In [1]:
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns

from sklearn.metrics import accuracy_score, precision_recall_fscore_support, roc_auc_score, confusion_matrix, accuracy_score, precision_score, recall_score, f1_score
from sklearn.preprocessing import label_binarize
from sklearn.model_selection import train_test_split
import torch

import time


import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F
from torch.utils.data import DataLoader, TensorDataset

from art.attacks.evasion import SimBA, SpatialTransformation, DeepFool, BasicIterativeMethod, FastGradientMethod, ProjectedGradientDescent
from art.estimators.classification import PyTorchClassifier

import time

  from .autonotebook import tqdm as notebook_tqdm


In [2]:
x_test = np.load('/home/jovyan/Wustl_iiot/x_test.npy')
x_train = np.load('/home/jovyan/Wustl_iiot/x_train.npy')
x_val = np.load('/home/jovyan/Wustl_iiot/x_val.npy')
y_test = np.load('/home/jovyan/Wustl_iiot/y_test.npy')
y_train = np.load('/home/jovyan/Wustl_iiot/y_train.npy')
y_val = np.load('/home/jovyan/Wustl_iiot/y_val.npy')



In [3]:
import torch
import torch.nn as nn
import torch.optim as optim
import torchvision
import torchvision.transforms as transforms
from torch.utils.data import DataLoader
from torchvision import datasets

device = torch.device("cuda:0" if torch.cuda.is_available() else "cpu")

# Hyperparameters
epochs = 50
training_batch_size = 128
validation_batch_size = 128
learning_rate = 0.01
baseline_temperature = 1
distilled_temperature = 100


x_train_tensor = torch.tensor(x_train, dtype=torch.float32).to(device)
y_train_tensor = torch.tensor(y_train, dtype=torch.long).to(device)

x_val_tensor = torch.tensor(x_val, dtype=torch.float32).to(device)
y_val_tensor = torch.tensor(y_val, dtype=torch.long).to(device)

train_dataset = TensorDataset(x_train_tensor, y_train_tensor)
train_loader = DataLoader(train_dataset, batch_size=100, shuffle=True)

val_dataset = TensorDataset(x_val_tensor, y_val_tensor)
val_loader = DataLoader(val_dataset, batch_size=100, shuffle=True)


input_shape = x_train.shape[1]
output_shape = len(np.unique(y_train))

class DNNModel(nn.Module):
    def __init__(self, input_size, output_size):
        super(DNNModel, self).__init__()
        self.fc1 = nn.Linear(input_size, 50)
        self.fc2 = nn.Linear(50, 30)
        self.fc3 = nn.Linear(30, 20)
        self.fc4 = nn.Linear(20, output_size)

    def forward(self, x):
        x = F.relu(self.fc1(x))
        x = F.relu(self.fc2(x))
        x = F.relu(self.fc3(x))
        x = self.fc4(x)
        return x

# Initialize models
teacher_model = DNNModel(input_shape, output_shape).to(device)
student_model = DNNModel(input_shape, output_shape).to(device)


In [4]:
# Training function for the teacher model
def train_teacher_model(model, train_loader, epochs, temperature):
    min_delta = 0.001
    patience = 5
    patience_counter = 0
    best_loss = float('100000000')

    model.train()
    criterion = nn.CrossEntropyLoss()
    optimizer = optim.Adam(model.parameters(), lr=learning_rate)
    train_loss = 0.0
    for epoch in range(epochs):
        for inputs, labels in train_loader:
            inputs, labels = inputs.to(device), labels.to(device)
            outputs = model(inputs)
            loss = criterion(outputs / temperature, labels)
            optimizer.zero_grad()
            loss.backward()
            optimizer.step()
        avg_train_loss = train_loss / len(train_loader)
        
        model.eval()
        val_train_loss = 0.0
        correct_predictions = 0
        with torch.no_grad():
            for inputs, labels in val_loader:
                inputs, labels = inputs.to(device), labels.to(device)
                outputs = model(inputs)
                loss = criterion(outputs, labels)
                val_train_loss += loss.item()
                _, predicted = torch.max(outputs.data, 1)
                correct_predictions += (predicted == labels).sum().item()
    
        avg_val_loss = val_train_loss / len(val_loader)
        val_accuracy = correct_predictions / len(val_dataset)
    
        print(f"Epoch {epoch+1}, Training Loss: {avg_train_loss:.4f}, Validation Loss: {avg_val_loss:.4f}, Validation Accuracy: {val_accuracy:.4f}")
    
