def test_loss_gradient(self):
# Get MNIST
(_, _), (x_test, y_test), _, _ = load_mnist()
x_test, y_test = x_test[:NB_TEST], np.argmax(y_test[:NB_TEST], axis=1)
x_test = np.swapaxes(x_test, 1, 3)
# Test gradient
ptc = PyTorchClassifier(None, self._model, self._loss_fn,
self._optimizer, (1, 28, 28), (10, ))
grads = ptc.loss_gradient(x_test, y_test)
self.assertTrue(np.array(grads.shape == (NB_TEST, 1, 28, 28)).all())
self.assertTrue(np.sum(grads) != 0)
def setUpClass(cls):
# Get MNIST
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN]
x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST]
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
cls.mnist = (x_train, y_train), (x_test, y_test)
# Define the network
model = nn.Sequential(nn.Conv2d(1, 16, 5),
nn.ReLU(), nn.MaxPool2d(2, 2), Flatten(),
nn.Linear(2304, 10))
# Define a loss function and optimizer
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
classifier = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 28, 28), 10)
classifier.fit(x_train, y_train, batch_size=100, nb_epochs=2)
cls.seq_classifier = classifier
# Define the network
model = Model()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
classifier2 = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 28, 28), 10)
classifier2.fit(x_train, y_train, batch_size=100, nb_epochs=2)
cls.module_classifier = classifier2
def test_loss_gradient(self):
# Get MNIST
(_, _), (x_test, y_test), _, _ = load_mnist()
x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST]
x_test = np.swapaxes(x_test, 1, 3)
# Create model
model, loss_fn, optimizer = self._model_setup_module()
# Test gradient
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
grads = ptc.loss_gradient(x_test, y_test)
self.assertTrue(np.array(grads.shape == (NB_TEST, 1, 28, 28)).all())
self.assertTrue(np.sum(grads) != 0)
def main(argv):
if len(argv) < 2:
sys.exit("Not enough arguments provided.")
global network_definition_filename, weights_filename, dataset_filename
i = 1
while i <= 8:
arg = str(argv[i])
print(arg)
if arg == "--datax":
dataset_filenamex = os.path.join(os.environ["DATA_DIR"],
str(argv[i + 1]))
if arg == "--datay":
dataset_filenamey = os.path.join(os.environ["DATA_DIR"],
str(argv[i + 1]))
if arg == "--weights":
weights_filename = os.path.join(os.environ["DATA_DIR"],
str(argv[i + 1]))
if arg == "--epsilon":
epsilon = float(argv[i + 1])
i += 2
print("dataset_x:", dataset_filenamex)
print("dataset_y:", dataset_filenamey)
print("weights:", weights_filename)
# load & compile model
device = torch.device('cuda:0' if torch.cuda.is_available() else 'cpu')
model = ThreeLayerCNN().to(device)
model.load_state_dict(torch.load(weights_filename))
loss_fn = torch.nn.CrossEntropyLoss()
optimizer = torch.optim.Adam(model.parameters(), lr=0.001)
# create pytorch classifier
classifier = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 3, 64, 64), 2)
# load data set
x = np.load(dataset_filenamex)
y = np.loadtxt(dataset_filenamey)
# craft adversarial samples using FGSM
crafter = FastGradientMethod(classifier, eps=epsilon)
x_samples = crafter.generate(x)
# obtain all metrics (robustness score, perturbation metric, reduction in confidence)
metrics, y_pred_orig, y_pred_adv = get_metrics(model, x, x_samples, y)
print("metrics:", metrics)
report_file = os.path.join(os.environ["RESULT_DIR"], "report.txt")
with open(report_file, "w") as report:
report.write(json.dumps(metrics))
adv_samples_file = os.path.join(os.environ["RESULT_DIR"], "adv_samples")
print("adversarial samples saved to: ", adv_samples_file)
np.savez(adv_samples_file, x_original=x, x_adversarial=x_samples, y=y)
def test_input_shape(self):
# Create model
model, loss_fn, optimizer = self._model_setup_module()
# Start to test
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
self.assertTrue(np.array(ptc.input_shape == (1, 28, 28)).all())
def test_nb_classes(self):
# Create model
model, loss_fn, optimizer = self._model_setup_module()
# Start to test
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
self.assertTrue(ptc.nb_classes == 10)
def test_fit_predict(self):
# Get MNIST
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], np.argmax(y_train[:NB_TRAIN],
axis=1)
x_test, y_test = x_test[:NB_TEST], np.argmax(y_test[:NB_TEST], axis=1)
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Test fit and predict
ptc = PyTorchClassifier(None, self._model, self._loss_fn,
self._optimizer, (1, 28, 28), (10, ))
ptc.fit(x_train, y_train, batch_size=100, nb_epochs=1)
