def setup_attack(self, batch_inputs, batch_classes):
"""
Setup attack.
:param batch_inputs: input to attack
:type batch_inputs: torch.autograd.Variable
:param batch_classes: true classes
:type batch_classes: torch.autograd.Variable
:return: attack
:rtype: attacks.UntargetedAttack
"""
if self.args.no_label_leaking:
attack = self.attack_class(self.model, batch_inputs, None,
self.args.epsilon)
else:
attack = self.attack_class(self.model, batch_inputs, batch_classes,
self.args.epsilon)
if self.args.on_manifold:
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
else:
attack.set_bound(None, None)
if getattr(attack, 'set_c_0', None) is not None:
attack.set_c_0(self.args.c_0)
if getattr(attack, 'set_c_1', None) is not None:
attack.set_c_1(self.args.c_1)
if getattr(attack, 'set_c_2', None) is not None:
attack.set_c_2(self.args.c_2)
if getattr(attack, 'set_max_projections', None) is not None:
attack.set_max_projections(self.args.max_projections)
attack.set_max_iterations(self.args.max_iterations)
attack.set_base_lr(self.args.base_lr)
assert attack.training_mode is False
if self.args.initialize_zero:
attack.initialize_zero()
else:
attack.initialize_random()
return attack
def load_model(self):
"""
Load model.
"""
database = utils.read_hdf5(self.args.database_file).astype(numpy.float32)
log('[Attack] read %sd' % self.args.database_file)
self.N_font = database.shape[0]
self.N_class = database.shape[1]
resolution = database.shape[2]
database = database.reshape((database.shape[0] * database.shape[1], database.shape[2], database.shape[3]))
database = torch.from_numpy(database)
if self.args.use_gpu:
database = database.cuda()
database = torch.autograd.Variable(database, False)
N_theta = self.test_theta.shape[1]
log('[Attack] using %d N_theta' % N_theta)
decoder = models.AlternativeOneHotDecoder(database, self.N_font, self.N_class, N_theta)
decoder.eval()
image_channels = 1 if N_theta <= 7 else 3
network_units = list(map(int, self.args.network_units.split(',')))
log('[Attack] using %d input channels' % image_channels)
classifier = models.Classifier(self.N_class, resolution=(image_channels, resolution, resolution),
architecture=self.args.network_architecture,
activation=self.args.network_activation,
batch_normalization=not self.args.network_no_batch_normalization,
start_channels=self.args.network_channels,
dropout=self.args.network_dropout,
units=network_units)
assert os.path.exists(self.args.classifier_file), 'state file %s not found' % self.args.classifier_file
state = State.load(self.args.classifier_file)
log('[Attack] read %s' % self.args.classifier_file)
classifier.load_state_dict(state.model)
if self.args.use_gpu and not cuda.is_cuda(classifier):
log('[Attack] classifier is not CUDA')
classifier = classifier.cuda()
log('[Attack] loaded classifier')
# !
classifier.eval()
log('[Attack] set classifier to eval')
self.model = models.DecoderClassifier(decoder, classifier)
def test(self):
"""
Test the model.
"""
self.model.eval()
assert self.model.training is False
log('[Training] %d set classifier to eval' % self.epoch)
loss = error = 0
num_batches = int(
math.ceil(self.args.test_samples / self.args.batch_size))
for b in range(num_batches):
perm = numpy.take(range(self.args.test_samples),
range(b * self.args.batch_size,
(b + 1) * self.args.batch_size),
mode='clip')
batch_images = common.torch.as_variable(self.test_images[perm],
self.args.use_gpu)
batch_classes = common.torch.as_variable(self.test_codes[perm],
self.args.use_gpu)
batch_images = batch_images.permute(0, 3, 1, 2)
output_classes = self.model(batch_images)
e = self.loss(batch_classes, output_classes)
loss += e.item()
a = self.error(batch_classes, output_classes)
error += a.item()
perturbation_loss = perturbation_error = success = iterations = norm = 0
num_batches = int(
math.ceil(self.args.attack_samples / self.args.batch_size))
assert self.args.attack_samples > 0 and self.args.attack_samples <= self.test_images.shape[
0]
for b in range(num_batches):
perm = numpy.take(range(self.args.attack_samples),
range(b * self.args.batch_size,
(b + 1) * self.args.batch_size),
mode='clip')
batch_images = common.torch.as_variable(self.test_images[perm],
self.args.use_gpu)
batch_classes = common.torch.as_variable(self.test_codes[perm],
self.args.use_gpu)
batch_images = batch_images.permute(0, 3, 1, 2)
objective = self.objective_class()
attack = self.setup_attack(self.model, batch_images, batch_classes)
s, p, _, _, _ = attack.run(objective, False)
batch_images = batch_images + common.torch.as_variable(
p.astype(numpy.float32), self.args.use_gpu)
output_classes = self.model(batch_images)
e = self.loss(batch_classes, output_classes)
perturbation_loss += e.item()
e = self.error(batch_classes, output_classes)
perturbation_error += e.item()
iterations += numpy.mean(
s[s >= 0]) if numpy.sum(s >= 0) > 0 else -1
norm += numpy.mean(
numpy.linalg.norm(p.reshape(p.shape[0], -1),
axis=1,
ord=self.norm))
success += numpy.sum(s >= 0) / self.args.batch_size
decoder_perturbation_loss = decoder_perturbation_error = decoder_success = decoder_iterations = decoder_norm = 0
num_batches = int(
math.ceil(self.args.attack_samples / self.args.batch_size))
assert self.args.attack_samples > 0 and self.args.attack_samples <= self.test_images.shape[
0]
for b in range(num_batches):
perm = numpy.take(range(self.args.attack_samples),
range(b * self.args.batch_size,
(b + 1) * self.args.batch_size),
mode='clip')
batch_theta = common.torch.as_variable(self.test_theta[perm],