        # Early stopping check using min_delta
        if best_loss - avg_val_loss > min_delta:
            best_loss = avg_val_loss
            patience_counter = 0
        else:
            patience_counter += 1
    
        if patience_counter >= patience:
            print("Early stopping triggered")
            break
    torch.save(model.state_dict(), 'teacher_model.pth')



In [5]:
# Train the teacher model
train_teacher_model(teacher_model, train_loader, epochs, baseline_temperature)

Epoch 1, Training Loss: 0.0000, Validation Loss: 0.0008, Validation Accuracy: 0.9998
Epoch 2, Training Loss: 0.0000, Validation Loss: 0.0004, Validation Accuracy: 0.9999
Epoch 3, Training Loss: 0.0000, Validation Loss: 0.0048, Validation Accuracy: 0.9997
Epoch 4, Training Loss: 0.0000, Validation Loss: 0.0012, Validation Accuracy: 0.9999
Epoch 5, Training Loss: 0.0000, Validation Loss: 0.0006, Validation Accuracy: 0.9999
Epoch 6, Training Loss: 0.0000, Validation Loss: 0.0025, Validation Accuracy: 0.9999
Early stopping triggered


In [6]:
# Distillation loss function
def distillation_loss(student_outputs, teacher_outputs, temperature, alpha):
    soft_targets = F.softmax(teacher_outputs / temperature, dim=1)
    student_log_probs = F.log_softmax(student_outputs / temperature, dim=1)
    distillation_loss = nn.KLDivLoss()(student_log_probs, soft_targets) * (temperature ** 2)
    return distillation_loss

# Training function for the student model using distillation
def train_student_model(student_model, teacher_model, train_loader, epochs, temperature, alpha=0.5):
    min_delta = 0.001
    patience = 5
    patience_counter = 0
    best_loss = float('100000000')
    
    student_model.train()
    teacher_model.eval()
    criterion = nn.CrossEntropyLoss()
    optimizer = optim.Adam(student_model.parameters(), lr=learning_rate)
    
    train_loss = 0.0

    for epoch in range(epochs):
        for inputs, labels in train_loader:
            inputs, labels = inputs.to(device), labels.to(device)
            teacher_outputs = teacher_model(inputs).detach()
            student_outputs = student_model(inputs)
            loss = distillation_loss(student_outputs, teacher_outputs, temperature, alpha) + criterion(student_outputs, labels) * (1. - alpha)
            optimizer.zero_grad()
            loss.backward()
            optimizer.step()
        avg_train_loss = train_loss / len(train_loader)
        
        student_model.eval()
        val_train_loss = 0.0
        correct_predictions = 0
        with torch.no_grad():
            for inputs, labels in val_loader:
                inputs, labels = inputs.to(device), labels.to(device)
                teacher_outputs = teacher_model(inputs).detach()
                student_outputs = student_model(inputs)
                loss = distillation_loss(student_outputs, teacher_outputs, temperature, alpha) + criterion(student_outputs, labels) * (1. - alpha)
                val_train_loss += loss.item()
                _, predicted = torch.max(student_outputs.data, 1)
                correct_predictions += (predicted == labels).sum().item()
    
        avg_val_loss = val_train_loss / len(val_loader)
        val_accuracy = correct_predictions / len(val_dataset)
    
        print(f"Epoch {epoch+1}, Training Loss: {avg_train_loss:.4f}, Validation Loss: {avg_val_loss:.4f}, Validation Accuracy: {val_accuracy:.4f}")
    
