In [1]:
import torchvision.transforms as transforms
from torch.utils.data import Dataset
import glob
from PIL import Image
import argparse
import os

import numpy as np
import torch
import torch.nn as nn
from torch.utils.data import DataLoader
import torchvision
import random
from shutil import copy2
import torch.nn.functional as F
import torch.autograd as autograd

import cv2

from shapely.affinity import rotate
from shapely.geometry import box

from scipy.spatial.distance import cdist

import math
from torch.utils import model_zoo

from copy import deepcopy
import re
from collections import OrderedDict
from torch.autograd import Function


import cv2
from skimage import exposure
from skimage import filters
import matplotlib.pyplot as plt
from google.colab.patches import cv2_imshow

In [2]:
IMAGENET_MEAN = [0.485, 0.456, 0.406]
IMAGENET_STD = [0.229, 0.224, 0.225]

def imagenet_normalize(t, mean=None, std=None):
    if mean is None:
        mean = IMAGENET_MEAN
    if std is None:
        std= IMAGENET_STD

    ts = []
    for i in range(3):
        ts.append(torch.unsqueeze((t[:, i] - mean[i]) / std[i], 1))
    return torch.cat(ts, dim=1)

preprocess = transforms.Compose([
    transforms.Resize(224),
    transforms.CenterCrop(224),
    transforms.ToTensor(),
])

In [3]:

class CustomDataset(Dataset):
    def __init__(self, path, transform=None):
        self.classes   = os.listdir(path)
        self.path      = [f"{path}/{className}" for className in self.classes]
        self.file_list = [glob.glob(f"{x}/*") for x in self.path]
        self.transform = transform

        files = []
        for i, className in enumerate(self.classes):
            for fileName in self.file_list[i]:
                files.append([i, className, fileName])
        self.file_list = files
        files = None

    def __len__(self):
        return len(self.file_list)

    def __getitem__(self, idx):
        fileName = self.file_list[idx][2]
        classCategory = int(self.file_list[idx][2].split('/')[1])
        im = Image.open(fileName)
        if self.transform:
            im = self.transform(im)
        return im, classCategory


In [4]:
model_urls = {
    'alexnet': 'https://download.pytorch.org/models/alexnet-owt-4df8aa71.pth',
    'resnet18': 'https://download.pytorch.org/models/resnet18-5c106cde.pth',
    'resnet34': 'https://download.pytorch.org/models/resnet34-333f7ec4.pth',
    'resnet50': 'https://download.pytorch.org/models/resnet50-19c8e357.pth',
    'resnet101': 'https://download.pytorch.org/models/resnet101-5d3b4d8f.pth',
    'resnet152': 'https://download.pytorch.org/models/resnet152-b121ed2d.pth',
    'densenet201': 'https://download.pytorch.org/models/densenet201-c1103571.pth',
    'densenet169': 'https://download.pytorch.org/models/densenet169-b2777c0a.pth',
}


def conv3x3(in_planes, out_planes, stride=1):
    """3x3 convolution with padding"""
    return nn.Conv2d(in_planes, out_planes, kernel_size=3, stride=stride,
                     padding=1, bias=False)


class BasicBlock(nn.Module):
    expansion = 1

    def __init__(self, inplanes, planes, stride=1, downsample=None):
        super(BasicBlock, self).__init__()
        self.conv1 = conv3x3(inplanes, planes, stride)
        self.bn1 = nn.BatchNorm2d(planes)
        self.relu = SoftReLU()
        self.conv2 = conv3x3(planes, planes)
        self.bn2 = nn.BatchNorm2d(planes)
        self.downsample = downsample
        self.stride = stride

    def forward(self, x):
        residual = x

        out = self.conv1(x)
        out = self.bn1(out)
        out = self.relu(out)

        out = self.conv2(out)
        out = self.bn2(out)

        if self.downsample is not None:
            residual = self.downsample(x)

        out += residual
        out = self.relu(out)

        return out


class Bottleneck(nn.Module):
    expansion = 4

    def __init__(self, inplanes, planes, stride=1, downsample=None):
        super(Bottleneck, self).__init__()
        self.conv1 = nn.Conv2d(inplanes, planes, kernel_size=1, bias=False)
        self.bn1 = nn.BatchNorm2d(planes)
        self.conv2 = nn.Conv2d(planes, planes, kernel_size=3, stride=stride,
                               padding=1, bias=False)
        self.bn2 = nn.BatchNorm2d(planes)
        self.conv3 = nn.Conv2d(planes, planes * 4, kernel_size=1, bias=False)
        self.bn3 = nn.BatchNorm2d(planes * 4)
        self.relu = SoftReLU()
        self.downsample = downsample
        self.stride = stride

    def forward(self, x):
        residual = x

        out = self.conv1(x)
        out = self.bn1(out)
        out = self.relu(out)

        out = self.conv2(out)
        out = self.bn2(out)
        out = self.relu(out)

        out = self.conv3(out)
        out = self.bn3(out)

        if self.downsample is not None:
            residual = self.downsample(x)

        out += residual
        out = self.relu(out)

        return out


class ResNet(nn.Module):