self.args.use_gpu)
batch_classes = common.torch.as_variable(self.test_codes[perm],
self.args.use_gpu)
objective = self.objective_class()
if isinstance(self.decoder, models.SelectiveDecoder):
self.decoder.set_code(batch_classes)
attack = self.setup_decoder_attack(self.decoder_classifier,
batch_theta, batch_classes)
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
s, p, _, _, _ = attack.run(objective, False)
perturbations = common.torch.as_variable(p, self.args.use_gpu)
batch_perturbed_theta = batch_theta + perturbations
batch_perturbed_images = self.decoder(batch_perturbed_theta)
output_classes = self.model(batch_perturbed_images)
e = self.loss(batch_classes, output_classes)
perturbation_loss += e.item()
a = self.error(batch_classes, output_classes)
perturbation_error += a.item()
decoder_iterations += numpy.mean(
s[s >= 0]) if numpy.sum(s >= 0) > 0 else -1
decoder_norm += numpy.mean(
numpy.linalg.norm(p.reshape(p.shape[0], -1),
axis=1,
ord=self.norm))
decoder_success += numpy.sum(s >= 0) / self.args.batch_size
loss /= num_batches
error /= num_batches
perturbation_loss /= num_batches
perturbation_error /= num_batches
success /= num_batches
iterations /= num_batches
norm /= num_batches
decoder_perturbation_loss /= num_batches
decoder_perturbation_error /= num_batches
decoder_success /= num_batches
decoder_iterations /= num_batches
decoder_norm /= num_batches
log('[Training] %d: test %g (%g) %g (%g) %g (%g)' %
(self.epoch, loss, error, perturbation_loss, perturbation_error,
decoder_perturbation_loss, decoder_perturbation_error))
log('[Training] %d: test %g (%g, %g) %g (%g, %g)' %
(self.epoch, success, iterations, norm, decoder_success,
decoder_iterations, decoder_norm))
num_batches = int(
math.ceil(self.train_images.shape[0] / self.args.batch_size))
iteration = self.epoch * num_batches
self.test_statistics = numpy.vstack((
self.test_statistics,
numpy.array([[
iteration, # iterations
iteration * (1 + self.args.max_iterations) *
self.args.batch_size, # samples seen
min(num_batches, iteration) * self.args.batch_size +
iteration * self.args.max_iterations *
self.args.batch_size, # unique samples seen
loss,
error,
perturbation_loss,
perturbation_error,
decoder_perturbation_loss,
decoder_perturbation_error,
success,
iterations,
norm,
decoder_success,
decoder_iterations,
decoder_norm,
]])))
def train(self):
"""
Train adversarially.
"""
num_batches = int(
math.ceil(self.train_images.shape[0] / self.args.batch_size))
permutation = numpy.random.permutation(self.train_images.shape[0])
perturbation_permutation = numpy.random.permutation(
self.train_images.shape[0])
if self.args.safe:
perturbation_permutation = perturbation_permutation[
self.train_valid == 1]
else:
perturbation_permuation = permutation
for b in range(num_batches):
self.scheduler.update(self.epoch, float(b) / num_batches)
self.model.eval()
assert self.model.training is False
objective = self.objective_class()
split = self.args.batch_size // 2
if self.args.full_variant:
perm = numpy.concatenate(
(numpy.take(permutation,
range(b * self.args.batch_size,
b * self.args.batch_size + split),
mode='wrap'),
numpy.take(perturbation_permutation,
range(b * self.args.batch_size + split,
(b + 1) * self.args.batch_size),
mode='wrap')),
axis=0)
batch_images = common.torch.as_variable(
self.train_images[perm], self.args.use_gpu)
batch_classes = common.torch.as_variable(
self.train_codes[perm], self.args.use_gpu)
batch_theta = common.torch.as_variable(self.train_theta[perm],
self.args.use_gpu)
batch_images = batch_images.permute(0, 3, 1, 2)
attack = self.setup_attack(self.model, batch_images[:split],
batch_classes[:split])
success, perturbations, _, _, _ = attack.run(
objective, self.args.verbose)
batch_perturbations1 = common.torch.as_variable(
perturbations.astype(numpy.float32), self.args.use_gpu)
batch_perturbed_images1 = batch_images[:split] + batch_perturbations1
if isinstance(self.decoder, models.SelectiveDecoder):
self.decoder.set_code(batch_classes[split:])
attack = self.setup_decoder_attack(self.decoder_classifier,
batch_theta[split:],
batch_classes[split:])
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
decoder_success, decoder_perturbations, probabilities, norm, _ = attack.run(
objective, self.args.verbose)
batch_perturbed_theta = batch_theta[
split:] + common.torch.as_variable(decoder_perturbations,
self.args.use_gpu)
batch_perturbed_images2 = self.decoder(batch_perturbed_theta)
batch_perturbations2 = batch_perturbed_images2 - batch_images[
split:]
batch_input_images = torch.cat(
(batch_perturbed_images1, batch_perturbed_images2), dim=0)
self.model.train()
assert self.model.training is True
output_classes = self.model(batch_input_images)
self.scheduler.optimizer.zero_grad()
perturbation_loss = self.loss(batch_classes[:split],
output_classes[:split])
decoder_perturbation_loss = self.loss(batch_classes[split:],
output_classes[split:])
loss = (perturbation_loss + decoder_perturbation_loss) / 2
loss.backward()
self.scheduler.optimizer.step()
loss = loss.item()
perturbation_loss = perturbation_loss.item()
decoder_perturbation_loss = decoder_perturbation_loss.item()
gradient = torch.mean(
torch.abs(list(self.model.parameters())[0].grad))
gradient = gradient.item()
perturbation_error = self.error(batch_classes[:split],
output_classes[:split])
perturbation_error = perturbation_error.item()
decoder_perturbation_error = self.error(
batch_classes[split:], output_classes[split:])
decoder_perturbation_error = decoder_perturbation_error.item()
