def do_train(args):
"""
Train the model using the provided arguments.
"""
# Assumption: it is cheap to store all the data in text form in
# memory (it's only about 144mb)
_, X, y = load_data_raw(args.input)
X_train, y_train, X_val, y_val = split_data(X, y, args.dev_split)
# Assumption: word vector model will also easily fit in memory.
wvecs = WordVectorModel.from_file(args.wvecs, False, '*UNKNOWN*')
# Typical values are 50, 50
input_shape = (1,args.n_words, wvecs.dim)
output_shape = len(LABELS)
# Build model
model = build_model(args, input_shape=input_shape, output_shape=output_shape, output_type=args.output_type)
# Training data on the other hand will not. Each input instance is
# 50x50 matrix with 8bytes per value: that's about 20kb.
# Assuming we want to store only about 500mb in memory at a time,
# that means we want at most 25k items in a batch.
# Typically minibatches of 32-128 are probably ok. Let's keep it
# that way?
for epoch in range(args.n_epochs):
log("== Training model, epoch {}", epoch)
scorer = Scorer(model)
for xy in tqdm(grouper(args.batch_size, zip(X_train, y_train))):
X_batch, y_batch = zip(*xy)
X_batch, y_batch = wvecs.embed_sentences(X_batch), array(make_one_hot(y_batch, len(LABELS)))
score = model.train_on_batch(X_batch, y_batch)
scorer.update(score, len(X_batch))
log("=== train error: {}", scorer)
scorer = Scorer(model)
for xy in tqdm(grouper(args.batch_size, zip(X_val, y_val))):
X_batch, y_batch = zip(*xy)
X_batch, y_batch = wvecs.embed_sentences(X_batch), array(make_one_hot(y_batch, len(LABELS)))
score = model.test_on_batch(X_batch, y_batch)
scorer.update(score, len(X_batch))
log("=== val error: {}", scorer)
## Save the model
save_model(model, args.model, args.weights)
def data_generator(img_paths, labels, name, batch_size):
num_sample = len(img_paths)
print(num_sample)
while True:
for offset in range(0, num_sample, batch_size):
batch_paths = img_paths[offset:offset + batch_size]
batch_labels = labels[offset:offset + batch_size]
batch_names = name[offset:offset + batch_size]
batch_labels = np.array(batch_labels)
batch_features = [load_feature(path) for path in batch_paths]
batch_labels = util.make_one_hot(batch_labels)
batch_feature = np.array(batch_features)
yield batch_feature, batch_labels, np.array(batch_names)
def combined_loss(pred, target, device, n_classes):
"""
:param pred: N x C x H x W
:param target: N x H x W
"""
weights = estimate_weights(target.float())
weights = weights.to(device)
cross = cross_entropy_loss(pred, target, weights)
target_oh = make_one_hot(target.long(), n_classes, device)
dice = dice_loss(pred, target_oh)
loss = cross + dice
del weights
return loss, cross, dice
def prepare_effective_data(mps, data, site_index, context):
# data is 2d array data[i, j] = i-th datapoint, j-th position
# think of data as sparse representation of data_full[i,j,k]
# where the k index is a vector which happens to be one-hot
# so we just record the index
if site_index == 0:
physical_dimension, _ = mps[site_index].shape
elif site_index > 0 and site_index < len(mps) - 1:
_, physical_dimension, _ = mps[site_index].shape
elif site_index == len(mps) - 1:
_, physical_dimension = mps[site_index].shape
else:
raise ValueError("got bad site_index")
physical_effective_data = [make_one_hot(idx, physical_dimension) for idx in data[:, site_index]]
if site_index == 0:
update_right_combs(mps, data, site_index, context)
combs_r = context['combs_r'][site_index + 1]
effective_data = physical_effective_data, combs_r
elif site_index < len(mps) - 1:
update_left_combs(mps, data, site_index, context)
update_right_combs(mps, data, site_index, context)
combs_r = context['combs_r'][site_index + 1]
combs_l = context['combs_l'][site_index - 1]
effective_data = combs_l, physical_effective_data, combs_r
else:
update_left_combs(mps, data, site_index, context)
combs_l = context['combs_l'][site_index - 1]
effective_data = combs_l, physical_effective_data
return effective_data, context
def DAG_Attack(model, test_dataset, args):
# Hyperparamter for DAG
num_iterations = 20
gamma = 0.5
num = 15
gpu = args.gpu
# set device configuration
device_ids = []
if gpu == 'gpu':
if not torch.cuda.is_available():
print("No cuda available")
raise SystemExit
device = torch.device(args.device1)
device_ids.append(args.device1)
if args.device2 != -1:
device_ids.append(args.device2)
if args.device3 != -1:
device_ids.append(args.device3)
if args.device4 != -1:
device_ids.append(args.device4)
else:
device = torch.device("cpu")
if len(device_ids) > 1:
model = nn.DataParallel(model, device_ids=device_ids)
model = model.to(device)
adversarial_examples = []
for batch_idx in range(len(test_dataset)):
image, label = test_dataset.__getitem__(batch_idx)
image = image.unsqueeze(0)
