In [1]:
import numpy as np
import torch
from tqdm import tqdm
from skimage.metrics import structural_similarity as ssim
from torch.autograd import Variable
from matplotlib.pyplot import imshow
import matplotlib.pyplot as plt
from torchvision.datasets import EMNIST
from time import time
import sklearn.preprocessing
import numpy as np
import robust_onlinehd
from GenAttack import GenAttack

In [2]:
scaler = sklearn.preprocessing.Normalizer()

In [3]:
torch.manual_seed(54)

<torch._C.Generator at 0x7f036fed82f0>

In [4]:

# loads simple mnist dataset
def load():  
    temp = EMNIST('./data/EMNIST', split = 'letters', train = True, download = True)
    x = temp.data.unsqueeze(3).numpy().transpose((0,2,1,3))
    y = temp.targets.numpy() - 1

    temp = EMNIST('./data/EMNIST', split = 'letters', train = False, download = True)
    x_test = temp.data.unsqueeze(3).numpy().transpose((0,2,1,3))
    y_test = temp.targets.numpy() - 1

    # changes data to pytorch's tensors
    x = torch.from_numpy(x).float()   
    y = torch.from_numpy(y).long().squeeze()
    x_test = torch.from_numpy(x_test).float()
    y_test = torch.from_numpy(y_test).long().squeeze()
    
    if len(x.shape) == 3:
        x = x.unsqueeze(3)
        x_test = x_test.unsqueeze(3)

    return x, x_test, y, y_test


print('Loading...')
x, x_test, y, y_test = load()

Loading...


In [5]:
#criterias = [(0, 100, 0), (100, 150, 125), (150, 200, 175), (200, 256, 255)]
#criterias = [(0, 50, 0), (50, 100, 75), (100, 125, 124), (125, 150, 149), (150, 175, 174), (175, 200, 199), (200, 225, 224), (225, 256, 255)]
#criterias = []
kernel_size = 3
#kernel_size = 1
classes = y.unique().size(0)
features = x.size(1) * x.size(2)
model = robust_onlinehd.OnlineHD(kernel_size, scaler, classes, features, dim = 10000)
model.set_criterias(x, 8)


if torch.cuda.is_available():
    #x = x.cuda()
    #y = y.cuda()
    #x_test = x_test.cuda()
    #y_test = y_test.cuda()
    model = model.to('cuda')
    print('Using GPU!')

print('Training...')
t = time()

model = model.fit(x, y, bootstrap=.3, lr=0.095, epochs=300, batch_size=8196)
t = time() - t

print('Validating...')
yhat = model(x).cpu()
yhat_test = model(x_test).cpu()
acc = (y == yhat).float().mean()
acc_test = (y_test == yhat_test).float().mean()
print(f'{acc = :6f}')
print(f'{acc_test = :6f}')
print(f'{t = :6f}')


Using GPU!
Training...
Validating...
acc = 0.985080
acc_test = 0.884856
t = 101.347876


In [6]:
preds = model(x_test).cpu().numpy()
#preds = model(x).cpu().numpy()

In [7]:
targets = torch.randint(0, 10, preds.shape)
for i in tqdm(range(len(preds))):
    while targets[i] == preds[i]:
        targets[i] = torch.randint(0,10, (1,)).item()

100%|██████████| 20800/20800 [00:00<00:00, 55491.93it/s]


In [8]:
unif = torch.ones(targets.shape[0])
while True:
    indices = unif.multinomial(100)
    for idx in indices:
        if targets[idx] == y_test[idx]:
            break
    if idx == indices[-1] and targets[idx] != y_test[idx]:
        break
    else:
        indices = unif.multinomial(100)

In [9]:
attacker = GenAttack(model, classes, 28 * 28, scaler, 0.6, 'cuda')
N = 8                          # size of population to evolve
G = 5000                        # number of generations to evolve through
p = torch.FloatTensor([0.9])   # the parameter for Bernoulli distribution used in mutation
alpha = torch.FloatTensor([1.0]) # the parameter controlling mutation amount (step-size in the original paper)
delta = torch.FloatTensor([0.9]) # the parametr controlling mutation amount (norm threshold in the original paper)

In [10]:
pops = []
results = []

In [11]:
t = time()
for i in tqdm(indices):
    temp = attacker.attack(x_test[i], targets[i], delta, alpha, p, N, G)
    pops.append(temp[0].numpy())
    results.append(temp[1])
t = time() - t

print(f'{t = :6f}')

  1%|          | 1/100 [02:00<3:18:50, 120.51s/it]

All 5000 generations failed.