preds = ptc.predict(x_test)
preds_class = np.argmax(preds, axis=1)
acc = np.sum(preds_class == y_test) / len(y_test)
print("\nAccuracy: %.2f%%" % (acc * 100))
self.assertGreater(acc, 0.1)
def setUp(self):
# Set master seed
master_seed(1234)
# Define the network
model = Model()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
self.pixelcnn = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 28, 28), 10)
def test_fit_predict(self):
# Get MNIST
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN]
x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST]
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Create model
model, loss_fn, optimizer = self._model_setup_module()
# Test fit and predict
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
ptc.fit(x_train, y_train, batch_size=100, nb_epochs=1)
preds = ptc.predict(x_test)
acc = np.sum(np.argmax(preds, axis=1) == np.argmax(
y_test, axis=1)) / len(y_test)
print("\nAccuracy: %.2f%%" % (acc * 100))
self.assertGreater(acc, 0.1)
def setUpClass(cls):
# Get MNIST
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN]
x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST]
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
cls.mnist = (x_train, y_train), (x_test, y_test)
# Define the internal classifier
model = Model()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
classifier = PyTorchClassifier(model=model,
loss=loss_fn,
optimizer=optimizer,
input_shape=(1, 28, 28),
nb_classes=10,
clip_values=(0, 1))
classifier.fit(x_train, y_train, batch_size=100, nb_epochs=2)
# Define the internal detector
conv = nn.Conv2d(1, 16, 5)
linear = nn.Linear(2304, 1)
torch.nn.init.xavier_uniform_(conv.weight)
torch.nn.init.xavier_uniform_(linear.weight)
model = nn.Sequential(conv, nn.ReLU(), nn.MaxPool2d(2, 2), Flatten(),
linear)
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
detector = PyTorchClassifier(model=model,
loss=loss_fn,
optimizer=optimizer,
input_shape=(1, 28, 28),
nb_classes=1,
clip_values=(0, 1))
# Define the detector-classifier
cls.detector_classifier = DetectorClassifier(classifier=classifier,
detector=detector)
def test_layers(self):
# Get MNIST
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN]
x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST]
x_test = np.swapaxes(x_test, 1, 3)
x_train = np.swapaxes(x_train, 1, 3)
# Create model
model, loss_fn, optimizer = self._model_setup_sequential()
# Test and get layers
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
ptc.fit(x_train, y_train, batch_size=100, nb_epochs=1)
layer_names = ptc.layer_names
self.assertTrue(layer_names == [
'0_Conv2d(1, 16, kernel_size=(5, 5), stride=(1, 1))', '1_ReLU()',
'2_MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)',
'3_Flatten()',
'4_Linear(in_features=2304, out_features=10, bias=True)'
])
for i, name in enumerate(layer_names):
act_i = ptc.get_activations(x_test, i)
act_name = ptc.get_activations(x_test, name)
self.assertTrue(np.sum(act_name - act_i) == 0)
self.assertTrue(
ptc.get_activations(x_test, 0).shape == (20, 16, 24, 24))
self.assertTrue(
ptc.get_activations(x_test, 1).shape == (20, 16, 24, 24))
self.assertTrue(
ptc.get_activations(x_test, 2).shape == (20, 16, 12, 12))
self.assertTrue(ptc.get_activations(x_test, 3).shape == (20, 2304))
self.assertTrue(ptc.get_activations(x_test, 4).shape == (20, 10))
def test_feature_vectors(self):
# Define the network
model = Model()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
pixel_cnn = PyTorchClassifier(model=model, loss=loss_fn, optimizer=optimizer, input_shape=(4,),
nb_classes=2, clip_values=(0, 1))
x = np.random.rand(5, 4)
preprocess = PixelDefend(eps=5, pixel_cnn=pixel_cnn)
x_defended, _ = preprocess(x)
self.assertEqual(x_defended.shape, x.shape)
self.assertTrue((x_defended <= 1.0).all())
self.assertTrue((x_defended >= 0.0).all())
def test_one_channel(self):
(x_train, _), (_, _), _, _ = load_mnist()
x_train = x_train[:2, 10:15, 15:20, :]
# Define the network
model = ModelImage()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
self.pixelcnn = PyTorchClassifier(model=model, loss=loss_fn, optimizer=optimizer, input_shape=(1, 28, 28),
nb_classes=10, clip_values=(0, 1))
preprocess = PixelDefend(eps=5, pixel_cnn=self.pixelcnn)
x_defended, _ = preprocess(x_train)
self.assertEqual(x_defended.shape, x_train.shape)
self.assertTrue((x_defended <= 1.0).all())
self.assertTrue((x_defended >= 0.0).all())
def _create_ptclassifier():
"""
To create a simple PyTorchClassifier for testing.