error = (perturbation_error + decoder_perturbation_error) / 2
else:
perm = numpy.concatenate((
numpy.take(
perturbation_permutation,
range(b * self.args.batch_size + split + split // 2,
(b + 1) * self.args.batch_size),
mode='wrap'),
numpy.take(
permutation,
range(b * self.args.batch_size,
b * self.args.batch_size + split + split // 2),
mode='wrap'),
),
axis=0)
batch_images = common.torch.as_variable(
self.train_images[perm], self.args.use_gpu)
batch_classes = common.torch.as_variable(
self.train_codes[perm], self.args.use_gpu)
batch_theta = common.torch.as_variable(self.train_theta[perm],
self.args.use_gpu)
batch_images = batch_images.permute(0, 3, 1, 2)
attack = self.setup_attack(self.model,
batch_images[split // 2:split],
batch_classes[split // 2:split])
success, perturbations, _, _, _ = attack.run(
objective, self.args.verbose)
batch_perturbations1 = common.torch.as_variable(
perturbations.astype(numpy.float32), self.args.use_gpu)
batch_perturbed_images1 = batch_images[
split // 2:split] + batch_perturbations1
if isinstance(self.decoder, models.SelectiveDecoder):
self.decoder.set_code(batch_classes[:split // 2])
attack = self.setup_decoder_attack(self.decoder_classifier,
batch_theta[:split // 2],
batch_classes[:split // 2])
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
decoder_success, decoder_perturbations, probabilities, norm, _ = attack.run(
objective, self.args.verbose)
batch_perturbed_theta = batch_theta[:split //
2] + common.torch.as_variable(
decoder_perturbations,
self.args.use_gpu)
batch_perturbed_images2 = self.decoder(batch_perturbed_theta)
batch_perturbations2 = batch_perturbed_images2 - batch_images[:split
//
2]
batch_input_images = torch.cat(
(batch_perturbed_images2, batch_perturbed_images1,
batch_images[split:]),
dim=0)
self.model.train()
assert self.model.training is True
output_classes = self.model(batch_input_images)
self.scheduler.optimizer.zero_grad()
loss = self.loss(batch_classes[split:], output_classes[split:])
perturbation_loss = self.loss(batch_classes[split // 2:split],
output_classes[split // 2:split])
decoder_perturbation_loss = self.loss(
batch_classes[:split // 2], output_classes[:split // 2])
l = (loss + perturbation_loss + decoder_perturbation_loss) / 3
l.backward()
self.scheduler.optimizer.step()
loss = loss.item()
perturbation_loss = perturbation_loss.item()
decoder_perturbation_loss = decoder_perturbation_loss.item()
gradient = torch.mean(
torch.abs(list(self.model.parameters())[0].grad))
gradient = gradient.item()
error = self.error(batch_classes[split:],
output_classes[split:])
error = error.item()
perturbation_error = self.error(
batch_classes[split // 2:split],
output_classes[split // 2:split])
perturbation_error = perturbation_error.item()
decoder_perturbation_error = self.error(
batch_classes[:split // 2], output_classes[:split // 2])
decoder_perturbation_error = decoder_perturbation_error.item()
iterations = numpy.mean(
success[success >= 0]) if numpy.sum(success >= 0) > 0 else -1
norm = numpy.mean(
numpy.linalg.norm(perturbations.reshape(
perturbations.shape[0], -1),
axis=1,
ord=self.norm))
success = numpy.sum(success >= 0) / self.args.batch_size
decoder_iterations = numpy.mean(
decoder_success[decoder_success >= 0]) if numpy.sum(
decoder_success >= 0) > 0 else -1
decoder_norm = numpy.mean(
numpy.linalg.norm(decoder_perturbations, axis=1,
ord=self.norm))
decoder_success = numpy.sum(
decoder_success >= 0) / self.args.batch_size
iteration = self.epoch * num_batches + b + 1
self.train_statistics = numpy.vstack((
self.train_statistics,
numpy.array([[
iteration, # iterations
iteration * (1 + self.args.max_iterations) *
self.args.batch_size, # samples seen
min(num_batches, iteration) * self.args.batch_size +
iteration * self.args.max_iterations *
self.args.batch_size, # unique samples seen
loss,
error,
perturbation_loss,
perturbation_error,
decoder_perturbation_loss,
decoder_perturbation_error,
success,
iterations,
norm,
decoder_success,
decoder_iterations,
decoder_norm,
gradient
]])))
if b % self.args.skip == self.args.skip // 2:
log('[Training] %d | %d: %g (%g) %g (%g) %g (%g) [%g]' % (
self.epoch,
b,
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 3]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 4]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 5]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 6]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 7]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 8]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, -1]),
))
log('[Training] %d | %d: %g (%g, %g) %g (%g, %g)' % (
self.epoch,
b,
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 9]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 10]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 11]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 12]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 13]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 14]),
))
self.debug('clean.%d.png' % self.epoch,
batch_images.permute(0, 2, 3, 1))
self.debug('perturbed.%d.png' % self.epoch,
batch_perturbed_images1.permute(0, 2, 3, 1))
self.debug('perturbed2.%d.png' % self.epoch,
batch_perturbed_images2.permute(0, 2, 3, 1))
self.debug('perturbation.%d.png' % self.epoch,
batch_perturbations1.permute(0, 2, 3, 1),
cmap='seismic')
self.debug('perturbation2.%d.png' % self.epoch,
batch_perturbations2.permute(0, 2, 3, 1),
cmap='seismic')
def load_data(self):
"""
Load data and model.
