def _train_adv(self, inputs, targets):
self._update_params_train()
self.optimizer.zero_grad()
self.model.perturb_modules.zero_grad()
inputs_adv = pgd(self, inputs, targets, self._adv_params, mode='train')
outputs = self.model(inputs_adv)
loss = self.criterion(outputs, targets)
loss.backward()
self._update_theta()
self.optimizer.step()
return outputs, loss
def setup(self, lp, eps=None):
adv_inputs = attacks.pgd(
self.model,
self.normalizer,
self.inputs,
self.labels,
self.dataset,
lp,
eps,
)
self.add_input_to_compute(adv_inputs)
parser.add_argument('--svhn', action='store_true')
parser.add_argument('--har', action='store_true')
parser.add_argument('--fashion', action='store_true')
args = parser.parse_args()
if args.mnist:
train_loader, test_loader = pblm.mnist_loaders(args.batch_size)
model = pblm.mnist_model().cuda()
# model.load_state_dict(torch.load('icml/mnist_epochs_100_baseline_model.pth'))
model.load_state_dict(torch.load('../models/mnist.pth'))
elif args.svhn:
train_loader, test_loader = pblm.svhn_loaders(args.batch_size)
model = pblm.svhn_model().cuda()
model.load_state_dict(
torch.load('svhn_new/svhn_epsilon_0_01_schedule_0_001'))
elif args.har:
pass
elif args.fashion:
pass
else:
raise ValueError("Need to specify which problem.")
for p in model.parameters():
p.requires_grad = False
epsilon = 0.1
num_classes = model[-1].out_features
pgd(test_loader, model, epsilon, args.niters)
svgd(test_loader, model, epsilon, args.niters)
parser.add_argument('--mnist', action='store_true')
parser.add_argument('--svhn', action='store_true')
parser.add_argument('--har', action='store_true')
parser.add_argument('--fashion', action='store_true')
args = parser.parse_args()
if args.mnist:
train_loader, test_loader = pblm.mnist_loaders(args.batch_size)
model = pblm.mnist_model().cuda()
# model.load_state_dict(torch.load('icml/mnist_epochs_100_baseline_model.pth'))
model.load_state_dict(torch.load('../models/mnist.pth'))
elif args.svhn:
train_loader, test_loader = pblm.svhn_loaders(args.batch_size)
model = pblm.svhn_model().cuda()
model.load_state_dict(torch.load('../models/svhn.pth'))
elif args.har:
pass
elif args.fashion:
pass
else:
raise ValueError("Need to specify which problem.")
for p in model.parameters():
p.requires_grad = False
num_classes = model[-1].out_features
dgf(test_loader, model, args.epsilon, args.niters, args.alpha)
pgd(test_loader, model, args.epsilon, args.niters, args.alpha)
svgd(test_loader, model, args.epsilon, args.niters, args.alpha)
def eval_adv_test(model, device, test_loader, attack, attack_params,
results_dir):
"""
evaluate model by white-box attack
"""
model.eval()
count = 0
if attack == 'pgd':
restarts_matrices = []
for run in range(attack_params['num_restarts']):
current_matrix_rows = []
count = 0
batch_num = 0
natural_accuracy = 0
for data, target, unsup in test_loader:
batch_num = batch_num + 1
if batch_num > args.num_eval_batches:
break
data, target = data.to(device), target.to(device)
count = count + len(target)
X, y = Variable(data, requires_grad=True), Variable(target)
# matrix_robust has batch_size*num_iterations dimensions
indices_natural, matrix_robust = pgd(
model,
X,
y,
epsilon=attack_params['epsilon'],
num_steps=attack_params['num_steps'],
step_size=attack_params['step_size'],
pretrain=args.pretrain,
random_start=attack_params['random_start'])
natural_accuracy = natural_accuracy + sum(indices_natural)
current_matrix_rows.append(matrix_robust)
logging.info('Completed restart: %g' % run)
current_matrix = np.concatenate(current_matrix_rows, axis=0)
logging.info("Shape of current_matrix %s" %
str(current_matrix.shape))
restarts_matrices.append(current_matrix)
final_matrix = np.asarray(restarts_matrices)
if run == 0:
final_success = np.ones([count, 1])
final_success = np.multiply(
final_success,
np.reshape(current_matrix[:, attack_params['num_steps'] - 1],
[-1, 1]))
logging.info('%d' % np.sum(final_success))
# logging.info('%d' % (np.sum(final_success))/count)
logging.info("Shape of final matrix: %s" % str(final_matrix.shape))
# logging.info("Final accuracy %g:" % np.sum(final_success)/count)
stats = {
'attack': 'pgd',
'count': count,
'epsilon': attack_params['epsilon'],
'num_steps': attack_params['num_steps'],
'step_size': attack_params['step_size'],
'natural_accuracy': float(natural_accuracy.item() / count),
'final_matrix': final_matrix.tolist(),
'robust_accuracy': float(np.sum(final_success) / count),
'restart_num': run
}
json_stats = {
'attack': 'pgd',
'natural_accuracy': float(natural_accuracy.item() / count),
'robust_accuracy': float(np.sum(final_success) / count)
}
with open(os.path.join(results_dir, 'stats.json'), 'w') as outfile:
json.dump(json_stats, outfile)
np.save(os.path.join(results_dir, 'stats' + str(run) + '.npy'),
stats)
np.save(os.path.join(results_dir, 'stats.npy'), stats)
elif attack == 'cw':
all_linf_distances = []
count = 0
for data, target, unsup in test_loader:
logging.info('Batch: %g', count)
count = count + 1
if count > args.num_eval_batches:
break
data, target = data.to(device), target.to(device)
X, y = Variable(data, requires_grad=True), Variable(target)
batch_linf_distances = cw(
model,
X,
y,
binary_search_steps=attack_params['binary_search_steps'],
max_iterations=attack_params['max_iterations'],
learning_rate=attack_params['learning_rate'],
initial_const=attack_params['initial_const'],
tau_decrease_factor=attack_params['tau_decrease_factor'])
all_linf_distances.append(batch_linf_distances)
np.savetxt(os.path.join(results_dir, 'CW_dist'),
all_linf_distances)
np.savetxt(os.path.join(results_dir, 'CW_dist'), all_linf_distances)
else:
raise ValueError("Attack not supported")