 rat9.defense(train_loader=train_loader, validation_loader=valid_loader)
def main(args): # Device configuration os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') # Set the random seed manually for reproducibility. torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取MNIST/MNIST的训练参数、模型、训练集和验证集 if dataset == 'MNIST': training_parameters = RLFAT_MNIST_Training_Parameters model_framework = MNIST_CNN().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../RawModels/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) else: training_parameters = RLFAT_CIFAR10_Training_Parameters model_framework = ResNet18().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../RawModels/CIFAR10/', batch_size=batch_size, valid_size=0.1, augment=True, shuffle=True) # defense_name:防御名称 defense_name = 'NewRLFAT1' # NewRLFAT1_params:防御参数 NewRLFAT1_params = { 'attack_step_num': args.attack_step_num, 'step_size': args.step_size, 'epsilon': args.epsilon, 'k': args.k } # 将参数传入NewRLFAT1防御中 NewRLFAT1 = NEWRLFAT1Defense(model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **NewRLFAT1_params) # 利用NewRLFAT1进行防御 NewRLFAT1.defense(train_loader=train_loader, validation_loader=valid_loader)
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') # Set the random seed manually for reproducibility. torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取MNIST/MNIST的训练参数、模型、训练集和验证集 if dataset == 'MNIST': training_parameters = MNIST_Training_Parameters model_framework = MNIST_CNN().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) else: training_parameters = CIFAR10_Training_Parameters model_framework = ResNet18().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.1, augment=True, shuffle=True) # defense_name:防御名称 defense_name = 'NEW_MART2' # pat_params:防御参数 new_mart2_params = { 'attack_step_num': args.step_num, 'step_size': args.step_size, 'epsilon': args.eps, 'lamda1': args.lamda1, 'lamda2': args.lamda2 } # 将参数传入NEW_MART2防御中 new_mart2 = NEW_MART2Defense(model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **new_mart2_params) # 利用NEW_MART2进行防御 new_mart2.defense(train_loader=train_loader, validation_loader=valid_loader)
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # 下载mnist训练集,划分为训练集和测试集(然后进行分组),保存到MNIST文件夹下面 train_loader, valid_loader = get_mnist_train_validate_loader(dir_name='../data/MNIST', batch_size=MNIST_Training_Parameters['batch_size'],valid_size=0.1, shuffle=True) # 下载minst测试集(然后进行分组),保存到MNIST文件夹下面 test_loader = get_mnist_test_loader(dir_name='../data/MNIST', batch_size=MNIST_Training_Parameters['batch_size']) # 设置模型 # **************引入的模型名称************** mnist_model = MNIST_CNN().to(device) # 设置优化器 optimizer = optim.SGD(mnist_model.parameters(), lr=MNIST_Training_Parameters['learning_rate'], momentum=MNIST_Training_Parameters['momentum'], weight_decay=MNIST_Training_Parameters['decay'], nesterov=True) # 训练 # 最好的验证集精度 best_val_acc = None # 训练模型参数保存路径:/MNIST/model/MNIST_raw.pt # **************不同模型需要修改名称************** model_saver = '../data/MNIST/model/MART_MNIST_' + 'raw' + '.pt' # 进行epoch次循环训练 for epoch in range(MNIST_Training_Parameters['num_epochs']): # 一次epoch训练 train_one_epoch(model=mnist_model, train_loader=train_loader, optimizer=optimizer, epoch=epoch, device=device) # 验证集的精度 val_acc = validation_evaluation(model=mnist_model, validation_loader=valid_loader, device=device) adjust_MNIST_learning_rate(optimizer=optimizer, epoch=epoch) # 每一次epoch后验证集的精度大于最好的精度时(移除模型保存路径),或者best_val_acc为None时,更新最佳精度,然后将模型参数重新写入保存路径中 if not best_val_acc or round(val_acc, 4) >= round(best_val_acc, 4): if best_val_acc is not None: os.remove(model_saver) best_val_acc = val_acc mnist_model.save(name=model_saver) # 否则提示精度未发生提高 else: print('Train Epoch{:>3}: validation dataset accuracy did not improve from {:.4f}\n'.format(epoch, best_val_acc)) # 测试 # 复制mnist_model final_model = copy.deepcopy(mnist_model) # 加载final_model final_model.load(path=model_saver, device=device) # 计算模型在测试集上面的精度并输出 accuracy = testing_evaluation(model=final_model, test_loader=test_loader, device=device) # 打印模型在测试集上的精度 print('Finally, the ACCURACY of saved model [{}] on testing dataset is {:.2f}%\n'.format(final_model.model_name, accuracy * 100.0))