"""
with logw('[Detection] read %s' % self.args.train_images_file):
self.nearest_neighbor_images = utils.read_hdf5(
self.args.train_images_file)
assert len(self.nearest_neighbor_images.shape) == 3
with logw('[Detection] read %s' % self.args.test_images_file):
self.test_images = utils.read_hdf5(self.args.test_images_file)
if len(self.test_images.shape) < 4:
self.test_images = numpy.expand_dims(self.test_images, axis=3)
with logw('[Detection] read %s' % self.args.train_codes_file):
self.train_codes = utils.read_hdf5(self.args.train_codes_file)
with logw('[Detection] read %s' % self.args.test_codes_file):
self.test_codes = utils.read_hdf5(self.args.test_codes_file)
with logw('[Detection] read %s' % self.args.test_theta_file):
self.test_theta = utils.read_hdf5(self.args.test_theta_file)
with logw('[Detection] read %s' % self.args.perturbations_file):
self.perturbations = utils.read_hdf5(self.args.perturbations_file)
assert len(self.perturbations.shape) == 3
with logw('[Detection] read %s' % self.args.success_file):
self.success = utils.read_hdf5(self.args.success_file)
with logw('[Detection] read %s' % self.args.accuracy_file):
self.accuracy = utils.read_hdf5(self.args.accuracy_file)
self.perturbations = numpy.swapaxes(self.perturbations, 0, 1)
num_attempts = self.perturbations.shape[1]
self.test_images = self.test_images[:self.perturbations.shape[0]]
self.train_images = self.nearest_neighbor_images[:self.perturbations.
shape[0]]
self.test_codes = self.test_codes[:self.perturbations.shape[0]]
self.accuracy = self.accuracy[:self.perturbations.shape[0]]
self.test_theta = self.test_theta[:self.perturbations.shape[0]]
self.perturbations = self.perturbations.reshape(
(self.perturbations.shape[0] * self.perturbations.shape[1],
self.perturbations.shape[2]))
self.success = numpy.swapaxes(self.success, 0, 1)
self.success = self.success.reshape(
(self.success.shape[0] * self.success.shape[1]))
self.accuracy = numpy.repeat(self.accuracy, num_attempts, axis=0)
self.test_images = numpy.repeat(self.test_images, num_attempts, axis=0)
self.train_images = numpy.repeat(self.train_images,
num_attempts,
axis=0)
self.test_codes = numpy.repeat(self.test_codes, num_attempts, axis=0)
self.test_theta = numpy.repeat(self.test_theta, num_attempts, axis=0)
max_samples = self.args.max_samples
self.success = self.success[:max_samples]
self.accuracy = self.accuracy[:max_samples]
self.perturbations = self.perturbations[:max_samples]
self.test_images = self.test_images[:max_samples]
self.train_images = self.train_images[:max_samples]
self.test_codes = self.test_codes[:max_samples]
self.test_theta = self.test_theta[:max_samples]
with logw('[Testing] read %s' % self.args.database_file):
database = utils.read_hdf5(self.args.database_file)
self.N_font = database.shape[0]
self.N_class = database.shape[1]
self.N_theta = self.test_theta.shape[1]
database = database.reshape((database.shape[0] * database.shape[1],
database.shape[2], database.shape[3]))
database = torch.from_numpy(database)
if self.args.use_gpu:
database = database.cuda()
database = torch.autograd.Variable(database, False)
self.model = models.AlternativeOneHotDecoder(
database, self.N_font, self.N_class, self.N_theta)
self.model.eval()
self.compute_images()
def load_data_and_model(self):
"""
Load data and model.