  2%|▏         | 2/100 [03:01<2:19:48, 85.60s/it] 

All 5000 generations failed.


  3%|▎         | 3/100 [04:00<1:58:46, 73.47s/it]

All 5000 generations failed.


  4%|▍         | 4/100 [04:59<1:48:11, 67.62s/it]

All 5000 generations failed.


  5%|▌         | 5/100 [05:58<1:42:22, 64.65s/it]

All 5000 generations failed.


  6%|▌         | 6/100 [05:59<1:07:12, 42.90s/it]

All candidates died at generation 56
Target =  tensor(6, device='cuda:0')


  7%|▋         | 7/100 [06:58<1:14:30, 48.07s/it]

All 5000 generations failed.


  8%|▊         | 8/100 [07:01<52:01, 33.93s/it]  

All candidates died at generation 312
Target =  tensor(4, device='cuda:0')


  9%|▉         | 9/100 [08:00<1:03:11, 41.67s/it]

All 5000 generations failed.


 10%|█         | 10/100 [09:02<1:11:45, 47.83s/it]

All 5000 generations failed.


 11%|█         | 11/100 [10:01<1:16:22, 51.49s/it]

All 5000 generations failed.


 12%|█▏        | 12/100 [11:00<1:18:51, 53.77s/it]

All 5000 generations failed.


 13%|█▎        | 13/100 [11:59<1:20:07, 55.26s/it]

All 5000 generations failed.


 14%|█▍        | 14/100 [13:02<1:22:19, 57.43s/it]

All 5000 generations failed.


 15%|█▌        | 15/100 [14:01<1:22:07, 57.97s/it]

All 5000 generations failed.


 16%|█▌        | 16/100 [14:59<1:21:28, 58.20s/it]

All 5000 generations failed.


 17%|█▋        | 17/100 [15:59<1:21:14, 58.73s/it]

All 5000 generations failed.


 18%|█▊        | 18/100 [16:58<1:20:22, 58.81s/it]

All 5000 generations failed.


 19%|█▉        | 19/100 [17:57<1:19:23, 58.81s/it]

All 5000 generations failed.


 20%|██        | 20/100 [18:58<1:19:15, 59.44s/it]

All 5000 generations failed.


 21%|██        | 21/100 [20:01<1:19:25, 60.33s/it]

All 5000 generations failed.
All candidates died at generation 0
Target =  tensor(0, device='cuda:0')


 24%|██▍       | 24/100 [21:00<44:03, 34.79s/it]

All 5000 generations failed.
All candidates died at generation 10
Target =  tensor(9, device='cuda:0')


 25%|██▌       | 25/100 [22:00<51:44, 41.39s/it]

All 5000 generations failed.


 26%|██▌       | 26/100 [23:04<58:24, 47.36s/it]

All 5000 generations failed.


 27%|██▋       | 27/100 [24:03<1:01:40, 50.70s/it]

All 5000 generations failed.


 28%|██▊       | 28/100 [25:02<1:03:37, 53.02s/it]

All 5000 generations failed.


 29%|██▉       | 29/100 [26:01<1:04:55, 54.87s/it]

All 5000 generations failed.


 30%|███       | 30/100 [27:00<1:05:33, 56.19s/it]

All 5000 generations failed.


 31%|███       | 31/100 [28:00<1:05:45, 57.18s/it]

All 5000 generations failed.


 32%|███▏      | 32/100 [29:00<1:05:37, 57.90s/it]

All 5000 generations failed.


 33%|███▎      | 33/100 [30:02<1:06:05, 59.18s/it]

All 5000 generations failed.


 34%|███▍      | 34/100 [31:03<1:05:39, 59.68s/it]

All 5000 generations failed.


 35%|███▌      | 35/100 [32:02<1:04:23, 59.43s/it]

All 5000 generations failed.


 36%|███▌      | 36/100 [33:07<1:05:21, 61.27s/it]

All 5000 generations failed.


 37%|███▋      | 37/100 [34:07<1:03:55, 60.88s/it]

All 5000 generations failed.


 38%|███▊      | 38/100 [35:08<1:02:56, 60.91s/it]

All 5000 generations failed.


 39%|███▉      | 39/100 [36:08<1:01:34, 60.56s/it]

All 5000 generations failed.