        # Early stopping check using min_delta
        if best_loss - avg_val_loss > min_delta:
            best_loss = avg_val_loss
            patience_counter = 0
        else:
            patience_counter += 1
    
        if patience_counter >= patience:
            print("Early stopping triggered")
            break
    torch.save(student_model.state_dict(), 'student_model.pth')



In [7]:
# Train the student model
train_student_model(student_model, teacher_model, train_loader, epochs, distilled_temperature)




Epoch 1, Training Loss: 0.0000, Validation Loss: 0.1311, Validation Accuracy: 0.9999
Epoch 2, Training Loss: 0.0000, Validation Loss: 0.0840, Validation Accuracy: 0.9999
Epoch 3, Training Loss: 0.0000, Validation Loss: 0.0871, Validation Accuracy: 0.9999
Epoch 4, Training Loss: 0.0000, Validation Loss: 0.0775, Validation Accuracy: 0.9999
Epoch 5, Training Loss: 0.0000, Validation Loss: 0.0740, Validation Accuracy: 0.9999
Epoch 6, Training Loss: 0.0000, Validation Loss: 0.0531, Validation Accuracy: 0.9999
Epoch 7, Training Loss: 0.0000, Validation Loss: 0.0412, Validation Accuracy: 0.9999
Epoch 8, Training Loss: 0.0000, Validation Loss: 0.0636, Validation Accuracy: 0.9999
Epoch 9, Training Loss: 0.0000, Validation Loss: 0.0387, Validation Accuracy: 0.9999
Epoch 10, Training Loss: 0.0000, Validation Loss: 0.0260, Validation Accuracy: 0.9999
Epoch 11, Training Loss: 0.0000, Validation Loss: 0.0183, Validation Accuracy: 0.9999
Epoch 12, Training Loss: 0.0000, Validation Loss: 0.0302, Valid

In [8]:
def calculate_performance_metrics(X_test, y_true, model, model_name, attack_name, eps):
    model.eval()
    device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
    model.to(device)
    
    all_preds = []
    all_labels = []
    probabilities = []

    num_classes = len(np.unique(y_true))
    
    X_test_tensor = torch.tensor(X_test, dtype=torch.float32).to(device)
    y_test_tensor = torch.tensor(y_test, dtype=torch.long).to(device)
    test_dataset = TensorDataset(X_test_tensor, y_test_tensor)
    test_loader = DataLoader(dataset=test_dataset)

    with torch.no_grad():
        
        for inputs, labels in test_loader:
            inputs, labels = inputs.to(device), labels.to(device)
            outputs = model(inputs)
            preds = torch.argmax(outputs, dim=1)
            all_preds.extend(preds.cpu().numpy())
            all_labels.extend(labels.cpu().numpy())
            probabilities.extend(torch.nn.functional.softmax(outputs, dim=1).cpu().numpy())
        
        all_preds = np.array(all_preds)
        all_labels = np.array(all_labels)
        probabilities = np.array(probabilities)
        
        accuracy = accuracy_score(all_labels, all_preds)

        precision_macro, recall_macro, f1_macro, _ = precision_recall_fscore_support(all_labels, all_preds, average='macro')
        precision_weighted, recall_weighted, f1_weighted, _ = precision_recall_fscore_support(all_labels, all_preds, average='weighted')
    
        # macro_auc = roc_auc_score(label_binarize(all_labels, classes=range(num_classes)), probabilities[:,1], average='macro')
        # weighted_auc = roc_auc_score(label_binarize(all_labels, classes=range(num_classes)), probabilities[:,1], average='weighted')

        cm = confusion_matrix(all_labels, all_preds)

        def calculate_class_metrics_macro(cm, class_index):
            TP = cm[class_index, class_index]
            FP = cm[:, class_index].sum() - TP
            FN = cm[class_index, :].sum() - TP
            TN = cm.sum() - (TP + FP + FN)
            