"""
database = utils.read_hdf5(self.args.database_file).astype(
numpy.float32)
log('[Visualization] read %s' % self.args.database_file)
N_font = database.shape[0]
N_class = database.shape[1]
resolution = database.shape[2]
database = database.reshape((database.shape[0] * database.shape[1],
database.shape[2], database.shape[3]))
database = torch.from_numpy(database)
if self.args.use_gpu:
database = database.cuda()
database = torch.autograd.Variable(database, False)
self.test_images = utils.read_hdf5(self.args.test_images_file).astype(
numpy.float32)
if len(self.test_images.shape) < 4:
self.test_images = numpy.expand_dims(self.test_images, axis=3)
self.perturbations = utils.read_hdf5(
self.args.perturbations_file).astype(numpy.float32)
self.perturbations = numpy.swapaxes(self.perturbations, 0, 1)
log('[Visualization] read %s' % self.args.perturbations_file)
self.success = utils.read_hdf5(self.args.success_file)
self.success = numpy.swapaxes(self.success, 0, 1)
log('[Visualization] read %s' % self.args.success_file)
self.accuracy = utils.read_hdf5(self.args.accuracy_file)
log('[Visualization] read %s' % self.args.success_file)
self.test_theta = utils.read_hdf5(self.args.test_theta_file).astype(
numpy.float32)
self.test_theta = self.test_theta[:self.perturbations.shape[0]]
N_theta = self.test_theta.shape[1]
log('[Visualization] using %d N_theta' % N_theta)
log('[Visualization] read %s' % self.args.test_theta_file)
self.test_codes = utils.read_hdf5(self.args.test_codes_file).astype(
numpy.int)
self.test_codes = self.test_codes[:self.perturbations.shape[0]]
self.test_codes = self.test_codes[:, 1:3]
self.test_codes = numpy.concatenate(
(common.numpy.one_hot(self.test_codes[:, 0], N_font),
common.numpy.one_hot(self.test_codes[:, 1], N_class)),
axis=1).astype(numpy.float32)
log('[Attack] read %s' % self.args.test_codes_file)
image_channels = 1 if N_theta <= 7 else 3
network_units = list(map(int, self.args.network_units.split(',')))
log('[Visualization] using %d input channels' % image_channels)
self.classifier = models.Classifier(
N_class,
resolution=(image_channels, resolution, resolution),
architecture=self.args.network_architecture,
activation=self.args.network_activation,
batch_normalization=not self.args.network_no_batch_normalization,
start_channels=self.args.network_channels,
dropout=self.args.network_dropout,
units=network_units)
self.decoder = models.AlternativeOneHotDecoder(database, N_font,
N_class, N_theta)
self.decoder.eval()
assert os.path.exists(
self.args.classifier_file
), 'state file %s not found' % self.args.classifier_file
state = State.load(self.args.classifier_file)
log('[Visualization] read %s' % self.args.classifier_file)
self.classifier.load_state_dict(state.model)
if self.args.use_gpu and not cuda.is_cuda(self.classifier):
log('[Visualization] classifier is not CUDA')
self.classifier = self.classifier.cuda()
log('[Visualization] loaded classifier')
self.classifier.eval()
log('[Visualization] set classifier to eval')
def load_data(self):
"""
Load data and model.
"""
self.test_images = utils.read_hdf5(self.args.test_images_file).astype(
numpy.float32)
log('[Testing] read %s' % self.args.test_images_file)
if len(self.test_images.shape) <= 3:
self.test_images = numpy.expand_dims(self.test_images, axis=3)
log('[Testing] no color images, adjusted size')
self.train_images = utils.read_hdf5(
self.args.train_images_file).astype(numpy.float32)
# !
self.train_images = self.train_images.reshape(
(self.train_images.shape[0], -1))
log('[Testing] read %s' % self.args.train_images_file)
self.test_theta = utils.read_hdf5(self.args.test_theta_file).astype(
numpy.float32)
log('[Testing] read %s' % self.args.test_theta_file)
self.train_theta = utils.read_hdf5(self.args.train_theta_file).astype(
numpy.float32)
log('[Testing] read %s' % self.args.train_theta_file)
self.test_codes = utils.read_hdf5(
self.args.test_codes_file).astype(int)
log('[Testing] read %s' % self.args.test_codes_file)
self.accuracy = utils.read_hdf5(self.args.accuracy_file)
log('[Testing] read %s' % self.args.accuracy_file)
self.perturbations = utils.read_hdf5(
self.args.perturbations_file).astype(numpy.float32)
self.N_attempts = self.perturbations.shape[0]
# First, repeat relevant data.
self.perturbation_theta = numpy.repeat(
self.test_theta[:self.perturbations.shape[1]],
self.N_attempts,
axis=0)
self.perturbation_codes = numpy.repeat(
self.test_codes[:self.perturbations.shape[1]],
self.N_attempts,
axis=0)
self.accuracy = numpy.repeat(
self.accuracy[:self.perturbations.shape[1]],
self.N_attempts,
axis=0)
# Then, reshape the perturbations!
self.perturbations = numpy.swapaxes(self.perturbations, 0, 1)
self.perturbations = self.perturbations.reshape(
(self.perturbations.shape[0] * self.perturbations.shape[1], -1))
log('[Testing] read %s' % self.args.perturbations_file)
self.success = utils.read_hdf5(self.args.success_file)
self.success = numpy.swapaxes(self.success, 0, 1)
self.success = self.success.reshape(
(self.success.shape[0] * self.success.shape[1]))
log('[Testing] read %s' % self.args.success_file)
database = utils.read_hdf5(self.args.database_file)
log('[Testing] read %s' % self.args.database_file)
self.N_font = database.shape[0]
self.N_class = database.shape[1]
N_theta = self.test_theta.shape[1]
log('[Testing] using %d N_theta' % N_theta)
database = database.reshape((database.shape[0] * database.shape[1],
database.shape[2], database.shape[3]))
database = torch.from_numpy(database)
if self.args.use_gpu:
database = database.cuda()
database = torch.autograd.Variable(database, False)
self.model = models.AlternativeOneHotDecoder(database, self.N_font,
self.N_class, N_theta)
self.model.eval()
def load_data(self):
"""
Load data.