    def __init__(self, block, layers, num_classes=1000):
        self.inplanes = 64
        super(ResNet, self).__init__()
        self.conv1 = nn.Conv2d(3, 64, kernel_size=7, stride=2, padding=3,
                               bias=False)
        self.bn1 = nn.BatchNorm2d(64)
        self.relu = SoftReLU()
        self.maxpool = nn.MaxPool2d(kernel_size=3, stride=2, padding=1)
        self.layer1 = self._make_layer(block, 64, layers[0])
        self.layer2 = self._make_layer(block, 128, layers[1], stride=2)
        self.layer3 = self._make_layer(block, 256, layers[2], stride=2)
        self.layer4 = self._make_layer(block, 512, layers[3], stride=2)
        self.avgpool = nn.AvgPool2d(7, stride=1)
        self.fc = nn.Linear(512 * block.expansion, num_classes)

        for m in self.modules():
            if isinstance(m, nn.Conv2d):
                n = m.kernel_size[0] * m.kernel_size[1] * m.out_channels
                m.weight.data.normal_(0, math.sqrt(2. / n))
            elif isinstance(m, nn.BatchNorm2d):
                m.weight.data.fill_(1)
                m.bias.data.zero_()

    def _make_layer(self, block, planes, blocks, stride=1):
        downsample = None
        if stride != 1 or self.inplanes != planes * block.expansion:
            downsample = nn.Sequential(
                nn.Conv2d(self.inplanes, planes * block.expansion,
                          kernel_size=1, stride=stride, bias=False),
                nn.BatchNorm2d(planes * block.expansion),
            )

        layers = []
        layers.append(block(self.inplanes, planes, stride, downsample))
        self.inplanes = planes * block.expansion
        for i in range(1, blocks):
            layers.append(block(self.inplanes, planes))

        return nn.Sequential(*layers)

    def forward(self, x, out_keys=None):
        out = {}
        x = self.conv1(x)
        out["c1"] = x
        x = self.bn1(x)
        out["bn1"] = x
        x = self.relu(x)
        out["r1"] = x
        x = self.maxpool(x)
        out["p1"] = x

        x = self.layer1(x)
        out["l1"] = x
        x = self.layer2(x)
        out["l2"] = x
        x = self.layer3(x)
        out["l3"] = x
        x = self.layer4(x)
        out["l4"] = x

        x = self.avgpool(x)
        out["gvp"] = x
        x = x.view(x.size(0), -1)
        x = self.fc(x)
        out["fc"] = x

        if out_keys is None:
            return x

        res = {}
        for key in out_keys:
            res[key] = out[key]
        return res


def resnet50_soft(pretrained=False, **kwargs):
    """Constructs a ResNet-50 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(Bottleneck, [3, 4, 6, 3], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet50']))
    return model


In [5]:
from torchvision.models.resnet import resnet50
from torchvision.models.densenet import densenet169

def load_model():
    model = resnet50(True)
    model.to('cuda')
    model.train(False)
    return model

In [6]:
# model = load_model()
# bx_nps, by_nps = [], []

# for i, (bx, by) in enumerate(loader):
#   bx_np, by_np = bx.numpy(), by.numpy()
#   bx, by = [t.to('cuda') for t in (bx, by)]
#   bx = imagenet_normalize(bx)
#   bp_np = model(bx)
#   bp_np = bp_np.argmax(1).to('cpu').numpy()
#   succeed = by_np == bp_np
#   bx_nps.append(bx_np[succeed])
#   by_nps.append(by_np[succeed])

# bx_np = np.concatenate(bx_nps)
# by_np = np.concatenate(by_nps)
# byt = np.random.randint(1, 1000, len(by_np)).astype(np.int64)
# byt = np.mod(by_np + byt, 1000)

# num_folds = min(len(bx_np) // 10, 5)
# print(len(bx_np), by_np, byt)

# for i in range(num_folds):
#   si, ei = i * 10, (i + 1) * 10
#   sl = slice(si, ei)
#   np.savez(os.path.join(save_dir, 'fold_%d.npz' % (i + 1)), img_x=bx_np[sl],
#                  img_y=by_np[sl], img_yt=byt[sl])

Generate Benign Gradient *Saliency*

In [7]:
def imagenet_resize_postfn(grad):
    # grad = grad.abs().max(1, keepdim=True)[0].squeeze(1) # remove squeeze and uncomment next line
    grad = grad.abs().max(1, keepdim=True)[0]
    grad = F.avg_pool2d(grad, 4).squeeze(1)
    shape = grad.shape
    grad = grad.view(len(grad), -1)
    grad_min = grad.min(1, keepdim=True)[0]
    grad = grad - grad_min
    grad_max = grad.max(1, keepdim=True)[0]
    grad = grad / torch.max(grad_max, torch.tensor([1e-8], device='cuda'))
    return grad.view(*shape)


def generate_gs_per_batches(model_tup, bx, by, post_fn=None, keep_grad=False):
    model, pre_fn = model_tup[:2]
    bxp = pre_fn(bx)
    logit = model(bxp)
    loss = F.nll_loss(F.log_softmax(logit), by)
    grad = autograd.grad([loss], [bx], create_graph=keep_grad)[0]
    if post_fn is not None:
        grad = post_fn(grad)
    return grad


def generate_gs(model_tup, x, y, post_fn=None, keep_grad=False, batch_size=10, device='cuda'):
    n = len(x)
    n_batches = (n + batch_size - 1) // batch_size
    generated = []
    for i in range(n_batches):
        si = i * batch_size
        ei = min(n, si + batch_size)
        bx, by = x[si:ei], y[si:ei]
        bx, by = torch.tensor(bx, device=device, requires_grad=True), torch.tensor(by, device='cuda')
        generated.append(generate_gs_per_batches(
            model_tup, bx, by, post_fn=post_fn,
            keep_grad=keep_grad).detach().cpu().numpy())
    generated = np.concatenate(generated, axis=0)
    return generated