:return:
"""
# Create simple CNN
# Define the network
model = Model()
# Define a loss function and optimizer
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
# Get classifier
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
(10, ))
return ptc
def test_ptclassifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
# Get MNIST
batch_size, nb_train, nb_test = 100, 1000, 10
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:nb_train], np.argmax(y_train[:nb_train],
axis=1)
x_test, y_test = x_test[:nb_test], np.argmax(y_test[:nb_test], axis=1)
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Create simple CNN
# Define the network
model = Model()
# Define a loss function and optimizer
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
# Get classifier
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
(10, ))
ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=1)
# Attack
# TODO Launch with all possible attacks
attack_params = {
"attacker": "newtonfool",
"attacker_params": {
"max_iter": 20
}
}
up = UniversalPerturbation(ptc)
x_train_adv = up.generate(x_train, **attack_params)
self.assertTrue((up.fooling_rate >= 0.2) or not up.converged)
x_test_adv = x_test + up.v
self.assertFalse((x_test == x_test_adv).all())
train_y_pred = np.argmax(ptc.predict(x_train_adv), axis=1)
test_y_pred = np.argmax(ptc.predict(x_test_adv), axis=1)
self.assertFalse((y_test == test_y_pred).all())
self.assertFalse((y_train == train_y_pred).all())
def test_load(self):
def compare_state_dicts(d1, d2):
cond = (set(d1.keys()) == set(d2.keys()))
for i in d1.keys():
cond = cond and bool(torch.all(d1[i] == d2[i]).item())
return cond
model = Model()
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
classifier = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 28, 28), 10)
import tempfile
import os
import copy
orig_params = copy.deepcopy(classifier._model.state_dict())
t_file = tempfile.NamedTemporaryFile()
full_path = t_file.name
t_file.close()
base_name = os.path.basename(full_path)
dir_name = os.path.dirname(full_path)
classifier.save(base_name, path=dir_name)
model = Model() # Reinitialize the weights
classifier = PyTorchClassifier((0, 1), model, loss_fn, optimizer,
(1, 28, 28), 10)
new_params = copy.deepcopy(classifier._model.state_dict())
assert (not compare_state_dicts(new_params, orig_params))
classifier.load_model_weights(base_name, path=dir_name)
new_params = copy.deepcopy(classifier._model.state_dict())
assert (compare_state_dicts(new_params, orig_params))
os.remove(full_path + '.model')
def test_ptclassifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
# Get MNIST
batch_size, nb_train, nb_test = 100, 1000, 10
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:nb_train], np.argmax(y_train[:nb_train], axis=1)
x_test, y_test = x_test[:nb_test], np.argmax(y_test[:nb_test], axis=1)
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Create simple CNN
# Define the network
model = Model()
# Define a loss function and optimizer
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
# Get classifier
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28), (10,))
ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=1)
# Attack
nf = NewtonFool(ptc)
nf.set_params(max_iter=5)
x_test_adv = nf.generate(x_test)
self.assertFalse((x_test == x_test_adv).all())
y_pred = ptc.predict(x_test)
y_pred_adv = ptc.predict(x_test_adv)
y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred
y_pred_max = y_pred.max(axis=1)
y_pred_adv_max = y_pred_adv[y_pred_bool]
self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def test_nb_classes(self):
# Start to test
ptc = PyTorchClassifier(None, self._model, self._loss_fn,
self._optimizer, (1, 28, 28), (10, ))
self.assertTrue(ptc.nb_classes == 10)
x_test = np.swapaxes(x_test, 1, 3)
#set cuda
device = torch.device('cuda')
# Obtain the model object
model = Net()
# Define the loss function and the optimizer
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5)
# Initialize the classifier
cifar_classifier = PyTorchClassifier(clip_values=(0, 1),
model=model,
loss=criterion,
optimizer=optimizer,
input_shape=(1, 28, 28),
nb_classes=10)
# Train the classifier
cifar_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=10)