"""
assert self.args.batch_size % 4 == 0
self.database = utils.read_hdf5(self.args.database_file).astype(
numpy.float32)
log('[Training] read %s' % self.args.database_file)
self.N_font = self.database.shape[0]
self.N_class = self.database.shape[1]
self.database = self.database.reshape(
(self.database.shape[0] * self.database.shape[1],
self.database.shape[2], self.database.shape[3]))
self.database = torch.from_numpy(self.database)
if self.args.use_gpu:
self.database = self.database.cuda()
self.database = torch.autograd.Variable(self.database, False)
self.train_images = utils.read_hdf5(
self.args.train_images_file).astype(numpy.float32)
log('[Training] read %s' % self.args.train_images_file)
self.test_images = utils.read_hdf5(self.args.test_images_file).astype(
numpy.float32)
log('[Training] read %s' % self.args.test_images_file)
# For handling both color and gray images.
if len(self.train_images.shape) < 4:
self.train_images = numpy.expand_dims(self.train_images, axis=3)
self.test_images = numpy.expand_dims(self.test_images, axis=3)
log('[Training] no color images, adjusted size')
self.resolution = self.train_images.shape[2]
log('[Training] resolution %d' % self.resolution)
self.train_codes = utils.read_hdf5(self.args.train_codes_file).astype(
numpy.int)
assert self.train_codes.shape[1] == 3
log('[Training] read %s' % self.args.train_codes_file)
self.test_codes = utils.read_hdf5(self.args.test_codes_file).astype(
numpy.int)
assert self.test_codes.shape[1] == 3
log('[Training] read %s' % self.args.test_codes_file)
self.train_theta = utils.read_hdf5(self.args.train_theta_file).astype(
numpy.float32)
log('[Training] read %s' % self.args.train_theta_file)
self.min_bound = numpy.min(self.train_theta, axis=0)
self.max_bound = numpy.max(self.train_theta, axis=0)
self.test_theta = utils.read_hdf5(self.args.test_theta_file).astype(
numpy.float32)
log('[Training] read %s' % self.args.test_theta_file)
assert self.train_codes.shape[0] == self.train_images.shape[0]
assert self.test_codes.shape[0] == self.test_images.shape[0]
assert self.train_theta.shape[0] == self.train_images.shape[0]
assert self.test_theta.shape[0] == self.test_images.shape[0]
# Select subset of samples
if self.args.training_samples < 0:
self.args.training_samples = self.train_images.shape[0]
else:
self.args.training_samples = min(self.args.training_samples,
self.train_images.shape[0])
log('[Training] found %d classes' % self.N_class)
log('[Training] using %d training samples' %
self.args.training_samples)
if self.args.test_samples < 0:
self.args.test_samples = self.test_images.shape[0]
else:
self.args.test_samples = min(self.args.test_samples,
self.test_images.shape[0])
if self.args.early_stopping:
assert self.args.validation_samples > 0
assert self.args.training_samples + self.args.validation_samples <= self.train_images.shape[
0]
self.val_images = self.train_images[self.train_images.shape[0] -
self.args.validation_samples:]
self.val_codes = self.train_codes[self.train_codes.shape[0] -
self.args.validation_samples:,
self.args.label_index]
self.train_images = self.train_images[:self.train_images.shape[0] -
self.args.validation_samples]
self.train_codes = self.train_codes[:self.train_codes.shape[0] -
self.args.validation_samples]
assert self.val_images.shape[
0] == self.args.validation_samples and self.val_codes.shape[
0] == self.args.validation_samples
if self.args.random_samples:
perm = numpy.random.permutation(self.train_images.shape[0] // 10)
perm = perm[:self.args.training_samples // 10]
perm = numpy.repeat(perm, self.N_class, axis=0) * 10 + numpy.tile(
numpy.array(range(self.N_class)), (perm.shape[0]))
self.train_images = self.train_images[perm]
self.train_codes = self.train_codes[perm]
self.train_theta = self.train_theta[perm]
else:
self.train_images = self.train_images[:self.args.training_samples]
self.train_codes = self.train_codes[:self.args.training_samples]
self.train_theta = self.train_theta[:self.args.training_samples]
# Check that the dataset is balanced.
number_samples = self.train_codes.shape[0] // self.N_class
for c in range(self.N_class):
number_samples_ = numpy.sum(
self.train_codes[:, self.args.label_index] == c)
if number_samples_ != number_samples:
log(
'[Training] dataset not balanced, class %d should have %d samples but has %d'
% (c, number_samples, number_samples_), LogLevel.WARNING)
def train(self):
"""
Train adversarially.