            TPR = TP / (TP + FN) if (TP + FN) != 0 else 0  
            TNR = TN / (TN + FP) if (TN + FP) != 0 else 0  
            FPR = FP / (FP + TN) if (FP + TN) != 0 else 0  
            FNR = FN / (FN + TP) if (FN + TP) != 0 else 0  
            
            return TPR, TNR, FPR, FNR
            
        metrics = np.array([calculate_class_metrics_macro(cm, i) for i in range(num_classes)])
        TPR_macro, TNR_macro, FPR_macro, FNR_macro = np.mean(metrics, axis=0)

        print(f"Accuracy: {accuracy}")
        
        print("\nmacro")
        print(f"Precision: {precision_macro}\nRecall: {recall_macro}\nF1 Score: {f1_macro}")
    
        print("\nweighted")
        print(f"Precision: {precision_weighted}\nRecall: {recall_weighted}\nF1 Score: {f1_weighted}")
        print()
        
        print(f"Mean FNR: {FNR_macro}\nMean TNR: {TNR_macro}\nMean FPR: {FPR_macro}\nMean TPR: {TPR_macro}")

        new_row = {
            "model" : model_name,
            "attack_model" : attack_name,
            'epsilon': eps,
            'Accuracy': accuracy,
            'Macro Precision': precision_macro,
            'Weighted Precision': precision_weighted,
            'Macro Recall': recall_macro,
            'Weighted Recall': recall_weighted,
            'Macro F1': f1_macro,
            'Weighted F1': f1_weighted,
            # 'Macro AUC': macro_auc,
            # 'Weighted AUC': weighted_auc,
            'TPR': TPR_macro,
            'FNR': FNR_macro,
            'TNR': TNR_macro,
            'FPR': FPR_macro,
        }
        new_row_df = pd.DataFrame([new_row])
        new_row_df.to_csv("/home/jovyan/A2PM/def_distillation.csv", mode='a', index=False, header=False)




In [9]:
calculate_performance_metrics(x_test, y_test, student_model, 'DNN', 'DD_Baseline', '0')

Accuracy: 0.9998911008448061

macro
Precision: 0.9301771412860635
Recall: 0.9078989371055325
F1 Score: 0.9175022805463986

weighted
Precision: 0.9998888030071814
Recall: 0.9998911008448061
F1 Score: 0.9998882582796633

Mean FNR: 0.09210106289446751
Mean TNR: 0.9999780477709438
Mean FPR: 2.1952229056286568e-05
Mean TPR: 0.9078989371055325


In [10]:
epsilon_values = [0.01, 0.1, 0.2, 0.3]

# Iterate over epsilon values
print("start BIM")
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_BIM_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'DD_BIM', epsilon)

print("start FGSM")
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_FGSM_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'DD_FGSM', epsilon)

print("start PGD")
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_PGD_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'DD_PGD', epsilon)

print("start DF")
# DF_eps = [0.01, 0.1, 0.2, 0.3]
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_DF_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'DD_DF', epsilon)
# calculate_performance_metrics(x_test_adv, y_test_adv, model)

start BIM
Accuracy: 0.9997863901186582

macro
Precision: 0.8879544696453074
Recall: 0.8904269929215953
F1 Score: 0.8778257814500092

weighted
Precision: 0.9998332492654327
Recall: 0.9997863901186582
F1 Score: 0.9997984450638658

Mean FNR: 0.10957300707840471
Mean TNR: 0.9999571481609871
Mean FPR: 4.285183901281716e-05
Mean TPR: 0.8904269929215953
Accuracy: 0.803390952155575

macro
Precision: 0.3893695282438201
Recall: 0.4113589608945848
F1 Score: 0.24353203745987848

weighted
Precision: 0.9582247552124776
Recall: 0.803390952155575
F1 Score: 0.8570938630147998

Mean FNR: 0.5886410391054151
Mean TNR: 0.8955812034287713
Mean FPR: 0.10441879657122848
Mean TPR: 0.4113589608945848
Accuracy: 0.005897308096652188

macro
Precision: 0.03303886264716427
Recall: 0.05507291315541676
F1 Score: 0.025042406711314184

weighted
Precision: 0.07761370647461702
Recall: 0.005897308096652188
F1 Score: 0.010690252601538162

Mean FNR: 0.9449270868445833
Mean TNR: 0.6429913911256616
Mean FPR: 0.3570086088743385