In [8]:
def load_model():
    pre_fn = imagenet_normalize
    model = densenet169(True)
    shape = (224, 224)


    model.train(False)
    model.cuda()
    return model, pre_fn, shape


def generate(path, filename):
    # if(not os.path.exists('gdrive/MyDrive/GS/Resnet/')):
    #   os.mkdir('gdrive/MyDrive/GS/Resnet/')
    model_tup = load_model()

    dobj = np.load(path)
    img_x, img_y, img_yt = dobj['img_x'], dobj['img_y'], dobj['img_yt']
    # print(img_x.shape)
    benign_gs = generate_gs(model_tup, img_x, img_y, imagenet_resize_postfn, False, batch_size=10)
    # print(benign_gs.shape)
    save_dobj = {'img_x': img_x, 'img_y': img_y, 'benign_gs': benign_gs, 'img_yt': img_yt}
    np.savez('gdrive/MyDrive/GS/Densenet/{}'.format(filename), **save_dobj)

In [9]:
# generate('data/fold_1.npz')

In [19]:
model_urls = {
    'alexnet': 'https://download.pytorch.org/models/alexnet-owt-4df8aa71.pth',
    'resnet18': 'https://download.pytorch.org/models/resnet18-5c106cde.pth',
    'resnet34': 'https://download.pytorch.org/models/resnet34-333f7ec4.pth',
    'resnet50': 'https://download.pytorch.org/models/resnet50-19c8e357.pth',
    'resnet101': 'https://download.pytorch.org/models/resnet101-5d3b4d8f.pth',
    'resnet152': 'https://download.pytorch.org/models/resnet152-b121ed2d.pth',
    'densenet201': 'https://download.pytorch.org/models/densenet201-c1103571.pth',
    'densenet169': 'https://download.pytorch.org/models/densenet169-b2777c0a.pth',
}


#
# AlexNet | begin
#

ALEXNET_NAME_MAP = {
    "conv1.weight": "features.0.weight",
    "conv1.bias": "features.0.bias",
    "conv2.weight": "features.3.weight",
    "conv2.bias": "features.3.bias",
    "conv3.weight": "features.6.weight",
    "conv3.bias": "features.6.bias",
    "conv4.weight": "features.8.weight",
    "conv4.bias": "features.8.bias",
    "conv5.weight": "features.10.weight",
    "conv5.bias": "features.10.bias",
    "fc1.weight": "classifier.1.weight",
    "fc1.bias": "classifier.1.bias",
    "fc2.weight": "classifier.4.weight",
    "fc2.bias": "classifier.4.bias",
    "fc3.weight": "classifier.6.weight",
    "fc3.bias": "classifier.6.bias"
}


class AlexNet(nn.Module):

    def __init__(self, num_classes=1000):
        super(AlexNet, self).__init__()

        # convolutional layers
        self.conv1 = nn.Conv2d(3, 64, kernel_size=(11, 11), stride=(4, 4), padding=(2, 2))
        self.conv2 = nn.Conv2d(64, 192, kernel_size=(5, 5), stride=(1, 1), padding=(2, 2))
        self.conv3 = nn.Conv2d(192, 384, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
        self.conv4 = nn.Conv2d(384, 256, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
        self.conv5 = nn.Conv2d(256, 256, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
        # pooling layers
        self.pool1 = nn.MaxPool2d(kernel_size=(3, 3), stride=(2, 2), dilation=(1, 1))
        self.pool2 = nn.MaxPool2d(kernel_size=(3, 3), stride=(2, 2), dilation=(1, 1))
        self.pool5 = nn.MaxPool2d(kernel_size=(3, 3), stride=(2, 2), dilation=(1, 1))
        # fully connected layers
        self.fc1 = nn.Linear(9216, 4096)
        self.fc2 = nn.Linear(4096, 4096)
        self.fc3 = nn.Linear(4096, num_classes)

    def forward(self, x, out_keys=None):
        out = {}
        out['c1'] = self.conv1(x)
        out['r1'] = F.relu(out['c1'])
        out['p1'] = self.pool1(out['r1'])
        out['r2'] = F.relu(self.conv2(out['p1']))
        out['p2'] = self.pool2(out['r2'])
        out['r3'] = F.relu(self.conv3(out['p2']))
        out['r4'] = F.relu(self.conv4(out['r3']))
        out['r5'] = F.relu(self.conv5(out['r4']))
        out['p5'] = self.pool5(out['r5'])
        out['fc1'] = F.relu(self.fc1(out['p5'].view(1, -1)))
        out['fc2'] = F.relu(self.fc2(out['fc1']))
        out['fc3'] = self.fc3(out['fc2'])

        if out_keys is None:
            return out['fc3']

        res = {}
        for key in out_keys:
            res[key] = out[key]
        return res


def convert_alexnet_weights(src_state, dest_state):
    for key in dest_state:
        if key in ALEXNET_NAME_MAP:
            dest_state[key] = deepcopy(src_state[ALEXNET_NAME_MAP[key]])
    return dest_state


def alexnet(pretrained=False, **kwargs):
    r"""AlexNet model architecture from the
    `"One weird trick..." <https://arxiv.org/abs/1404.5997>`_ paper.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = AlexNet(**kwargs)
    if pretrained:
        src_state = model_zoo.load_url(model_urls['alexnet'])
        dest_state = convert_alexnet_weights(src_state, model.state_dict())
        model.load_state_dict(dest_state)
    return model

