In [1]:
import numpy as np
import torch
from tqdm import tqdm
from skimage.metrics import structural_similarity as ssim
from torch.autograd import Variable
from matplotlib.pyplot import imshow
import matplotlib.pyplot as plt
from torchvision.datasets import EMNIST
from time import time
import sklearn.preprocessing
import numpy as np
import robust_onlinehd
from GenAttack import GenAttack

In [2]:
scaler = sklearn.preprocessing.Normalizer()

In [3]:
torch.manual_seed(54)

<torch._C.Generator at 0x7f04614274f0>

In [4]:

# loads simple mnist dataset
def load():  
    temp = EMNIST('./data/EMNIST', split = 'letters', train = True, download = True)
    x = temp.data.unsqueeze(3).numpy().transpose((0,2,1,3))
    y = temp.targets.numpy() - 1

    temp = EMNIST('./data/EMNIST', split = 'letters', train = False, download = True)
    x_test = temp.data.unsqueeze(3).numpy().transpose((0,2,1,3))
    y_test = temp.targets.numpy() - 1

    # changes data to pytorch's tensors
    x = torch.from_numpy(x).float()   
    y = torch.from_numpy(y).long().squeeze()
    x_test = torch.from_numpy(x_test).float()
    y_test = torch.from_numpy(y_test).long().squeeze()
    
    if len(x.shape) == 3:
        x = x.unsqueeze(3)
        x_test = x_test.unsqueeze(3)

    return x, x_test, y, y_test


print('Loading...')
x, x_test, y, y_test = load()

Loading...


In [5]:
#criterias = [(0, 100, 0), (100, 150, 125), (150, 200, 175), (200, 256, 255)]
criterias = [(0, 50, 0), (50, 100, 75), (100, 125, 124), (125, 150, 149), (150, 175, 174), (175, 200, 199), (200, 225, 224), (225, 256, 255)]
#criterias = []
kernel_size = 3
#kernel_size = 1
classes = y.unique().size(0)
features = x.size(1) * x.size(2)
model = robust_onlinehd.OnlineHD(criterias, kernel_size, scaler, classes, features, dim = 10000)


if torch.cuda.is_available():
    #x = x.cuda()
    #y = y.cuda()
    #x_test = x_test.cuda()
    #y_test = y_test.cuda()
    model = model.to('cuda')
    print('Using GPU!')

print('Training...')
t = time()

model = model.fit(x, y, bootstrap=.3, lr=0.095, epochs=300, batch_size=8196)
t = time() - t

print('Validating...')
yhat = model(x).cpu()
yhat_test = model(x_test).cpu()
acc = (y == yhat).float().mean()
acc_test = (y_test == yhat_test).float().mean()
print(f'{acc = :6f}')
print(f'{acc_test = :6f}')
print(f'{t = :6f}')


Using GPU!
Training...
Validating...
acc = 0.992917
acc_test = 0.868029
t = 322.673423


In [6]:
preds = model(x_test).cpu().numpy()
#preds = model(x).cpu().numpy()

In [7]:
targets = torch.randint(0, 10, preds.shape)
for i in tqdm(range(len(preds))):
    while targets[i] == preds[i]:
        targets[i] = torch.randint(0,10, (1,)).item()

100%|██████████| 20800/20800 [00:00<00:00, 57952.00it/s]


In [8]:
unif = torch.ones(targets.shape[0])
while True:
    indices = unif.multinomial(100)
    for idx in indices:
        if targets[idx] == y_test[idx]:
            break
    if idx == indices[-1] and targets[idx] != y_test[idx]:
        break
    else:
        indices = unif.multinomial(100)

In [9]:
attacker = GenAttack(model, classes, 28 * 28, scaler, 0.6, 'cuda')
N = 8                          # size of population to evolve
G = 5000                        # number of generations to evolve through
p = torch.FloatTensor([0.9])   # the parameter for Bernoulli distribution used in mutation
alpha = torch.FloatTensor([1.0]) # the parameter controlling mutation amount (step-size in the original paper)
delta = torch.FloatTensor([0.9]) # the parametr controlling mutation amount (norm threshold in the original paper)

In [10]:
pops = []
results = []

In [11]:
t = time()
for i in tqdm(indices):
    temp = attacker.attack(x_test[i], targets[i], delta, alpha, p, N, G)
    pops.append(temp[0].numpy())
    results.append(temp[1])
t = time() - t

print(f'{t = :6f}')

  1%|          | 1/100 [01:59<3:17:16, 119.56s/it]

All 5000 generations failed.