In [11]:
epsilon_values = [0.01, 0.1, 0.2, 0.3]

# Iterate over epsilon values
print("start AutoPGD")
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_AutoPGD_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'AutoPGD', epsilon)

print("start BA")
for epsilon in epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_BA_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'BA', epsilon)

start AutoPGD
Accuracy: 0.9997277521120154

macro
Precision: 0.855160102540028
Recall: 0.9310092006284172
F1 Score: 0.8830585899161665

weighted
Precision: 0.9997813808938334
Recall: 0.9997277521120154
F1 Score: 0.9997447393393724

Mean FNR: 0.06899079937158262
Mean TNR: 0.9999447437128577
Mean FPR: 5.5256287142220016e-05
Mean TPR: 0.9310092006284172
Accuracy: 0.9406373951322078

macro
Precision: 0.43378717179932547
Recall: 0.40785631391768795
F1 Score: 0.37378846402302496

weighted
Precision: 0.9492394391184825
Recall: 0.9406373951322078
F1 Score: 0.9400789515340177

Mean FNR: 0.592143686082312
Mean TNR: 0.8916264662362007
Mean FPR: 0.10837353376379924
Mean TPR: 0.40785631391768795
Accuracy: 0.029524236344674205

macro
Precision: 0.08154340771311981
Recall: 0.12699843581808623
F1 Score: 0.026847673120081333

weighted
Precision: 0.2587534507886814
Recall: 0.029524236344674205
F1 Score: 0.04778758840682142

Mean FNR: 0.8730015641819138
Mean TNR: 0.644790054987457
Mean FPR: 0.35520994501

In [12]:
filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_HopSkipJump_eps_0.npy'
x_test_adv = np.load(filename)

calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'HopSkipJump', '0')

Accuracy: 0.6839076367626794

macro
Precision: 0.24795408697302443
Recall: 0.416133741048065
F1 Score: 0.23979385313551788

weighted
Precision: 0.9092734726967758
Recall: 0.6839076367626794
F1 Score: 0.7734434643349621

Mean FNR: 0.583866258951935
Mean TNR: 0.8729776493115343
Mean FPR: 0.12702235068846562
Mean TPR: 0.416133741048065


In [10]:
print("start ZOO")
ZOO_epsilon_values = [0, 0.01, 0.1, 0.2, 0.3]
# Iterate over epsilon values
for epsilon in ZOO_epsilon_values:
    filename = f'/home/jovyan/Wustl_iiot/transfer_attack/x_test_adv_ZOO_eps_{epsilon}.npy'
    x_test_adv = np.load(filename)

    calculate_performance_metrics(x_test_adv, y_test, student_model, 'DNN', 'ZOO', epsilon)

start ZOO
Accuracy: 0.9998952892738521

macro
Precision: 0.9395926288992257
Recall: 0.9126608418674372
F1 Score: 0.9219512682512002

weighted
Precision: 0.9999008808987264
Recall: 0.9998952892738521
F1 Score: 0.9998936443303922

Mean FNR: 0.08733915813256275
Mean TNR: 0.9999788857445383
Mean FPR: 2.111425546172319e-05
Mean TPR: 0.9126608418674372
Accuracy: 0.9998952892738521

macro
Precision: 0.9395926288992257
Recall: 0.9126608418674372
F1 Score: 0.9219512682512002

weighted
Precision: 0.9999008808987264
Recall: 0.9998952892738521
F1 Score: 0.9998936443303922

Mean FNR: 0.08733915813256275
Mean TNR: 0.9999788857445383
Mean FPR: 2.111425546172319e-05
Mean TPR: 0.9126608418674372
Accuracy: 0.9998952892738521

macro
Precision: 0.9395926288992257
Recall: 0.9126608418674372
F1 Score: 0.9219512682512002

weighted
Precision: 0.9999008808987264
Recall: 0.9998952892738521
F1 Score: 0.9998936443303922

Mean FNR: 0.08733915813256275
Mean TNR: 0.9999788857445383
Mean FPR: 2.111425546172319e-05
Me