"""
split = self.args.batch_size // 2
num_batches = int(
math.ceil(self.train_images.shape[0] / self.args.batch_size))
permutation = numpy.random.permutation(self.train_images.shape[0])
for b in range(num_batches):
self.scheduler.update(self.epoch, float(b) / num_batches)
perm = numpy.take(permutation,
range(b * self.args.batch_size,
(b + 1) * self.args.batch_size),
mode='wrap')
batch_images = common.torch.as_variable(self.train_images[perm],
self.args.use_gpu)
batch_theta = common.torch.as_variable(self.train_theta[perm],
self.args.use_gpu)
batch_images = batch_images.permute(0, 3, 1, 2)
batch_fonts = self.train_codes[perm, 1]
batch_classes = self.train_codes[perm, self.args.label_index]
batch_code = numpy.concatenate(
(common.numpy.one_hot(batch_fonts, self.N_font),
common.numpy.one_hot(batch_classes, self.N_class)),
axis=1).astype(numpy.float32)
batch_code = common.torch.as_variable(batch_code,
self.args.use_gpu)
batch_classes = common.torch.as_variable(batch_classes,
self.args.use_gpu)
self.model.eval()
assert self.model.training is False
if self.args.full_variant:
objective = self.objective_class()
self.decoder.set_code(batch_code)
attack = self.setup_attack(self.decoder_classifier,
batch_theta, batch_classes)
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
success, perturbations, probabilities, norm, _ = attack.run(
objective, self.args.verbose)
batch_perturbed_theta = batch_theta + common.torch.as_variable(
perturbations, self.args.use_gpu)
batch_perturbed_images = self.decoder(batch_perturbed_theta)
batch_perturbations = batch_perturbed_images - batch_images
self.model.train()
assert self.model.training is True
output_classes = self.model(batch_perturbed_images)
self.scheduler.optimizer.zero_grad()
loss = self.loss(batch_classes, output_classes)
loss.backward()
self.scheduler.optimizer.step()
loss = perturbation_loss = loss.item()
gradient = torch.mean(
torch.abs(list(self.model.parameters())[0].grad))
gradient = gradient.item()
error = self.error(batch_classes, output_classes)
error = perturbation_error = error.item()
else:
objective = self.objective_class()
self.decoder.set_code(batch_code[split:])
attack = self.setup_attack(self.decoder_classifier,
batch_theta[split:],
batch_classes[split:])
attack.set_bound(torch.from_numpy(self.min_bound),
torch.from_numpy(self.max_bound))
success, perturbations, probabilities, norm, _ = attack.run(
objective, self.args.verbose)
batch_perturbed_theta = batch_theta[
split:] + common.torch.as_variable(perturbations,
self.args.use_gpu)
batch_perturbed_images = self.decoder(batch_perturbed_theta)
batch_perturbations = batch_perturbed_images - batch_images[
split:]
self.model.train()
assert self.model.training is True
batch_input_images = torch.cat(
(batch_images[:split], batch_perturbed_images), dim=0)
output_classes = self.model(batch_input_images)
self.scheduler.optimizer.zero_grad()
loss = self.loss(batch_classes[:split], output_classes[:split])
perturbation_loss = self.loss(batch_classes[split:],
output_classes[split:])
l = (loss + perturbation_loss) / 2
l.backward()
self.scheduler.optimizer.step()
loss = loss.item()
perturbation_loss = perturbation_loss.item()
gradient = torch.mean(
torch.abs(list(self.model.parameters())[0].grad))
gradient = gradient.item()
error = self.error(batch_classes[:split],
output_classes[:split])
error = error.item()
perturbation_error = self.error(batch_classes[split:],
output_classes[split:])
perturbation_error = perturbation_error.item()
iterations = numpy.mean(
success[success >= 0]) if numpy.sum(success >= 0) > 0 else -1
norm = numpy.mean(
numpy.linalg.norm(perturbations.reshape(
perturbations.shape[0], -1),
axis=1,
ord=self.norm))
success = numpy.sum(success >= 0) / (self.args.batch_size // 2)
iteration = self.epoch * num_batches + b + 1
self.train_statistics = numpy.vstack((
self.train_statistics,
numpy.array([[
iteration, # iterations
iteration * (1 + self.args.max_iterations) *
self.args.batch_size, # samples seen
min(num_batches, iteration) * self.args.batch_size +
iteration * self.args.max_iterations *
self.args.batch_size, # unique samples seen
loss,
error,
perturbation_loss,
perturbation_error,
success,
iterations,
norm,
gradient
]])))
if b % self.args.skip == self.args.skip // 2:
log('[Training] %d | %d: %g (%g) %g (%g) [%g]' % (
self.epoch,
b,
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 3]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 4]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 5]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 6]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, -1]),
))
log('[Training] %d | %d: %g (%g, %g)' % (
self.epoch,
b,
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 7]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 8]),
numpy.mean(self.train_statistics[
max(0, iteration - self.args.skip):iteration, 9]),
))
self.debug('clean.%d.png' % self.epoch,
batch_images.permute(0, 2, 3, 1))
self.debug('perturbed.%d.png' % self.epoch,
batch_perturbed_images.permute(0, 2, 3, 1))
self.debug('perturbation.%d.png' % self.epoch,
batch_perturbations.permute(0, 2, 3, 1),
cmap='seismic')
def load_data(self):
"""
Load data and model.