pure_label = label.squeeze(0).numpy()
image, label = image.clone().detach().requires_grad_(
True).float(), label.clone().detach().float()
image, label = image.to(device), label.to(device)
# Change labels from [batch_size, height, width] to [batch_size, num_classes, height, width]
label_oh = make_one_hot(label.long(), n_classes, device)
if args.attacks == 'DAG_A':
adv_target = torch.zeros_like(label_oh)
elif args.attacks == 'DAG_B':
adv_target = generate_target_swap(label_oh.cpu().numpy())
adv_target = torch.from_numpy(adv_target).float()
elif args.attacks == 'DAG_C':
# choice one randome particular class except background class(0)
unique_label = torch.unique(label)
target_class = int(random.choice(unique_label[1:]).item())
adv_target = generate_target(label_oh.cpu().numpy(),
target_class=target_class)
adv_target = torch.from_numpy(adv_target).float()
else:
print(
"wrong adversarial attack types : must be DAG_A, DAG_B, or DAG_C"
)
raise SystemExit
adv_target = adv_target.to(device)
_, _, _, _, _, image_iteration = DAG(model=model,
image=image,
ground_truth=label_oh,
adv_target=adv_target,
num_iterations=num_iterations,
gamma=gamma,
no_background=True,
background_class=0,
device=device,
verbose=False)
if len(image_iteration) >= 1:
adversarial_examples.append([image_iteration[-1], pure_label])
del image_iteration
print('total {} {} images are generated'.format(len(adversarial_examples),
args.attacks))
return adversarial_examples
def test(model, args):
data_path = args.data_path
gpu = args.gpu
n_classes = args.classes
data_width = args.width
data_height = args.height
# set device configuration
device_ids = []
if gpu == 'gpu':
if not torch.cuda.is_available():
print("No cuda available")
raise SystemExit
device = torch.device(args.device1)
device_ids.append(args.device1)
if args.device2 != -1:
device_ids.append(args.device2)
if args.device3 != -1:
device_ids.append(args.device3)
if args.device4 != -1:
device_ids.append(args.device4)
else:
device = torch.device("cpu")
if len(device_ids) > 1:
model = nn.DataParallel(model, device_ids=device_ids)
model = model.to(device)
# set testdataset
test_dataset = SampleDataset(data_path)
test_loader = DataLoader(
test_dataset,
batch_size=10,
num_workers=4,
)
print('test_dataset : {}, test_loader : {}'.format(len(test_dataset),
len(test_loader)))
avg_score = 0.0
# test
model.eval() # Set model to evaluate mode
with torch.no_grad():
for batch_idx, (inputs, labels) in enumerate(test_loader):
inputs = inputs.to(device).float()
labels = labels.to(device).long()
target = make_one_hot(labels[:, 0, :, :], n_classes, device)
pred = model(inputs)
loss = dice_score(pred, target)
avg_score += loss.data.cpu().numpy()
del inputs, labels, target, pred, loss
avg_score /= len(test_loader)
print('dice_score : {:.4f}'.format(avg_score))
def test(model, args):
data_path = args.data_path
n_channels = args.channels
n_classes = args.classes
data_width = args.width
data_height = args.height
gpu = args.gpu
# Hyper paremter for MagNet
thresholds = [0.01, 0.05, 0.001, 0.005]
reformer_model = None
if args.reformer == 'autoencoder1':
reformer_model = autoencoder(n_channels)
elif args.reformer == 'autoencoder2':
reformer_model = autoencoder2(n_channels)
else:
print("wrong reformer model : must be autoencoder1 or autoencoder2")
raise SystemExit
print('reformer model')
summary(reformer_model,
input_size=(n_channels, data_height, data_width),
device='cpu')
detector_model = None
if args.detector == 'autoencoder1':
detector_model = autoencoder(n_channels)
elif args.detector == 'autoencoder2':
detector_model = autoencoder2(n_channels)
else:
print("wrong detector model : must be autoencoder1 or autoencoder2")
raise SystemExit
print('detector model')
summary(detector_model,
input_size=(n_channels, data_height, data_width),
device='cpu')
# set device configuration
device_ids = []
if gpu == 'gpu':
if not torch.cuda.is_available():
print("No cuda available")
raise SystemExit
device = torch.device(args.model_device1)
device_defense = torch.device(args.defense_model_device)
device_ids.append(args.model_device1)
if args.model_device2 != -1:
device_ids.append(args.model_device2)
if args.model_device3 != -1:
device_ids.append(args.model_device3)
if args.model_device4 != -1:
device_ids.append(args.model_device4)
else:
device = torch.device("cpu")
device_defense = torch.device("cpu")
detector = AEDetector(detector_model,
device_defense,
args.detector_path,
p=2)
reformer = SimpleReformer(reformer_model, device_defense,
args.reformer_path)
classifier = Classifier(model, device, args.model_path, device_ids)
# set testdataset
test_dataset = SampleDataset(data_path)
test_loader = DataLoader(
test_dataset,
batch_size=10,
num_workers=4,
)
print('test_dataset : {}, test_loader : {}'.format(len(test_dataset),