 40%|████      | 40/100 [37:08<1:00:28, 60.48s/it]

All 5000 generations failed.
All candidates died at generation 0
Target =  tensor(1, device='cuda:0')


 42%|████▏     | 42/100 [38:09<45:00, 46.57s/it]  

All 5000 generations failed.


 43%|████▎     | 43/100 [39:08<47:07, 49.60s/it]

All 5000 generations failed.


 44%|████▍     | 44/100 [40:12<49:59, 53.56s/it]

All 5000 generations failed.


 45%|████▌     | 45/100 [41:13<50:53, 55.53s/it]

All 5000 generations failed.


 46%|████▌     | 46/100 [42:16<51:50, 57.60s/it]

All 5000 generations failed.
All candidates died at generation 4
Target =  tensor(4, device='cuda:0')


 48%|████▊     | 48/100 [43:17<39:26, 45.50s/it]

All 5000 generations failed.


 49%|████▉     | 49/100 [44:16<41:24, 48.71s/it]

All 5000 generations failed.


 50%|█████     | 50/100 [45:14<42:45, 51.31s/it]

All 5000 generations failed.


 51%|█████     | 51/100 [46:13<43:32, 53.32s/it]

All 5000 generations failed.


 52%|█████▏    | 52/100 [47:12<43:50, 54.81s/it]

All 5000 generations failed.


 53%|█████▎    | 53/100 [48:11<43:47, 55.89s/it]

All 5000 generations failed.


 54%|█████▍    | 54/100 [49:11<43:46, 57.11s/it]

All 5000 generations failed.


 55%|█████▌    | 55/100 [50:11<43:27, 57.94s/it]

All 5000 generations failed.


 56%|█████▌    | 56/100 [51:09<42:39, 58.17s/it]

All 5000 generations failed.


 57%|█████▋    | 57/100 [52:08<41:48, 58.33s/it]

All 5000 generations failed.


 58%|█████▊    | 58/100 [53:07<40:57, 58.52s/it]

All 5000 generations failed.


 59%|█████▉    | 59/100 [54:06<40:01, 58.57s/it]

All 5000 generations failed.


 60%|██████    | 60/100 [55:05<39:06, 58.67s/it]

All 5000 generations failed.


 61%|██████    | 61/100 [56:03<38:07, 58.65s/it]

All 5000 generations failed.


 62%|██████▏   | 62/100 [57:03<37:15, 58.84s/it]

All 5000 generations failed.


 63%|██████▎   | 63/100 [58:02<36:18, 58.87s/it]

All 5000 generations failed.


 64%|██████▍   | 64/100 [59:02<35:37, 59.39s/it]

All 5000 generations failed.


 65%|██████▌   | 65/100 [1:00:03<34:52, 59.77s/it]

All 5000 generations failed.


 66%|██████▌   | 66/100 [1:01:02<33:43, 59.51s/it]

All 5000 generations failed.


 68%|██████▊   | 68/100 [1:02:04<22:31, 42.24s/it]

All 5000 generations failed.
All candidates died at generation 7
Target =  tensor(9, device='cuda:0')


 69%|██████▉   | 69/100 [1:03:03<24:27, 47.34s/it]

All 5000 generations failed.


 70%|███████   | 70/100 [1:04:04<25:39, 51.33s/it]

All 5000 generations failed.


 71%|███████   | 71/100 [1:05:03<25:55, 53.65s/it]

All 5000 generations failed.


 72%|███████▏  | 72/100 [1:06:05<26:10, 56.10s/it]

All 5000 generations failed.


 73%|███████▎  | 73/100 [1:07:09<26:22, 58.60s/it]

All 5000 generations failed.


 74%|███████▍  | 74/100 [1:08:08<25:26, 58.70s/it]

All 5000 generations failed.


 75%|███████▌  | 75/100 [1:09:08<24:37, 59.09s/it]

All 5000 generations failed.


 76%|███████▌  | 76/100 [1:10:09<23:48, 59.51s/it]

All 5000 generations failed.


 77%|███████▋  | 77/100 [1:11:07<22:42, 59.24s/it]

All 5000 generations failed.


 78%|███████▊  | 78/100 [1:12:06<21:41, 59.14s/it]

All 5000 generations failed.


 79%|███████▉  | 79/100 [1:13:05<20:40, 59.07s/it]

All 5000 generations failed.


 80%|████████  | 80/100 [1:14:04<19:40, 59.03s/it]

All 5000 generations failed.


 81%|████████  | 81/100 [1:15:03<18:40, 58.96s/it]

All 5000 generations failed.


 82%|████████▏ | 82/100 [1:16:03<17:49, 59.40s/it]

All 5000 generations failed.