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # dataset:数据集名称MNIST/CIFAR10 dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取训练的超参数,获取模型,划分训练集和验证集 # training_parameters:训练超参数 # model_framework:网络 # train_loader:训练集 # valid_loader:验证集 if dataset == 'MNIST': training_parameters = MMA_MNIST_Training_Parameters model_framework = MNIST_CNN().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) else: training_parameters = MMA_CIFAR10_Training_Parameters model_framework = ResNet18().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.1, shuffle=True) # 对训练集/验证集的每个分组进行编号 add_indexes_to_loader(train_loader) add_indexes_to_loader(valid_loader) # defense_name:防御名称 # nat_params:对抗训练的参数 defense_name = 'DeepFoolMMA' deepfoolmma_params = { 'nb_iter': args.nb_iter, 'max_iters': args.max_iters, 'overshoot': args.overshoot, 'test_eps': args.test_eps, 'test_eps_iter': args.test_eps_iter, 'clean_loss_fn': args.clean_loss_fn, 'margin_loss_fn': args.margin_loss_fn, 'attack_loss_fn': args.attack_loss_fn, 'search_loss_fn': args.search_loss_fn, 'hinge_maxeps': args.hinge_maxeps, 'clean_loss_coeff': args.clean_loss_coeff, 'disp_interval': args.disp_interval } # 将参数传入OriginMMA防御中 deepfoolmma = DEEPFOOLMMADefense(loader=train_loader, dataname="train", verbose=True, model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **deepfoolmma_params) # 进行对抗训练 deepfoolmma.test_defense(validation_loader=valid_loader)
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # dataset:数据集名称MNIST/CIFAR10 dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # 获取训练的超参数,获取模型,划分训练集和验证集 # training_parameters:训练超参数 # model_framework:网络 # train_loader:训练集 # valid_loader:验证集 if dataset == 'MNIST': training_parameters = MNIST_Training_Parameters model_framework = MNIST_CNN().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.1, shuffle=True) uap_train_loader, uap_valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=1, valid_size=0.9, shuffle=True) else: training_parameters = CIFAR10_Training_Parameters model_framework = ResNet18().to(device) batch_size = training_parameters['batch_size'] train_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.1, shuffle=True) uap_train_loader, uap_valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=1, valid_size=0.9, shuffle=True) # defense_name:防御名称 # nat_params:对抗训练的参数 defense_name = 'UAPAT' uapat_params = { 'fool_rate': args.fool_rate, 'epsilon': args.epsilon, 'max_iter_universal': args.max_iter_universal, 'overshoot': args.overshoot, 'max_iter_deepfool': args.max_iter_deepfool } # 将参数传入UAPAT防御中 uapat = UAPATDefense(model=model_framework, defense_name=defense_name, dataset=dataset, training_parameters=training_parameters, device=device, **uapat_params) # 进行对抗训练 uapat.defense(train_loader=train_loader, validation_loader=valid_loader, uap_train_loader=uap_train_loader, uap_validation_loader=uap_valid_loader)
def generate(self): # 将参数传入到UAP攻击中 attacker = UniversalAttack(model=self.raw_model, fooling_rate=self.fooling_rate, max_iter_universal=self.max_iter_uni, epsilon=self.epsilon, overshoot=self.overshoot, max_iter_deepfool=self.max_iter_df) assert self.dataset.upper() == 'MNIST' or self.dataset.upper( ) == 'CIFAR10', "dataset should be MNIST or CIFAR10!" # 获取MNIST/CIFAR10的训练集和验证集 if self.dataset.upper() == 'MNIST': samples_loader, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=1, valid_size=0.9, shuffle=True) else: # 'CIFAR10': samples_loader, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=1, valid_size=0.9, augment=False, shuffle=True) # 计算UAP扰动并转化为numpy形式 universal_perturbation = attacker.universal_perturbation( dataset=samples_loader, validation=valid_loader, device=self.device) universal_perturbation = universal_perturbation.cpu().numpy() # 将UAP扰动存放在AdversarialExampleDatasets/UAP_MNIST_universal_perturbation中 np.save( '{}{}_{}_universal_perturbation'.format(self.adv_examples_dir, self.attack_name, self.dataset), universal_perturbation) # 产生UAP对抗样本 adv_samples = attacker.perturbation(xs=self.nature_samples, uni_pert=universal_perturbation, device=self.device) # UAP对抗样本的预测标签softmax adv_labels = predict(model=self.raw_model, samples=adv_samples, device=self.device) # UAP对抗样本的预测标签转化为numpy adv_labels = torch.max(adv_labels, 1)[1] adv_labels = adv_labels.cpu().numpy() # 将UAP对抗样本、UAP对抗样本标签和真实标签进行保存 np.save( '{}{}_AdvExamples.npy'.format(self.adv_examples_dir, self.attack_name), adv_samples) np.save( '{}{}_AdvLabels.npy'.format(self.adv_examples_dir, self.attack_name), adv_labels) np.save( '{}{}_TrueLabels.npy'.format(self.adv_examples_dir, self.attack_name), self.labels_samples) # 计算添加了UAP扰动对抗样本的误分类率 mis = 0 for i in range(len(adv_samples)): if self.labels_samples[i].argmax(axis=0) != adv_labels[i]: mis = mis + 1 print( '\nFor **{}** on **{}**: misclassification ratio is {}/{}={:.1f}%\n' .format(self.attack_name, self.dataset, mis, len(adv_samples), mis / len(adv_labels) * 100))
def main(args): os.environ['CUDA_VISIBLE_DEVICES'] = args.gpu_index device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') torch.backends.cudnn.deterministic = True torch.backends.cudnn.benchmark = False torch.manual_seed(args.seed) if torch.cuda.is_available(): torch.cuda.manual_seed(args.seed) np.random.seed(args.seed) random.seed(args.seed) # dataset:数据集名称转化为大写形式MNIST/CIFAR10 dataset = args.dataset.upper() assert dataset == 'MNIST' or dataset == 'CIFAR10' # batch_size:每个分组的大小为1000 batch_size = 1000 # 获取MNIST/CIFAR10的模型,测试集 model_location = '{}/{}/model/{}_raw.pt'.format('../data', dataset, dataset) if dataset == 'MNIST': raw_model = MNIST_CNN().to(device) test_loader = get_mnist_test_loader(dir_name='../data/MNIST/', batch_size=batch_size) else: raw_model = ResNet18().to(device) test_loader = get_cifar10_test_loader(dir_name='../data/CIFAR10/', batch_size=batch_size) # 加载MNIST/CIFAR10的模型 raw_model.load(path=model_location, device=device) # defense_name:防御名称为NRC defense_name = 'NRC' # 将参数传入NRC防御中 nrc = NRCDefense(model=raw_model, defense_name=defense_name, dataset=dataset, device=device, num_points=args.num_points) # 如果要进行最优半径的搜索 if args.search: # get the validation dataset (10% with the training dataset) print('start to search the radius r using validation dataset ...') # 获取MNIST/CIFAR10的验证集 if dataset == 'MNIST': _, valid_loader = get_mnist_train_validate_loader( dir_name='../data/MNIST/', batch_size=batch_size, valid_size=0.02, shuffle=True) else: _, valid_loader = get_cifar10_train_validate_loader( dir_name='../data/CIFAR10/', batch_size=batch_size, valid_size=0.02, shuffle=True) # radius:通过验证集得到最优的半径值 radius = nrc.search_best_radius(validation_loader=valid_loader, radius_min=args.radius_min, radius_max=args.radius_max, radius_step=args.radius_step) # 否则半径值为默认的0.01 else: radius = round(args.radius, 2) print( '######\nthe radius for NRC is set or searched as: {}\n######'.format( radius)) # 计算NRC模型在测试集上的分类精度 print( '\nStart to calculate the accuracy of region-based classification defense on testing dataset' ) raw_model.eval() total = 0.0 correct = 0.0 with torch.no_grad(): for images, labels in test_loader: nrc_labels = nrc.region_based_classification(samples=images, radius=radius, mean=args.mean, std=args.std) nrc_labels = torch.from_numpy(nrc_labels) total += labels.size(0) correct += (nrc_labels == labels).sum().item() ratio = correct / total print( '\nTest accuracy of the {} model on the testing dataset: {:.1f}/{:.1f} = {:.2f}%\n' .format(raw_model.model_name, correct, total, ratio * 100))