#
# AlexNet | end
#

#
# ResNet | begin
#


def conv3x3(in_planes, out_planes, stride=1):
    """3x3 convolution with padding"""
    return nn.Conv2d(in_planes, out_planes, kernel_size=3, stride=stride,
                     padding=1, bias=False)


class BasicBlock(nn.Module):
    expansion = 1

    def __init__(self, inplanes, planes, stride=1, downsample=None):
        super(BasicBlock, self).__init__()
        self.conv1 = conv3x3(inplanes, planes, stride)
        self.bn1 = nn.BatchNorm2d(planes)
        self.relu = nn.ReLU(inplace=True)
        self.conv2 = conv3x3(planes, planes)
        self.bn2 = nn.BatchNorm2d(planes)
        self.downsample = downsample
        self.stride = stride

    def forward(self, x):
        residual = x

        out = self.conv1(x)
        out = self.bn1(out)
        out = self.relu(out)

        out = self.conv2(out)
        out = self.bn2(out)

        if self.downsample is not None:
            residual = self.downsample(x)

        out += residual
        out = self.relu(out)

        return out


class Bottleneck(nn.Module):
    expansion = 4

    def __init__(self, inplanes, planes, stride=1, downsample=None):
        super(Bottleneck, self).__init__()
        self.conv1 = nn.Conv2d(inplanes, planes, kernel_size=1, bias=False)
        self.bn1 = nn.BatchNorm2d(planes)
        self.conv2 = nn.Conv2d(planes, planes, kernel_size=3, stride=stride,
                               padding=1, bias=False)
        self.bn2 = nn.BatchNorm2d(planes)
        self.conv3 = nn.Conv2d(planes, planes * 4, kernel_size=1, bias=False)
        self.bn3 = nn.BatchNorm2d(planes * 4)
        self.relu = nn.ReLU(inplace=True)
        self.downsample = downsample
        self.stride = stride

    def forward(self, x):
        residual = x

        out = self.conv1(x)
        out = self.bn1(out)
        out = self.relu(out)

        out = self.conv2(out)
        out = self.bn2(out)
        out = self.relu(out)

        out = self.conv3(out)
        out = self.bn3(out)

        if self.downsample is not None:
            residual = self.downsample(x)

        out += residual
        out = self.relu(out)

        return out


class ResNet(nn.Module):

    def __init__(self, block, layers, num_classes=1000):
        self.inplanes = 64
        super(ResNet, self).__init__()
        self.conv1 = nn.Conv2d(3, 64, kernel_size=7, stride=2, padding=3,
                               bias=False)
        self.bn1 = nn.BatchNorm2d(64)
        self.relu = nn.ReLU(inplace=True)
        self.maxpool = nn.MaxPool2d(kernel_size=3, stride=2, padding=1)
        self.layer1 = self._make_layer(block, 64, layers[0])
        self.layer2 = self._make_layer(block, 128, layers[1], stride=2)
        self.layer3 = self._make_layer(block, 256, layers[2], stride=2)
        self.layer4 = self._make_layer(block, 512, layers[3], stride=2)
        self.avgpool = nn.AvgPool2d(7, stride=1)
        self.fc = nn.Linear(512 * block.expansion, num_classes)

        for m in self.modules():
            if isinstance(m, nn.Conv2d):
                n = m.kernel_size[0] * m.kernel_size[1] * m.out_channels
                m.weight.data.normal_(0, math.sqrt(2. / n))
            elif isinstance(m, nn.BatchNorm2d):
                m.weight.data.fill_(1)
                m.bias.data.zero_()

    def _make_layer(self, block, planes, blocks, stride=1):
        downsample = None
        if stride != 1 or self.inplanes != planes * block.expansion:
            downsample = nn.Sequential(
                nn.Conv2d(self.inplanes, planes * block.expansion,
                          kernel_size=1, stride=stride, bias=False),
                nn.BatchNorm2d(planes * block.expansion),
            )

        layers = []
        layers.append(block(self.inplanes, planes, stride, downsample))
        self.inplanes = planes * block.expansion
        for i in range(1, blocks):
            layers.append(block(self.inplanes, planes))

        return nn.Sequential(*layers)

    def forward(self, x, out_keys=None):
        out = {}
        x = self.conv1(x)
        out["c1"] = x
        x = self.bn1(x)
        out["bn1"] = x
        x = self.relu(x)
        out["r1"] = x
        x = self.maxpool(x)
        out["p1"] = x

        x = self.layer1(x)
        out["l1"] = x
        x = self.layer2(x)
        out["l2"] = x
        x = self.layer3(x)
        out["l3"] = x
        x = self.layer4(x)
        out["l4"] = x

        x = self.avgpool(x)
        out["gvp"] = x
        x = x.view(x.size(0), -1)
        x = self.fc(x)
        out["fc"] = x

        if out_keys is None:
            return x

        res = {}
        for key in out_keys:
            res[key] = out[key]
        return res


def resnet18(pretrained=False, **kwargs):
    """Constructs a ResNet-18 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(BasicBlock, [2, 2, 2, 2], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet18']))
    return model


def resnet34(pretrained=False, **kwargs):
    """Constructs a ResNet-34 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(BasicBlock, [3, 4, 6, 3], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet34']))
    return model


def resnet50(pretrained=False, **kwargs):
    """Constructs a ResNet-50 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(Bottleneck, [3, 4, 6, 3], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet50']))
    return model


def resnet101(pretrained=False, **kwargs):
    """Constructs a ResNet-101 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(Bottleneck, [3, 4, 23, 3], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet101']))
    return model


def resnet152(pretrained=False, **kwargs):
    """Constructs a ResNet-152 model.

