# Demo - MultiAttack with MNIST

In [1]:
import os
import sys
import numpy as np

import torch
import torch.nn as nn
import torch.optim as optim

import torchvision.utils
from torchvision import models
import torchvision.datasets as dsets
import torchvision.transforms as transforms

from torchattacks import PGD, FGSM, MultiAttack

In [2]:
import matplotlib.pyplot as plt
%matplotlib inline

## 1. Load MNIST Data

In [3]:
mnist_train = dsets.MNIST(root='data/',
                          train=True,
                          transform=transforms.ToTensor(),
                          download=True)

mnist_test = dsets.MNIST(root='data/',
                         train=False,
                         transform=transforms.ToTensor(),
                         download=True)

In [4]:
batch_size = 128

train_loader  = torch.utils.data.DataLoader(dataset=mnist_train,
                                           batch_size=batch_size,
                                           shuffle=False)

test_loader = torch.utils.data.DataLoader(dataset=mnist_test,
                                         batch_size=batch_size,
                                         shuffle=False)

## 2. Define Model

In [5]:
class CNN(nn.Module):
    def __init__(self):
        super(CNN, self).__init__()
        
        self.layer = nn.Sequential(
            nn.Conv2d(1,16,5),
            nn.ReLU(),
            nn.Conv2d(16,32,5),
            nn.ReLU(),
            nn.MaxPool2d(2,2),
            nn.Conv2d(32,64,5),
            nn.ReLU(),
            nn.MaxPool2d(2,2)
        )
        
        self.fc_layer = nn.Sequential(
            nn.Linear(64*3*3,100),
            nn.ReLU(),
            nn.Linear(100,10)
        )       
        
    def forward(self,x):
        out = self.layer(x)
        out = out.view(-1,64*3*3)
        out = self.fc_layer(out)

        return out

In [6]:
model = CNN().cuda()

In [7]:
loss = nn.CrossEntropyLoss()
optimizer = optim.Adam(model.parameters(), lr=0.001)

## 3. Train Model

In [8]:
num_epochs = 5

In [9]:
for epoch in range(num_epochs):

    total_batch = len(mnist_train) // batch_size
    
    for i, (batch_images, batch_labels) in enumerate(train_loader):
        X = batch_images.cuda()
        Y = batch_labels.cuda()

        pre = model(X)
        cost = loss(pre, Y)

        optimizer.zero_grad()
        cost.backward()
        optimizer.step()

        if (i+1) % 200 == 0:
            print('Epoch [%d/%d], lter [%d/%d], Loss: %.4f'
                 %(epoch+1, num_epochs, i+1, total_batch, cost.item()))

Epoch [1/5], lter [200/468], Loss: 0.1564
Epoch [1/5], lter [400/468], Loss: 0.0583
Epoch [2/5], lter [200/468], Loss: 0.1063
Epoch [2/5], lter [400/468], Loss: 0.0168
Epoch [3/5], lter [200/468], Loss: 0.1201
Epoch [3/5], lter [400/468], Loss: 0.0059
Epoch [4/5], lter [200/468], Loss: 0.0785
Epoch [4/5], lter [400/468], Loss: 0.0025
Epoch [5/5], lter [200/468], Loss: 0.0698
Epoch [5/5], lter [400/468], Loss: 0.0024


## 4. Clean Accuracy

In [10]:
model.eval()

correct = 0
total = 0

for images, labels in test_loader:
    
    images = images.cuda()
    outputs = model(images)
    
    _, predicted = torch.max(outputs.data, 1)
    
    total += labels.size(0)
    correct += (predicted == labels.cuda()).sum()
    
print('Accuracy of Clean images: %f %%' % (100 * float(correct) / total))

Accuracy of Clean images: 98.790000 %


## 5. Attack Accuracy

## 5.1 PGD with 1 Random Restart

In [15]:
pgd = PGD(model, eps=0.3, alpha=0.01, iters=40, random_start=True)

In [16]:
model.eval()

correct = 0
total = 0

for images, labels in test_loader:
    
    images = pgd(images, labels).cuda()
    outputs = model(images)
    
    _, predicted = torch.max(outputs.data, 1)
    
    total += labels.size(0)
    correct += (predicted == labels.cuda()).sum()
    
print('Accuracy of Adversarial images: %f %%' % (100 * float(correct) / total))

Accuracy of Adversarial images: 0.550000 %


## 5.2 PGD with 10 Random Restart

In [21]:
pgd = PGD(model, eps=0.3, alpha=0.01, iters=40, random_start=True)
multi = MultiAttack(model, [pgd]*10)

In [22]:
model.eval()

correct = 0
total = 0

for images, labels in test_loader:
    
    images = multi(images, labels).cuda()
    outputs = model(images)
    
    _, predicted = torch.max(outputs.data, 1)
    
    total += labels.size(0)
    correct += (predicted == labels.cuda()).sum()
    
print('Accuracy of Adversarial images: %f %%' % (100 * float(correct) / total))

- Multi Attack Progress [1 / 10]              

 * Ealry Stopped cause all images are successfully perturbed.


Accuracy of Adversarial images: 0.170000 %    
