In [32]:
import numpy as np
import torch
import torch.nn as nn
import art.attacks.evasion as toolbox
from art.estimators.classification import PyTorchClassifier
import torch.optim as optim
# from kd_export import LightNN
from mvtec import test_dataset, trainloader

In [3]:
print("Check current device: ")
# Check if GPU is available, and if not, use the CPU
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
if torch.cuda.is_available(): # Should return True 
    print(f"Using GPU: {torch.cuda.get_device_name(0)}") # Should show your GPU name
else:
    print("Using CPU")

Check current device: 
Using GPU: NVIDIA GeForce RTX 4060


In [30]:
class DeepNN(nn.Module):
    def __init__(self, num_classes=10):
        super(DeepNN, self).__init__()
        self.features = nn.Sequential(
            nn.Conv2d(3, 64, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.Conv2d(64, 32, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.MaxPool2d(kernel_size=2, stride=2),
            nn.Conv2d(32, 32, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.Conv2d(32, 16, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.MaxPool2d(kernel_size=2, stride=2),
        )
        self.classifier = nn.Sequential(
            nn.Linear(16 * 56 * 56, 256),
            nn.ReLU(),
            nn.Dropout(0.5),
            nn.Linear(256, num_classes)
        )

    def forward(self, x):
        x = self.features(x)
        x = torch.flatten(x, 1)
        x = self.classifier(x)
        return x

class LightNN(nn.Module):
    def __init__(self, num_classes=10):
        super(LightNN, self).__init__()
        self.features = nn.Sequential(
            nn.Conv2d(3, 16, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.MaxPool2d(kernel_size=2, stride=2),
            nn.Conv2d(16, 16, kernel_size=3, padding=1),
            nn.ReLU(),
            nn.MaxPool2d(kernel_size=2, stride=2),
        )
        self.classifier = nn.Sequential(
            nn.Linear(16 * 56 * 56, 256),
            nn.ReLU(),
            nn.Dropout(0.1),
            nn.Linear(256, num_classes)
        )

    def forward(self, x):
        x = self.features(x)
        x = torch.flatten(x, 1)
        x = self.classifier(x)
        return x
    
class KnowledgeDistillationLoss(nn.Module):
    def __init__(self, T=2.0, soft_target_loss_weight=0.25, ce_loss_weight=0.75):
        super(KnowledgeDistillationLoss, self).__init__()
        self.T = T
        self.soft_target_loss_weight = soft_target_loss_weight
        self.ce_loss_weight = ce_loss_weight
        self.ce_loss = nn.CrossEntropyLoss()

    def forward(self, trainloader, teacher, student):
        optimizer = optim.Adam(student.parameters(), lr=0.001)
        for inputs, labels in trainloader:
            inputs, labels = inputs.to(device), labels.to(device)

        optimizer.zero_grad()
        with torch.no_grad():
            teacher_logits = teacher(inputs)

        # Forward pass with the student model
        student_logits = student(inputs)

        #Soften the student logits by applying softmax first and log() second
        soft_targets = nn.functional.softmax(teacher_logits / self.T, dim=-1)
        soft_prob = nn.functional.log_softmax(student_logits / self.T, dim=-1)

        # Calculate the soft target loss (KL divergence scaled by T^2)
        soft_targets_loss = torch.sum(soft_targets * (soft_targets.log() - soft_prob)) / soft_prob.size()[0] * (self.T**2)

        # Calculate the true label loss
        label_loss = self.ce_loss(student_logits, labels)

        # Combine the losses
        loss = self.soft_target_loss_weight * soft_targets_loss + self.ce_loss_weight * label_loss

        return loss

In [31]:
epsilons = [0, .05, .1, .15, .2, .25, .3, .35, .4, .45, .5, .55, .6, .65, .7, .75, .8, .85, .9, .95]
pretrained_teacher = "teacher_model.pth"
pretrained_student = "student_model.pth"
pretrained_model_KD = "student_model_KD.pth"
use_cuda=True

# Initialize the network
torch.manual_seed(42)
teacher = DeepNN(num_classes=15).to(device)
torch.manual_seed(42)
student = LightNN(num_classes=15).to(device)
torch.manual_seed(42)
model_KD = LightNN(num_classes=15).to(device)

# Load the pretrained model
teacher.load_state_dict(torch.load(pretrained_teacher, map_location=device, weights_only=True))
student.load_state_dict(torch.load(pretrained_student, map_location=device, weights_only=True))
model_KD.load_state_dict(torch.load(pretrained_model_KD, map_location=device, weights_only=True))

# Set the model in evaluation mode
model_KD.eval()

LightNN(
  (features): Sequential(
    (0): Conv2d(3, 16, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
    (1): ReLU()
    (2): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
    (3): Conv2d(16, 16, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
    (4): ReLU()
    (5): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
  )
  (classifier): Sequential(
    (0): Linear(in_features=50176, out_features=256, bias=True)
    (1): ReLU()
    (2): Dropout(p=0.1, inplace=False)
    (3): Linear(in_features=256, out_features=15, bias=True)
  )
)