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = ResNet(Bottleneck, [3, 8, 36, 3], **kwargs)
    if pretrained:
        model.load_state_dict(model_zoo.load_url(model_urls['resnet152']))
    return model


# ResNet | end


# DenseNet | begin

def densenet121(pretrained=False, **kwargs):
    r"""Densenet-121 model from
    `"Densely Connected Convolutional Networks" <https://arxiv.org/pdf/1608.06993.pdf>`_

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = DenseNet(num_init_features=64, growth_rate=32, block_config=(6, 12, 24, 16),
                     **kwargs)
    if pretrained:
        # '.'s are no longer allowed in module names, but pervious _DenseLayer
        # has keys 'norm.1', 'relu.1', 'conv.1', 'norm.2', 'relu.2', 'conv.2'.
        # They are also in the checkpoints in model_urls. This pattern is used
        # to find such keys.
        pattern = re.compile(
            r'^(.*denselayer\d+\.(?:norm|relu|conv))\.((?:[12])\.(?:weight|bias|running_mean|running_var))$')
        state_dict = model_zoo.load_url(model_urls['densenet121'])
        for key in list(state_dict.keys()):
            res = pattern.match(key)
            if res:
                new_key = res.group(1) + res.group(2)
                state_dict[new_key] = state_dict[key]
                del state_dict[key]
        model.load_state_dict(state_dict)
    return model


def densenet169(pretrained=False, **kwargs):
    r"""Densenet-169 model from
    `"Densely Connected Convolutional Networks" <https://arxiv.org/pdf/1608.06993.pdf>`_

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = DenseNet(num_init_features=64, growth_rate=32, block_config=(6, 12, 32, 32),
                     **kwargs)
    if pretrained:
        # '.'s are no longer allowed in module names, but pervious _DenseLayer
        # has keys 'norm.1', 'relu.1', 'conv.1', 'norm.2', 'relu.2', 'conv.2'.
        # They are also in the checkpoints in model_urls. This pattern is used
        # to find such keys.
        pattern = re.compile(
            r'^(.*denselayer\d+\.(?:norm|relu|conv))\.((?:[12])\.(?:weight|bias|running_mean|running_var))$')
        state_dict = model_zoo.load_url(model_urls['densenet169'])
        for key in list(state_dict.keys()):
            res = pattern.match(key)
            if res:
                new_key = res.group(1) + res.group(2)
                state_dict[new_key] = state_dict[key]
                del state_dict[key]
        model.load_state_dict(state_dict)
    return model


def densenet201(pretrained=False, **kwargs):
    r"""Densenet-201 model from
    `"Densely Connected Convolutional Networks" <https://arxiv.org/pdf/1608.06993.pdf>`_

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = DenseNet(num_init_features=64, growth_rate=32, block_config=(6, 12, 48, 32),
                     **kwargs)
    if pretrained:
        # '.'s are no longer allowed in module names, but pervious _DenseLayer
        # has keys 'norm.1', 'relu.1', 'conv.1', 'norm.2', 'relu.2', 'conv.2'.
        # They are also in the checkpoints in model_urls. This pattern is used
        # to find such keys.
        pattern = re.compile(
            r'^(.*denselayer\d+\.(?:norm|relu|conv))\.((?:[12])\.(?:weight|bias|running_mean|running_var))$')
        state_dict = model_zoo.load_url(model_urls['densenet201'])
        for key in list(state_dict.keys()):
            res = pattern.match(key)
            if res:
                new_key = res.group(1) + res.group(2)
                state_dict[new_key] = state_dict[key]
                del state_dict[key]
        model.load_state_dict(state_dict)
    return model


def densenet161(pretrained=False, **kwargs):
    r"""Densenet-161 model from
    `"Densely Connected Convolutional Networks" <https://arxiv.org/pdf/1608.06993.pdf>`_

    Args:
        pretrained (bool): If True, returns a model pre-trained on ImageNet
    """
    model = DenseNet(num_init_features=96, growth_rate=48, block_config=(6, 12, 36, 24),
                     **kwargs)
    if pretrained:
        # '.'s are no longer allowed in module names, but pervious _DenseLayer
        # has keys 'norm.1', 'relu.1', 'conv.1', 'norm.2', 'relu.2', 'conv.2'.
        # They are also in the checkpoints in model_urls. This pattern is used
        # to find such keys.
        pattern = re.compile(
            r'^(.*denselayer\d+\.(?:norm|relu|conv))\.((?:[12])\.(?:weight|bias|running_mean|running_var))$')
        state_dict = model_zoo.load_url(model_urls['densenet161'])
        for key in list(state_dict.keys()):
            res = pattern.match(key)
            if res:
                new_key = res.group(1) + res.group(2)
                state_dict[new_key] = state_dict[key]
                del state_dict[key]
        model.load_state_dict(state_dict)
    return model


class _DenseLayer(nn.Sequential):
    def __init__(self, num_input_features, growth_rate, bn_size, drop_rate):
        super(_DenseLayer, self).__init__()
        self.add_module('norm1', nn.BatchNorm2d(num_input_features)),
        self.add_module('relu1', nn.ReLU(inplace=True)),
        self.add_module('conv1', nn.Conv2d(num_input_features, bn_size *
                        growth_rate, kernel_size=1, stride=1, bias=False)),
        self.add_module('norm2', nn.BatchNorm2d(bn_size * growth_rate)),
        self.add_module('relu2', nn.ReLU(inplace=True)),
        self.add_module('conv2', nn.Conv2d(bn_size * growth_rate, growth_rate,
                        kernel_size=3, stride=1, padding=1, bias=False)),
        self.drop_rate = drop_rate