# Test the classifier
predictions = cifar_classifier.predict(x_test)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print('Accuracy before attack: {}%'.format(accuracy * 100))
# Craft the adversarial examples
epsilon = 0.2 # Maximum perturbation
adv_crafter = FastGradientMethod(cifar_classifier, eps=epsilon)
])
transform_test = transforms.Compose([
transforms.ToTensor(),
transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])
# Load the CIFAR dataset
(x_train, y_train), (x_test, y_test), min_, max_ = load_dataset(str('cifar10'))
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Initialize the classifier
cifar_classifier = PyTorchClassifier(clip_values=(0, 1),
model=model,
loss=criterion,
optimizer=optimizer,
input_shape=(3, 32, 32),
nb_classes=10)
# Train the classifier
#cifar_classifier.fit(x_train, y_train, batch_size=128, nb_epochs=10)
state = load_data('../../data/cifar/cifar_target_classifier.npy')
cifar_classifier.__setstate__(state)
# Craft the adversarial examples
epsilon = 0.2 # Maximum perturbation
adv_crafter = FastGradientMethod(cifar_classifier, eps=epsilon)
x_test_adv = adv_crafter.generate(x=x_test)
save_data(x_test_adv, '../../data/cifar/fgsm_adversarial.npy')
def robustness_evaluation(object_storage_url,
object_storage_username,
object_storage_password,
data_bucket_name,
result_bucket_name,
model_id,
feature_testset_path='processed_data/X_test.npy',
label_testset_path='processed_data/y_test.npy',
clip_values=(0, 1),
nb_classes=2,
input_shape=(1, 3, 64, 64),
model_class_file='model.py',
model_class_name='model',
LossFn='',
Optimizer='',
epsilon=0.2):
url = re.compile(r"https?://")
cos = Minio(url.sub('', object_storage_url),
access_key=object_storage_username,
secret_key=object_storage_password,
secure=False)
dataset_filenamex = "X_test.npy"
dataset_filenamey = "y_test.npy"
weights_filename = "model.pt"
model_files = model_id + '/_submitted_code/model.zip'
cos.fget_object(data_bucket_name, feature_testset_path, dataset_filenamex)
cos.fget_object(data_bucket_name, label_testset_path, dataset_filenamey)
cos.fget_object(result_bucket_name, model_id + '/' + weights_filename,
weights_filename)
cos.fget_object(result_bucket_name, model_files, 'model.zip')
# Load PyTorch model definition from the source code.
zip_ref = zipfile.ZipFile('model.zip', 'r')
zip_ref.extractall('model_files')
zip_ref.close()
modulename = 'model_files.' + model_class_file.split('.')[0].replace(
'-', '_')
'''
We required users to define where the model class is located or follow
some naming convention we have provided.
'''
model_class = getattr(importlib.import_module(modulename),
model_class_name)
# load & compile model
device = torch.device('cuda:0' if torch.cuda.is_available() else 'cpu')
model = model_class().to(device)
model.load_state_dict(torch.load(weights_filename, map_location=device))
# Define Loss and optimizer function for the PyTorch model
if LossFn:
loss_fn = eval(LossFn)
else:
loss_fn = torch.nn.CrossEntropyLoss()
if Optimizer:
optimizer = eval(Optimizer)
else:
optimizer = torch.optim.Adam(model.parameters(), lr=0.001)
# create pytorch classifier
classifier = PyTorchClassifier(clip_values, model, loss_fn, optimizer,
input_shape, nb_classes)
# load test dataset
x = np.load(dataset_filenamex)
y = np.load(dataset_filenamey)
# craft adversarial samples using FGSM
crafter = FastGradientMethod(classifier, eps=epsilon)
x_samples = crafter.generate(x)
# obtain all metrics (robustness score, perturbation metric, reduction in confidence)
metrics, y_pred_orig, y_pred_adv = get_metrics(model, x, x_samples, y)
print("metrics:", metrics)
return metrics
def test_input_shape(self):
# Start to test
ptc = PyTorchClassifier(None, self._model, self._loss_fn,
self._optimizer, (1, 28, 28), (10, ))
self.assertTrue(np.array(ptc.input_shape == (1, 28, 28)).all())
# Load the MNIST dataset
(x_train, y_train), (x_test, y_test), min_, max_ = load_mnist()
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Obtain the model object
model = Net()
# Define the loss function and the optimizer
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5)
# Initialize the classifier
mnist_classifier = PyTorchClassifier(clip_values=(0, 1),
model=model,
loss=criterion,
optimizer=optimizer,
input_shape=(1, 28, 28),
nb_classes=10)
# Train the classifier
mnist_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=10)