  2%|▏         | 2/100 [04:00<3:17:05, 120.66s/it]

All 5000 generations failed.


  3%|▎         | 3/100 [06:02<3:15:40, 121.04s/it]

All 5000 generations failed.


  4%|▍         | 4/100 [08:01<3:12:10, 120.11s/it]

All 5000 generations failed.


  5%|▌         | 5/100 [09:59<3:08:57, 119.34s/it]

All 5000 generations failed.


  6%|▌         | 6/100 [12:00<3:08:08, 120.09s/it]

All 5000 generations failed.


  7%|▋         | 7/100 [14:02<3:06:51, 120.55s/it]

All 5000 generations failed.


  8%|▊         | 8/100 [16:02<3:04:54, 120.60s/it]

All 5000 generations failed.


  9%|▉         | 9/100 [18:03<3:02:49, 120.54s/it]

All 5000 generations failed.


 10%|█         | 10/100 [20:03<3:00:44, 120.50s/it]

All 5000 generations failed.


 11%|█         | 11/100 [22:04<2:59:01, 120.69s/it]

All 5000 generations failed.


 12%|█▏        | 12/100 [24:08<2:58:25, 121.65s/it]

All 5000 generations failed.


 13%|█▎        | 13/100 [26:08<2:55:36, 121.11s/it]

All 5000 generations failed.


 14%|█▍        | 14/100 [28:08<2:52:52, 120.61s/it]

All 5000 generations failed.


 15%|█▌        | 15/100 [30:06<2:50:01, 120.02s/it]

All 5000 generations failed.


 16%|█▌        | 16/100 [32:06<2:48:07, 120.09s/it]

All 5000 generations failed.


 17%|█▋        | 17/100 [34:05<2:45:19, 119.51s/it]

All 5000 generations failed.


 18%|█▊        | 18/100 [36:04<2:43:23, 119.55s/it]

All 5000 generations failed.


 19%|█▉        | 19/100 [38:03<2:41:15, 119.45s/it]

All 5000 generations failed.


 20%|██        | 20/100 [40:05<2:40:09, 120.12s/it]

All 5000 generations failed.


 21%|██        | 21/100 [42:06<2:38:34, 120.43s/it]

All 5000 generations failed.


 22%|██▏       | 22/100 [44:08<2:37:04, 120.83s/it]

All 5000 generations failed.


 23%|██▎       | 23/100 [46:07<2:34:11, 120.15s/it]

All 5000 generations failed.


 24%|██▍       | 24/100 [48:10<2:33:23, 121.10s/it]

All 5000 generations failed.


 25%|██▌       | 25/100 [50:10<2:30:51, 120.69s/it]

All 5000 generations failed.


 26%|██▌       | 26/100 [52:09<2:28:23, 120.31s/it]

All 5000 generations failed.


 27%|██▋       | 27/100 [54:08<2:25:43, 119.77s/it]

All 5000 generations failed.


 28%|██▊       | 28/100 [56:09<2:24:24, 120.34s/it]

All 5000 generations failed.


 29%|██▉       | 29/100 [58:10<2:22:26, 120.37s/it]

All 5000 generations failed.


 30%|███       | 30/100 [1:00:19<2:23:29, 122.99s/it]

All 5000 generations failed.


 31%|███       | 31/100 [1:02:19<2:20:37, 122.28s/it]

All 5000 generations failed.


 32%|███▏      | 32/100 [1:04:19<2:17:41, 121.50s/it]

All 5000 generations failed.


 33%|███▎      | 33/100 [1:06:20<2:15:22, 121.24s/it]

All 5000 generations failed.


 34%|███▍      | 34/100 [1:08:19<2:12:45, 120.68s/it]

All 5000 generations failed.


 35%|███▌      | 35/100 [1:10:19<2:10:35, 120.55s/it]

All 5000 generations failed.


 36%|███▌      | 36/100 [1:12:20<2:08:32, 120.51s/it]

All 5000 generations failed.


 37%|███▋      | 37/100 [1:13:46<1:55:51, 110.34s/it]

All candidates died at generation 3608
Target =  tensor(2, device='cuda:0')


 38%|███▊      | 38/100 [1:15:47<1:57:03, 113.29s/it]

All 5000 generations failed.


 39%|███▉      | 39/100 [1:17:46<1:57:10, 115.26s/it]

All 5000 generations failed.


 40%|████      | 40/100 [1:19:48<1:57:01, 117.02s/it]

All 5000 generations failed.


 41%|████      | 41/100 [1:21:49<1:56:15, 118.24s/it]

All 5000 generations failed.