"""
with logw('[Detection] read %s' % self.args.train_images_file):
self.nearest_neighbor_images = utils.read_hdf5(self.args.train_images_file)
assert len(self.nearest_neighbor_images.shape) == 3
with logw('[Detection] read %s' % self.args.test_images_file):
self.test_images = utils.read_hdf5(self.args.test_images_file)
if len(self.test_images.shape) < 4:
self.test_images = numpy.expand_dims(self.test_images, axis=3)
with logw('[Detection] read %s' % self.args.perturbations_file):
self.perturbations = utils.read_hdf5(self.args.perturbations_file)
assert len(self.perturbations.shape) == 4
with logw('[Detection] read %s' % self.args.success_file):
self.success = utils.read_hdf5(self.args.success_file)
with logw('[Detection] read %s' % self.args.accuracy_file):
self.accuracy = utils.read_hdf5(self.args.accuracy_file)
self.perturbations = numpy.swapaxes(self.perturbations, 0, 1)
num_attempts = self.perturbations.shape[1]
self.test_images = self.test_images[:self.perturbations.shape[0]]
self.train_images = self.nearest_neighbor_images[:self.perturbations.shape[0]]
self.accuracy = self.accuracy[:self.perturbations.shape[0]]
self.perturbations = self.perturbations.reshape((self.perturbations.shape[0]*self.perturbations.shape[1], self.perturbations.shape[2], self.perturbations.shape[3]))
self.success = numpy.swapaxes(self.success, 0, 1)
self.success = self.success.reshape((self.success.shape[0]*self.success.shape[1]))
self.accuracy = numpy.repeat(self.accuracy, num_attempts, axis=0)
self.test_images = numpy.repeat(self.test_images, num_attempts, axis=0)
self.train_images = numpy.repeat(self.train_images, num_attempts, axis=0)
max_samples = self.args.max_samples
self.success = self.success[:max_samples]
self.accuracy = self.accuracy[:max_samples]
self.perturbations = self.perturbations[:max_samples]
self.test_images = self.test_images[:max_samples]
self.train_images = self.train_images[:max_samples]
if self.args.mode == 'true':
assert self.args.database_file
assert self.args.test_codes_file
assert self.args.test_theta_file
self.test_codes = utils.read_hdf5(self.args.test_codes_file)
log('[Detection] read %s' % self.args.test_codes_file)
self.test_theta = utils.read_hdf5(self.args.test_theta_file)
log('[Detection] read %s' % self.args.test_theta_file)
self.test_codes = self.test_codes[:self.perturbations.shape[0]]
self.test_theta = self.test_theta[:self.perturbations.shape[0]]
self.test_codes = numpy.repeat(self.test_codes, num_attempts, axis=0)
self.test_theta = numpy.repeat(self.test_theta, num_attempts, axis=0)
self.test_codes = self.test_codes[:max_samples]
self.test_theta = self.test_theta[:max_samples]
database = utils.read_hdf5(self.args.database_file)
log('[Detection] read %s' % self.args.database_file)
self.N_font = database.shape[0]
self.N_class = database.shape[1]
self.N_theta = self.test_theta.shape[1]
database = database.reshape((database.shape[0]*database.shape[1], database.shape[2], database.shape[3]))
database = torch.from_numpy(database)
if self.args.use_gpu:
database = database.cuda()
database = torch.autograd.Variable(database, False)
self.model = models.AlternativeOneHotDecoder(database, self.N_font, self.N_class, self.N_theta)
self.model.eval()
log('[Detection] initialized decoder')
elif self.args.mode == 'appr':
assert self.args.decoder_files
assert self.args.test_codes_file
assert self.args.test_theta_file
self.test_codes = utils.read_hdf5(self.args.test_codes_file)
log('[Detection] read %s' % self.args.test_codes_file)
self.test_theta = utils.read_hdf5(self.args.test_theta_file)
log('[Detection] read %s' % self.args.test_theta_file)
self.test_codes = self.test_codes[:self.perturbations.shape[0]]
self.test_theta = self.test_theta[:self.perturbations.shape[0]]
self.test_codes = numpy.repeat(self.test_codes, num_attempts, axis=0)
self.test_theta = numpy.repeat(self.test_theta, num_attempts, axis=0)
self.test_codes = self.test_codes[:max_samples]
self.test_theta = self.test_theta[:max_samples]
assert self.args.decoder_files
decoder_files = self.args.decoder_files.split(',')
for decoder_file in decoder_files:
assert os.path.exists(decoder_file), 'could not find %s' % decoder_file
resolution = [1 if len(self.test_images.shape) <= 3 else self.test_images.shape[3], self.test_images.shape[1], self.test_images.shape[2]]
decoder_units = list(map(int, self.args.decoder_units.split(',')))
if len(decoder_files) > 1:
log('[Detection] loading multiple decoders')
decoders = []
for i in range(len(decoder_files)):
decoder = models.LearnedDecoder(self.args.latent_space_size,
resolution=resolution,
architecture=self.args.decoder_architecture,
start_channels=self.args.decoder_channels,
activation=self.args.decoder_activation,
batch_normalization=not self.args.decoder_no_batch_normalization,
units=decoder_units)
state = State.load(decoder_files[i])
decoder.load_state_dict(state.model)
if self.args.use_gpu and not cuda.is_cuda(decoder):
decoder = decoder.cuda()
decoders.append(decoder)
decoder.eval()
log('[Detection] loaded %s' % decoder_files[i])
self.model = models.SelectiveDecoder(decoders, resolution=resolution)
else:
log('[Detection] loading one decoder')
decoder = models.LearnedDecoder(self.args.latent_space_size,
resolution=resolution,
architecture=self.args.decoder_architecture,
start_channels=self.args.decoder_channels,
activation=self.args.decoder_activation,
batch_normalization=not self.args.decoder_no_batch_normalization,
units=decoder_units)
state = State.load(decoder_files[0])
decoder.load_state_dict(state.model)
if self.args.use_gpu and not cuda.is_cuda(decoder):
decoder = decoder.cuda()
decoder.eval()
log('[Detection] read decoder')
self.model = decoder