In [10]:
print(test_dataset)
test_image = np.array([data[0].numpy() for data in test_dataset])
test_label = np.array([data[1] for data in test_dataset])

Dataset FixedImageFolder
    Number of datapoints: 467
    Root location: ./mvtec_dataset\organized_test
    StandardTransform
Transform: Compose(
               Resize(size=(224, 224), interpolation=bilinear, max_size=None, antialias=True)
               ToTensor()
               Normalize(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225])
           )


In [None]:
# Define loss function and optimizer
# Instantiate your knowledge distillation loss
kd_loss = KnowledgeDistillationLoss(trainloader, teacher, student, T=2.0, soft_target_loss_weight=0.25, ce_loss_weight=0.75)
optimizer = torch.optim.Adam(model_KD.parameters(), lr=0.001)

# Wrap the model with PyTorchClassifier
classifier = PyTorchClassifier(
    model=model_KD,
    loss=kd_loss,
    optimizer=optimizer,
    input_shape=(3, 224, 224),  # Adjust to your input shape
    nb_classes=15              # Number of output classes
)

In [29]:
for eps in epsilons:
    # Create FGSM attack
    attack = toolbox.FastGradientMethod(estimator=classifier, eps=eps)

    # Generate adversarial examples
    x_test_adv_fgsm = attack.generate(x=test_image)

    # Evaluate accuracy on adversarial examples
    predictions = classifier.predict(x_test_adv_fgsm)
    accuracy = np.sum(np.argmax(predictions, axis=1) == test_label) / len(test_label)
    print(f"Accuracy on FSGM attack with epsilon {eps}: {accuracy * 100:.2f}%")

TypeError: KnowledgeDistillationLoss.forward() missing 3 required positional arguments: 'student', 'teacher_logits', and 'student_logits'

In [13]:
# Create PGD attack
pgd_attack = toolbox.ProjectedGradientDescent(estimator=classifier, eps=0.1, eps_step=0.01, max_iter=40)

# Generate adversarial examples
x_test_adv_pgd = pgd_attack.generate(x=x_test)

# Evaluate accuracy on adversarial examples
predictions = classifier.predict(x_test_adv_pgd)
accuracy = np.sum(np.argmax(predictions, axis=1) == y_test) / len(y_test)
print(f"Accuracy on PGD attack: {accuracy * 100:.2f}%")

                                                              

Accuracy on PGD attack: 76.66%


In [14]:
# Create C&W attack
cw2_attack = toolbox.CarliniL2Method(classifier=classifier, confidence=0.0, max_iter=40, learning_rate=0.01)

# Generate adversarial examples
x_test_adv_cw2 = cw2_attack.generate(x=x_test)

# Evaluate accuracy on adversarial examples
predictions = classifier.predict(x_test_adv_cw2)
accuracy = np.sum(np.argmax(predictions, axis=1) == y_test) / len(y_test)
print(f"Accuracy on CW2 attack: {accuracy * 100:.2f}%")

C&W L_2:   0%|          | 1/467 [00:16<2:10:48, 16.84s/it]


KeyboardInterrupt: 

In [None]:
# Create Universal Perturbations attack
up_attack = toolbox.UniversalPerturbation(classifier=classifier, attacker="deepfool",
                                        #   delta=0.2,
                                          max_iter=10,
                                          eps=0.1,
                                        #   batch_size=32,
                                        #   verbose=True
                                        )

# Generate adversarial examples
x_test_adv_up = up_attack.generate(x=x_test)

# Evaluate accuracy on adversarial examples
predictions = classifier.predict(x_test_adv_up)
accuracy = np.sum(np.argmax(predictions, axis=1) == y_test) / len(y_test)
print(f"Accuracy on UP attack: {accuracy * 100:.2f}%")


[A

[A[A

DeepFool: 100%|██████████| 1/1 [00:01<00:00,  1.40s/it]


[A[A

DeepFool: 100%|██████████| 1/1 [00:00<00:00,  2.85it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:00<00:00,  2.91it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.28s/it]


DeepFool: 100%|██████████| 1/1 [00:00<00:00, 15.63it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.22s/it]


[A[A

DeepFool: 100%|██████████| 1/1 [00:00<00:00,  3.59it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.15s/it]


[A[A

DeepFool: 100%|██████████| 1/1 [00:00<00:00,  5.53it/s]


DeepFool: 100%|██████████| 1/1 [00:00<00:00, 17.82it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.15s/it]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.09s/it]


DeepFool: 100%|██████████| 1/1 [00:00<00:00, 17.84it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:00<00:00,  3.61it/s]


[A[A

DeepFool: 100%|██████████| 1/1 [00:03<00:00,  3.12s/it]


[A[A

DeepFool: 100%|█████