 42%|████▏     | 42/100 [1:23:51<1:55:31, 119.51s/it]

All 5000 generations failed.


 43%|████▎     | 43/100 [1:25:52<1:53:53, 119.89s/it]

All 5000 generations failed.


 44%|████▍     | 44/100 [1:27:52<1:51:51, 119.84s/it]

All 5000 generations failed.


 45%|████▌     | 45/100 [1:29:53<1:50:09, 120.17s/it]

All 5000 generations failed.


 46%|████▌     | 46/100 [1:31:53<1:48:18, 120.34s/it]

All 5000 generations failed.


 47%|████▋     | 47/100 [1:33:54<1:46:31, 120.59s/it]

All 5000 generations failed.


 48%|████▊     | 48/100 [1:35:54<1:44:07, 120.14s/it]

All 5000 generations failed.


 49%|████▉     | 49/100 [1:37:54<1:42:06, 120.13s/it]

All 5000 generations failed.


 50%|█████     | 50/100 [1:39:54<1:40:16, 120.32s/it]

All 5000 generations failed.


 51%|█████     | 51/100 [1:41:56<1:38:33, 120.68s/it]

All 5000 generations failed.


 52%|█████▏    | 52/100 [1:43:59<1:37:07, 121.41s/it]

All 5000 generations failed.


 53%|█████▎    | 53/100 [1:45:59<1:34:52, 121.12s/it]

All 5000 generations failed.
All candidates died at generation 0
Target =  tensor(5, device='cuda:0')


 55%|█████▌    | 55/100 [1:48:04<1:10:29, 93.99s/it] 

All 5000 generations failed.


 56%|█████▌    | 56/100 [1:50:05<1:13:43, 100.53s/it]

All 5000 generations failed.


 57%|█████▋    | 57/100 [1:52:05<1:15:45, 105.72s/it]

All 5000 generations failed.


 58%|█████▊    | 58/100 [1:54:05<1:16:39, 109.51s/it]

All 5000 generations failed.


 59%|█████▉    | 59/100 [1:56:06<1:17:11, 112.97s/it]

All 5000 generations failed.


 60%|██████    | 60/100 [1:58:07<1:16:48, 115.22s/it]

All 5000 generations failed.


 61%|██████    | 61/100 [2:00:07<1:15:48, 116.63s/it]

All 5000 generations failed.


 62%|██████▏   | 62/100 [2:02:07<1:14:27, 117.57s/it]

All 5000 generations failed.


 63%|██████▎   | 63/100 [2:04:08<1:13:03, 118.47s/it]

All 5000 generations failed.


 64%|██████▍   | 64/100 [2:06:16<1:12:50, 121.39s/it]

All 5000 generations failed.


 65%|██████▌   | 65/100 [2:08:16<1:10:28, 120.82s/it]

All 5000 generations failed.
All candidates died at generation 0
Target =  tensor(5, device='cuda:0')


 67%|██████▋   | 67/100 [2:10:17<51:17, 93.26s/it]   

All 5000 generations failed.


 68%|██████▊   | 68/100 [2:12:19<53:27, 100.24s/it]

All 5000 generations failed.


 69%|██████▉   | 69/100 [2:14:21<54:46, 106.02s/it]

All 5000 generations failed.


 70%|███████   | 70/100 [2:16:21<54:54, 109.82s/it]

All 5000 generations failed.


 71%|███████   | 71/100 [2:18:22<54:30, 112.78s/it]

All 5000 generations failed.


 72%|███████▏  | 72/100 [2:20:22<53:39, 114.98s/it]

All 5000 generations failed.


 73%|███████▎  | 73/100 [2:22:25<52:43, 117.16s/it]

All 5000 generations failed.


 74%|███████▍  | 74/100 [2:24:24<51:03, 117.83s/it]

All 5000 generations failed.


 75%|███████▌  | 75/100 [2:26:25<49:26, 118.66s/it]

All 5000 generations failed.


 76%|███████▌  | 76/100 [2:28:26<47:47, 119.48s/it]

All 5000 generations failed.


 77%|███████▋  | 77/100 [2:30:26<45:47, 119.46s/it]

All 5000 generations failed.


 78%|███████▊  | 78/100 [2:32:25<43:51, 119.59s/it]

All 5000 generations failed.


 79%|███████▉  | 79/100 [2:34:27<42:04, 120.20s/it]

All 5000 generations failed.


 80%|████████  | 80/100 [2:36:27<40:02, 120.15s/it]

All 5000 generations failed.


 81%|████████  | 81/100 [2:38:27<38:01, 120.09s/it]

All 5000 generations failed.