 83%|████████▎ | 83/100 [1:17:05<17:02, 60.16s/it]

All 5000 generations failed.


 84%|████████▍ | 84/100 [1:18:07<16:11, 60.71s/it]

All 5000 generations failed.


 85%|████████▌ | 85/100 [1:19:09<15:18, 61.22s/it]

All 5000 generations failed.


 86%|████████▌ | 86/100 [1:20:11<14:18, 61.31s/it]

All 5000 generations failed.


 87%|████████▋ | 87/100 [1:21:11<13:10, 60.83s/it]

All 5000 generations failed.


 88%|████████▊ | 88/100 [1:22:13<12:16, 61.41s/it]

All 5000 generations failed.


 89%|████████▉ | 89/100 [1:23:12<11:07, 60.70s/it]

All 5000 generations failed.


 90%|█████████ | 90/100 [1:24:11<10:01, 60.16s/it]

All 5000 generations failed.


 91%|█████████ | 91/100 [1:25:10<08:57, 59.75s/it]

All 5000 generations failed.


 92%|█████████▏| 92/100 [1:26:09<07:56, 59.55s/it]

All 5000 generations failed.


 93%|█████████▎| 93/100 [1:27:11<07:00, 60.09s/it]

All 5000 generations failed.


 94%|█████████▍| 94/100 [1:28:12<06:02, 60.44s/it]

All 5000 generations failed.


 95%|█████████▌| 95/100 [1:29:12<05:01, 60.36s/it]

All 5000 generations failed.


 96%|█████████▌| 96/100 [1:30:11<03:59, 59.88s/it]

All 5000 generations failed.


 97%|█████████▋| 97/100 [1:31:10<02:59, 59.77s/it]

All 5000 generations failed.


 98%|█████████▊| 98/100 [1:32:09<01:58, 59.44s/it]

All 5000 generations failed.


 99%|█████████▉| 99/100 [1:33:09<00:59, 59.58s/it]

All 5000 generations failed.


100%|██████████| 100/100 [1:34:08<00:00, 56.48s/it]

All 5000 generations failed.
t = 5648.065614





In [12]:
pops = np.array(pops)

In [13]:
sample_preds = preds[indices]

In [14]:
new_preds = []
for i in range(100):
    new_preds.append(model(torch.tensor(pops[i])).cpu().numpy())

In [15]:
success = 0
success_idx = []
for i in range(100):
    if targets[indices[i]].item() in new_preds[i]:
        success_idx.append((indices[i].item(), (i, np.where(new_preds[i] == targets[indices[i]].item())[0][0])))
        success += 1
print(success)

0


In [16]:
cache = {
    'indices' : indices,
    'sample_preds' : sample_preds,
    'pops' : np.array(pops),
    'hyper_parameter' : [N, G, p, alpha, delta],
    'success_idx' : success_idx,
    'model' : model, 
    'scaler' : model.scaler,
    'targets' : targets,
    'results' : results
}

In [17]:
torch.save(cache, 'robust_onlinehd_emnist.pt')

In [18]:
model(torch.tensor(pops[0]))

tensor([4, 4, 4, 4, 4, 4, 4, 4], device='cuda:0')

In [19]:
labels = {
    0 : 'a',
    1 : 'b',
    2 : 'c',
    3 : 'd',
    4 : 'e',
    5 : 'f',
    6 : 'g',
    7 : 'h',
    8 : 'i',
    9 : 'j',
    10 : 'k',
    11 : 'l',
    12 : 'm',
    13 : 'n',
    14 : 'o',
    15 : 'p',
    16 : 'q',
    17 : 'r',
    18 : 's',
    19 : 't',
    20 : 'u',
    21 : 'v',
    22 : 'w',
    23 : 'x',
    24 : 'y',
    25 : 'z'
}

In [20]:
origin_idx, (new_idx, new_idx_idx) = success_idx[torch.randint(0, len(success_idx), (1,)).item()]

f, axes = plt.subplots(1, 2)
axes[0].imshow(x_test[origin_idx], cmap=plt.gray())
_ = axes[0].set_title('Properly classified : %s' % labels[sample_preds[new_idx].item()])
axes[1].imshow(pops[new_idx][new_idx_idx].astype(np.int32))
_ = axes[1].set_title('Misclassified : %s' % labels[new_preds[new_idx][new_idx_idx]])

RuntimeError: random_ expects 'from' to be less than 'to', but got from=0 >= to=0