    def forward(self, x):
        new_features = super(_DenseLayer, self).forward(x)
        if self.drop_rate > 0:
            new_features = F.dropout(new_features, p=self.drop_rate, training=self.training)
        return torch.cat([x, new_features], 1)


class _DenseBlock(nn.Sequential):
    def __init__(self, num_layers, num_input_features, bn_size, growth_rate, drop_rate):
        super(_DenseBlock, self).__init__()
        for i in range(num_layers):
            layer = _DenseLayer(num_input_features + i * growth_rate, growth_rate, bn_size, drop_rate)
            self.add_module('denselayer%d' % (i + 1), layer)


class _Transition(nn.Sequential):
    def __init__(self, num_input_features, num_output_features):
        super(_Transition, self).__init__()
        self.add_module('norm', nn.BatchNorm2d(num_input_features))
        self.add_module('relu', nn.ReLU(inplace=True))
        self.add_module('conv', nn.Conv2d(num_input_features, num_output_features,
                                          kernel_size=1, stride=1, bias=False))
        self.add_module('pool', nn.AvgPool2d(kernel_size=2, stride=2))


class DenseNet(nn.Module):
    r"""Densenet-BC model class, based on
    `"Densely Connected Convolutional Networks" <https://arxiv.org/pdf/1608.06993.pdf>`_

    Args:
        growth_rate (int) - how many filters to add each layer (`k` in paper)
        block_config (list of 4 ints) - how many layers in each pooling block
        num_init_features (int) - the number of filters to learn in the first convolution layer
        bn_size (int) - multiplicative factor for number of bottle neck layers
          (i.e. bn_size * k features in the bottleneck layer)
        drop_rate (float) - dropout rate after each dense layer
        num_classes (int) - number of classification classes
    """
    def __init__(self, growth_rate=32, block_config=(6, 12, 24, 16),
                 num_init_features=64, bn_size=4, drop_rate=0, num_classes=1000):

        super(DenseNet, self).__init__()

        # First convolution
        self.features = nn.Sequential(OrderedDict([
            ('conv0', nn.Conv2d(3, num_init_features, kernel_size=7, stride=2, padding=3, bias=False)),
            ('norm0', nn.BatchNorm2d(num_init_features)),
            ('relu0', nn.ReLU(inplace=True)),
            ('pool0', nn.MaxPool2d(kernel_size=3, stride=2, padding=1)),
        ]))

        # Each denseblock
        num_features = num_init_features
        for i, num_layers in enumerate(block_config):
            block = _DenseBlock(num_layers=num_layers, num_input_features=num_features,
                                bn_size=bn_size, growth_rate=growth_rate, drop_rate=drop_rate)
            self.features.add_module('denseblock%d' % (i + 1), block)
            num_features = num_features + num_layers * growth_rate
            if i != len(block_config) - 1:
                trans = _Transition(num_input_features=num_features, num_output_features=num_features // 2)
                self.features.add_module('transition%d' % (i + 1), trans)
                num_features = num_features // 2

        # Final batch norm
        self.features.add_module('norm5', nn.BatchNorm2d(num_features))

        # Linear layer
        self.classifier = nn.Linear(num_features, num_classes)

        # Official init from torch repo.
        for m in self.modules():
            if isinstance(m, nn.Conv2d):
                nn.init.kaiming_normal(m.weight.data)
            elif isinstance(m, nn.BatchNorm2d):
                m.weight.data.fill_(1)
                m.bias.data.zero_()
            elif isinstance(m, nn.Linear):
                m.bias.data.zero_()

    def forward(self, x, out_keys=None):
        out_dict = {}
        features = self.features(x)
        out = F.relu(features, inplace=True)
        out_dict['l'] = out
        out = F.avg_pool2d(out, kernel_size=7, stride=1)
        out_dict['gvp'] = out
        out = out.view(features.size(0), -1)
        out = self.classifier(out)
        out_dict['fc'] = out
        if out_keys is None:
            return out

        res = {}
        for key in out_keys:
            res[key] = out_dict[key]
        return res

# DenseNet | end


def get_gaussian_blur_kernel(ksize, sigma):
    ker = cv2.getGaussianKernel(ksize, sigma).astype(np.float32)
    blur_kernel = (ker * ker.T)[None, None]
    blur_kernel = torch.tensor(blur_kernel)

    return blur_kernel


def gaussian_blur(x, ksize, sigma):
    """

    Args:
    :param x: torch.tensor (n, c, h, w), will padding with reflection
    :param ksize: int
    :param sigma: int
    :return:
    """
    psize = int((ksize - 1) / 2)
    blur_kernel = get_gaussian_blur_kernel(ksize, sigma)
    x_padded = F.pad(x, [psize] * 4, mode="reflect")
    blurs = []
    for i in range(3):
        blurs.append(F.conv2d(x_padded[:, i, None], blur_kernel))
    blurred = torch.cat(blurs, 1)

    return blurred


class GuidedBackpropReLU(Function):

    @staticmethod
    def forward(ctx, input):
        positive_mask = (input > 0).type_as(input)
        output = torch.addcmul(torch.zeros(input.size()).type_as(input), input, positive_mask)
        ctx.save_for_backward(input, output)
        return output