 82%|████████▏ | 82/100 [2:40:26<35:56, 119.82s/it]

All 5000 generations failed.


 83%|████████▎ | 83/100 [2:40:33<24:21, 85.95s/it] 

All candidates died at generation 282
Target =  tensor(6, device='cuda:0')


 84%|████████▍ | 84/100 [2:40:42<16:44, 62.76s/it]

All candidates died at generation 360
Target =  tensor(8, device='cuda:0')


 85%|████████▌ | 85/100 [2:42:43<20:03, 80.26s/it]

All 5000 generations failed.


 86%|████████▌ | 86/100 [2:44:45<21:39, 92.84s/it]

All 5000 generations failed.


 87%|████████▋ | 87/100 [2:44:56<14:48, 68.33s/it]

All candidates died at generation 428
Target =  tensor(4, device='cuda:0')
All candidates died at generation 0
Target =  tensor(1, device='cuda:0')


 89%|████████▉ | 89/100 [2:47:03<12:07, 66.10s/it]

All 5000 generations failed.


 90%|█████████ | 90/100 [2:49:06<13:21, 80.12s/it]

All 5000 generations failed.


 91%|█████████ | 91/100 [2:51:10<13:45, 91.72s/it]

All 5000 generations failed.


 92%|█████████▏| 92/100 [2:53:10<13:14, 99.32s/it]

All 5000 generations failed.


 93%|█████████▎| 93/100 [2:55:10<12:16, 105.21s/it]

All 5000 generations failed.


 94%|█████████▍| 94/100 [2:57:10<10:56, 109.39s/it]

All 5000 generations failed.


 95%|█████████▌| 95/100 [2:59:12<09:25, 113.04s/it]

All 5000 generations failed.


 96%|█████████▌| 96/100 [3:01:11<07:39, 114.86s/it]

All 5000 generations failed.


 97%|█████████▋| 97/100 [3:03:12<05:49, 116.59s/it]

All 5000 generations failed.


 98%|█████████▊| 98/100 [3:05:14<03:56, 118.05s/it]

All 5000 generations failed.


100%|██████████| 100/100 [3:07:15<00:00, 112.35s/it]

All 5000 generations failed.
All candidates died at generation 0
Target =  tensor(4, device='cuda:0')
t = 11235.410720





In [12]:
pops = np.array(pops)

In [13]:
sample_preds = preds[indices]

In [14]:
new_preds = []
for i in range(100):
    new_preds.append(model(torch.tensor(pops[i])).cpu().numpy())

In [15]:
success = 0
success_idx = []
for i in range(100):
    if targets[indices[i]].item() in new_preds[i]:
        success_idx.append((indices[i].item(), (i, np.where(new_preds[i] == targets[indices[i]].item())[0][0])))
        success += 1
print(success)

0


In [16]:
cache = {
    'indices' : indices,
    'sample_preds' : sample_preds,
    'pops' : np.array(pops),
    'hyper_parameter' : [N, G, p, alpha, delta],
    'success_idx' : success_idx,
    'model' : model, 
    'scaler' : model.scaler,
    'targets' : targets,
    'results' : results
}

In [17]:
torch.save(cache, 'robust_onlinehd_emnist.pt')

In [18]:
model(torch.tensor(pops[0]))

tensor([13, 13, 13, 13, 13, 13, 13, 13], device='cuda:0')

In [19]:
labels = {
    0 : 'a',
    1 : 'b',
    2 : 'c',
    3 : 'd',
    4 : 'e',
    5 : 'f',
    6 : 'g',
    7 : 'h',
    8 : 'i',
    9 : 'j',
    10 : 'k',
    11 : 'l',
    12 : 'm',
    13 : 'n',
    14 : 'o',
    15 : 'p',
    16 : 'q',
    17 : 'r',
    18 : 's',
    19 : 't',
    20 : 'u',
    21 : 'v',
    22 : 'w',
    23 : 'x',
    24 : 'y',
    25 : 'z'
}

In [20]:
origin_idx, (new_idx, new_idx_idx) = success_idx[torch.randint(0, len(success_idx), (1,)).item()]

f, axes = plt.subplots(1, 2)
axes[0].imshow(x_test[origin_idx], cmap=plt.gray())
_ = axes[0].set_title('Properly classified : %s' % labels[sample_preds[new_idx].item()])
axes[1].imshow(pops[new_idx][new_idx_idx].astype(np.int32))
_ = axes[1].set_title('Misclassified : %s' % labels[new_preds[new_idx][new_idx_idx]])

RuntimeError: random_ expects 'from' to be less than 'to', but got from=0 >= to=0