# Test the classifier
predictions = mnist_classifier.predict(x_test)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print('Accuracy before attack: {}%'.format(accuracy * 100))
# Craft the adversarial examples
epsilon = 0.2 # Maximum perturbation
adv_crafter = FastGradientMethod(mnist_classifier, eps=epsilon)
# Load the MNIST dataset
(x_train, y_train), (x_test, y_test), min_, max_ = load_mnist()
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Obtain the model object
# device = torch.device("cuda")
model = SmallCNN().to(device)
# model = Net().to(device)
# Define the loss function and the optimizer
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5)
# Initialize the classifier
mnist_classifier = PyTorchClassifier(clip_values=(0, 1), model=model, loss=criterion, optimizer=optimizer,
input_shape=(1, 28, 28), nb_classes=10)
# Train the classifier
# mnist_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=50)
# torch.save(model.state_dict(), "./minst.pt")
model.load_state_dict(torch.load("../checkpoints/model-nn-epoch100.pt"))
# Test the classifier
predictions = mnist_classifier.predict(test_dataset_array)
# print(predictions)
accuracy = np.sum(np.argmax(predictions, axis=1) == test_label_dataset_array) / len(y_test)
print('Accuracy before attack: {}%'.format(accuracy * 100))
# Craft the adversarial examples
def test_ptclassifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
# Get MNIST
batch_size, nb_train, nb_test = 100, 5000, 10
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:nb_train], y_train[:nb_train]
x_test, y_test = x_test[:nb_test], y_test[:nb_test]
x_train = np.swapaxes(x_train, 1, 3)
x_test = np.swapaxes(x_test, 1, 3)
# Create simple CNN
# Define the network
model = Model()
# Define a loss function and optimizer
loss_fn = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.01)
# Get classifier
ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28),
10)
ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=10)
# First attack
cl2m = CarliniL2Method(classifier=ptc,
targeted=True,
max_iter=100,
binary_search_steps=1,
learning_rate=1,
initial_const=10,
decay=0)
params = {'y': random_targets(y_test, ptc.nb_classes)}
x_test_adv = cl2m.generate(x_test, **params)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv <= 1.0001).all())
self.assertTrue((x_test_adv >= -0.0001).all())
target = np.argmax(params['y'], axis=1)
y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1)
self.assertTrue((target == y_pred_adv).any())
# Second attack
cl2m = CarliniL2Method(classifier=ptc,
targeted=False,
max_iter=100,
binary_search_steps=1,
learning_rate=1,
initial_const=10,
decay=0)
params = {'y': random_targets(y_test, ptc.nb_classes)}
x_test_adv = cl2m.generate(x_test, **params)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv <= 1.0001).all())
self.assertTrue((x_test_adv >= -0.0001).all())
target = np.argmax(params['y'], axis=1)
y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1)
self.assertTrue((target != y_pred_adv).any())
# Third attack
cl2m = CarliniL2Method(classifier=ptc,
targeted=False,
max_iter=100,
binary_search_steps=1,
learning_rate=1,
initial_const=10,
decay=0)
params = {}
x_test_adv = cl2m.generate(x_test, **params)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv <= 1.0001).all())
self.assertTrue((x_test_adv >= -0.0001).all())
y_pred = np.argmax(ptc.predict(x_test), axis=1)
y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1)
self.assertTrue((y_pred != y_pred_adv).any())
fp = gzip.open('../../data/cifar/testing_labels.npy', 'rb')
y_test = pickle.load(fp)
# Obtain the model object
model = ResNet18()
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(model.parameters(),
lr=args.lr,
momentum=0.9,
weight_decay=5e-4)
# Initialize the classifier
cifar_classifier = PyTorchClassifier(clip_values=(0, 1),
model=model,
loss=criterion,
optimizer=optimizer,
input_shape=(3, 32, 32),
nb_classes=10)
# Train the classifier
#cifar_classifier.fit(x_train, y_train, batch_size=128, nb_epochs=10)
state = load_data('../../data/cifar/cifar_target_classifier.npy')
cifar_classifier.__setstate__(state)
# Test the classifier
predictions = cifar_classifier.predict(x_test)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print('Accuracy before attack: {}%'.format(accuracy * 100))
# Craft the adversarial examples