    @staticmethod
    def backward(ctx, grad_output):
        input, output = ctx.saved_tensors
        grad_input = None

        positive_mask_1 = (input > 0).type_as(grad_output)
        positive_mask_2 = (grad_output > 0).type_as(grad_output)
        grad_input = torch.addcmul(torch.zeros(input.size()).type_as(input), torch.addcmul(torch.zeros(input.size()).type_as(input), grad_output, positive_mask_1), positive_mask_2)

        return grad_input


def freeze_model(model):
    for param in model.parameters():
        param.requires_grad_(False)


### SoftReLU


class SoftReLU(nn.Module):

    def __init__(self, eps=1e-6):
        super(SoftReLU, self).__init__()
        self.eps = eps

    def forward(self, x):
        # mask = (x > 0).float()
        # return torch.sqrt(x * x + self.eps) * mask
        return SoftReLUFunc.apply(x)


class SoftReLUFunc(autograd.Function):

    @staticmethod
    def forward(ctx, x):
        ctx.save_for_backward(x)
        return x.clamp(min=0)

    @staticmethod
    def backward(ctx, grad_output):
        # v2
        x,  = ctx.saved_tensors
        # x2 = x * x
        grad_input = grad_output.clone()
        i1 = (x < 0)
        i2 = x >= 0
        xi1 = x[i1]
        xi2 = x[i2]
        n1, n2 = xi1.numel(), xi2.numel()
        assert n1 + n2 == x.numel()
        if n1 > 0:
            xi12 = xi1 * xi1
            new_v = xi1 / torch.sqrt(xi12 + 1e-4) + 1
            grad_input[i1] = grad_input[i1] * new_v
        if n2 > 0:
            xi22 = xi2 * xi2
            new_v = xi2 / torch.sqrt(xi22 + 1e-4)
            grad_input[i2] = grad_input[i2] * new_v
        return grad_input

In [14]:
def imagenet_resize_postfn(grad):
    grad = grad.abs().max(1, keepdim=True)[0]
    grad = F.avg_pool2d(grad, 4).squeeze(1)
    shape = grad.shape
    grad = grad.view(len(grad), -1)
    grad_min = grad.min(1, keepdim=True)[0]
    grad = grad - grad_min
    grad_max = grad.max(1, keepdim=True)[0]
    grad = grad / torch.max(grad_max, torch.tensor([1e-8], device='cuda'))
    return grad.view(*shape)


def generate_gs_per_batches(model_tup, bx, by, post_fn=None, keep_grad=False):
    model, pre_fn = model_tup[:2]
    bxp = pre_fn(bx)
    logit = model(bxp)
    loss = F.nll_loss(F.log_softmax(logit), by)
    grad = autograd.grad([loss], [bx], create_graph=keep_grad)[0]
    if post_fn is not None:
        grad = post_fn(grad)
    return grad


def generate_gs(model_tup, x, y, post_fn=None, keep_grad=False, batch_size=48, device='cuda'):
    n = len(x)
    n_batches = (n + batch_size - 1) // batch_size
    generated = []
    for i in range(n_batches):
        si = i * batch_size
        ei = min(n, si + batch_size)
        bx, by = x[si:ei], y[si:ei]
        bx, by = torch.tensor(bx, device=device, requires_grad=True), torch.tensor(by, device='cuda')
        generated.append(generate_gs_per_batches(
            model_tup, bx, by, post_fn=post_fn,
            keep_grad=keep_grad).detach().cpu().numpy())
    generated = np.concatenate(generated, axis=0)
    return generated

### AdvEdge

In [23]:
import skimage
import time

def load_model(device):
    model = resnet50(pretrained=True)
    model_ref = resnet50_soft(pretrained=True)

    # nn.DataParallel(model).load_state_dict(torch.load(CIFAR10_RESNET50_CKPT_PATH,
    #                                                   lambda storage, location: storage)['net'])

    model.to(device)
    model.train(False)
    model_ref.to(device)
    model_ref.train(False)

    freeze_model(model)
    freeze_model(model_ref)
    return (model, imagenet_normalize), (model_ref, imagenet_normalize)


def attack_batch(cs, steps, model_tup, ref_model_tup, bx, by, bm, device):
    n = len(bx)
    by_np = by.to('cpu').numpy()
    model, pre_fn = model_tup
    ref_model_tup = (ref_model_tup[0], lambda x: x)
    # print(bm[0].shape)
    best_dist = np.full((n, ), np.inf, dtype=np.float32)
    best_adv = bx.cpu().numpy()
    best_adv_gs = np.zeros((n, 56, 56), dtype=np.float32)
    best_adv_conf = np.zeros((n,), dtype=np.float32)

    bx0 = bx.clone()
    bx = bx.clone().requires_grad_()

    bx1 = bx.cpu().detach().clone()


    unpert_gray = bx1.numpy().mean(axis = 1, keepdims=True)

    edges = np.empty_like(unpert_gray)

    for index, image in enumerate(unpert_gray):
        edges[index] = filters.sobel(image.squeeze(0))

    weights = torch.tensor(edges).to(device)


    for i in range(300):
        bx_p = pre_fn(bx)
        logit = model(bx_p)
        adv_loss = F.nll_loss(F.log_softmax(logit), by, reduction='sum')
        final_grad = autograd.grad([adv_loss], [bx])[0]

        bx.data = bx.data - weights * 1. / 255 * final_grad.sign()
        r = bx.data - bx0
        r.clamp_(-0.031, 0.031)
        bx.data = bx0 + r
        del final_grad

    bx_adv_start = bx.detach().clone()
    bx = bx_adv_start.clone().requires_grad_()