len(test_loader)))
# Defense with MagNet
print('test start')
for thrs in thresholds:
print('----------------------------------------')
counter = 0
avg_score = 0.0
thrs = torch.tensor(thrs)
with torch.no_grad():
for batch_idx, (inputs, labels) in enumerate(test_loader):
inputs = inputs.float()
labels = labels.to(device).long()
target = make_one_hot(labels[:, 0, :, :], n_classes, device)
operate_results = operate(reformer, classifier, inputs)
all_pass, _ = filters(detector, inputs, thrs)
if len(all_pass) == 0:
continue
filtered_results = operate_results[all_pass]
pred = filtered_results.to(device).float()
target = target[all_pass]
loss = dice_score(pred, target)
avg_score += loss.data.cpu().numpy()
# statistics
counter += 1
del inputs, labels, pred, target, loss
if counter:
avg_score = avg_score / counter
print('threshold : {:.4f}, avg_score : {:.4f}'.format(
thrs, avg_score))
else:
print(
'threshold : {:.4f} , no images pass from filter'.format(thrs))
def DAG(model,
image,
ground_truth,
adv_target,
num_iterations=20,
gamma=0.07,
no_background=True,
background_class=0,
device='cuda:0',
verbose=False):
'''
Generates adversarial example for a given Image
Parameters
----------
model: Torch Model
image: Torch tensor of dtype=float. Requires gradient. [b*c*h*w]
ground_truth: Torch tensor of labels as one hot vector per class
adv_target: Torch tensor of dtype=float. This is the purturbed labels. [b*classes*h*w]
num_iterations: Number of iterations for the algorithm
gamma: epsilon value. The maximum Change possible.
no_background: If True, does not purturb the background class
background_class: The index of the background class. Used to filter background
device: Device to perform the computations on
verbose: Bool. If true, prints the amount of change and the number of values changed in each iteration
Returns
-------
Image: Adversarial Output, logits of original image as torch tensor
logits: Output of the Clean Image as torch tensor
noise_total: List of total noise added per iteration as numpy array
noise_iteration: List of noise added per iteration as numpy array
prediction_iteration: List of prediction per iteration as numpy array
image_iteration: List of image per iteration as numpy array
'''
noise_total = []
noise_iteration = []
prediction_iteration = []
image_iteration = []
background = None
logits = model(image)
orig_image = image
_, predictions_orig = torch.max(logits, 1)
predictions_orig = make_one_hot(predictions_orig, logits.shape[1], device)
if (no_background):
background = torch.zeros(logits.shape)
background[:, background_class, :, :] = torch.ones(
(background.shape[2], background.shape[3]))
background = background.to(device)
for a in range(num_iterations):
output = model(image)
_, predictions = torch.max(output, 1)
prediction_iteration.append(predictions[0].cpu().numpy())
predictions = make_one_hot(predictions, logits.shape[1], device)
condition1 = torch.eq(predictions, ground_truth)
condition = condition1
if no_background:
condition2 = (ground_truth != background)
condition = torch.mul(condition1, condition2)
condition = condition.float()
if (condition.sum() == 0):
print("Condition Reached")
image = None
break
#Finding pixels to purturb
adv_log = torch.mul(output, adv_target)
#Getting the values of the original output
clean_log = torch.mul(output, ground_truth)
#Finding r_m
adv_direction = adv_log - clean_log
r_m = torch.mul(adv_direction, condition)
r_m.requires_grad_()
#Summation
r_m_sum = r_m.sum()
r_m_sum.requires_grad_()
#Finding gradient with respect to image
r_m_grad = torch.autograd.grad(r_m_sum, image, retain_graph=True)
#Saving gradient for calculation
r_m_grad_calc = r_m_grad[0]
#Calculating Magnitude of the gradient
r_m_grad_mag = r_m_grad_calc.norm()
if (r_m_grad_mag == 0):
print("Condition Reached, no gradient")
#image=None
break
#Calculating final value of r_m
r_m_norm = (gamma / r_m_grad_mag) * r_m_grad_calc
#if no_background:
#if False:
if no_background is False:
condition_image = condition.sum(dim=1)
condition_image = condition_image.unsqueeze(1)
r_m_norm = torch.mul(r_m_norm, condition_image)
#Updating the image
#print("r_m_norm : ",torch.unique(r_m_norm))
image = torch.clamp((image + r_m_norm), 0, 1)
image_iteration.append(image[0][0].detach().cpu().numpy())
noise_total.append((image - orig_image)[0][0].detach().cpu().numpy())
noise_iteration.append(r_m_norm[0][0].cpu().numpy())
if verbose:
print("Iteration ", a)
print("Change to the image is ", r_m_norm.sum())
print("Magnitude of grad is ", r_m_grad_mag)
print("Condition 1 ", condition1.sum())
if no_background:
print("Condition 2 ", condition2.sum())
print("Condition is", condition.sum())
return image, logits, noise_total, noise_iteration, prediction_iteration, image_iteration