    label_indices = np.arange(0, n, dtype=np.int64)
    for c, num_step in zip(cs, steps):
        for i in range(num_step):
            conf_base = 0.95 + i / num_step * 0.04
            conf = np.random.uniform(conf_base, 1, size=(n, )).astype(np.float32)
            conf_mat = ((1 - conf) / 9.).reshape((n, 1)).repeat(1000, 1)
            conf_mat[label_indices, by_np] = conf

            bx_p = pre_fn(bx)
            logit = model(bx_p)
            # print(F.log_softmax(logit))
            # print(len(F.log_softmax(logit)[0]))
            by_one = torch.tensor(conf_mat, device='cuda')
            adv_loss = (-by_one * F.log_softmax(logit)).sum()

            adv_gs = generate_gs_per_batches(ref_model_tup, bx_p, by, post_fn=imagenet_resize_postfn,
                                             keep_grad=True)

            if i % 10 == 0:
                with torch.no_grad():
                    prob = F.softmax(logit).gather(1, by.view(n, -1)).view(n)
                prob = prob.cpu().numpy()
                now_gs = generate_gs_per_batches(model_tup, bx, by, post_fn=imagenet_resize_postfn)
                print(now_gs.shape)
                diff = now_gs.detach() - bm
                now_dist = (diff * diff).view(n, -1).sum(1).cpu().numpy()
                mask = np.logical_and(prob > 0.8, now_dist < best_dist)
                indices_np = np.nonzero(mask)[0]
                indices = torch.tensor(indices_np, device=device)
                best_dist[indices_np] = now_dist[indices_np]
                best_adv[indices_np] = bx.detach()[indices].cpu().numpy()
                best_adv_gs[indices_np] = now_gs[indices].cpu().numpy()
                best_adv_conf[indices_np] = prob[indices_np]

            diff = adv_gs - bm
            int_loss = (diff * diff).view(n, -1).sum()
            loss = adv_loss + c * int_loss
            final_grad = autograd.grad([loss], [bx])[0]

            bx.data = bx.data - 1./255 * final_grad.sign()
            r = bx.data - bx0
            r.clamp_(-0.031, 0.031)
            bx.data = bx0 + r
            bx.data.clamp_(0, 1)

            if i % 10 == 0:
                succeed_indices = np.nonzero(best_dist < np.inf)[0]

                print('c', c, 'step', i,
                      'succeed:', len(succeed_indices), 'conf:', np.mean(best_adv_conf[succeed_indices]),
                      'dist', np.mean(best_dist[succeed_indices]))

            del final_grad, loss, int_loss
    return dict(best_dist=best_dist, best_adv=best_adv, best_adv_gs=best_adv_gs, best_adv_conf=best_adv_conf)


def analyze_batch(model_tup, bx, by, bm, result):
    n = len(bx)
    succeed = (result['best_dist'] < np.inf).astype(np.int64)
    diff = (bm - result['best_adv_gs']).reshape((n, -1))
    return dict(succeed=succeed, l2_dist=np.linalg.norm(diff, 2, axis=1),
                l1_dist=np.linalg.norm(diff, 1, axis=1))


def main(data_path, save_path, batch_size, device, steps, cs, begin, end):
    model_tup, ref_model_tup = load_model(device)
    dobj = np.load(data_path)
    img_x, img_y, img_m = dobj['img_x'], dobj['img_yt'], dobj['benign_gs']
    # print(img_m.shape)
    if begin != -1 and end != -1:
        beg, end = begin, end
        img_x, img_y, img_m = img_x[beg:end], img_y[beg:end], img_m[beg:end]
    n, batch_size = len(img_x), batch_size
    n_batches = (n + batch_size - 1) // batch_size
    results = []

    start_time = time.time()

    for i in range(n_batches):
        si = i * batch_size
        ei = min(n, si + batch_size)
        bx_np, by_np, bm_np = img_x[si:ei], img_y[si:ei], img_m[si:ei]
        bx, by, bm = [torch.tensor(arr, device=device) for arr in (bx_np, by_np, bm_np)]
        result = attack_batch(cs, steps, model_tup, ref_model_tup, bx, by, bm, device)
        result.update(analyze_batch(model_tup, bx_np, by_np, bm_np, result))
        results.append(result)

    etimated_time = time.time() - start_time

    keys = list(results[0].keys())
    save_dobj = {}
    for key in keys:
        save_dobj[key] = np.concatenate([i[key] for i in results], axis=0)

    save_dobj['time'] = etimated_time
    save_dobj['img_x'] = img_x
    save_dobj['img_y'] = dobj['img_y']
    save_dobj['img_yt'] = img_y
    save_dobj['benign_gs'] = img_m
    np.savez(save_path, **save_dobj)


def start_attack_1(data_path, filename):
    # data_path = 'benign_gs_data/benign_gs_fold_1.npz'
    save_path = f'{filename}'
    batch_size = 10
    steps = [301, 201, 101, 101, 50]
    cs = [0.001, 0.004, 0.01, 0.05, 0.07]
    begin = -1
    end = -1
    device = 'cuda' if torch.cuda.is_available() else 'cpu'

    main(data_path, save_path, batch_size, device, steps, cs, begin, end)

In [24]:
start_attack_1('gs.npz', 'output_1.npz')

  adv_loss = F.nll_loss(F.log_softmax(logit), by, reduction='sum')


KeyboardInterrupt: ignored

### AdvEdge+

In [20]:
import skimage

def load_model(device):
    model = resnet50(pretrained=True)
    model_ref = resnet50_soft(pretrained=True)

    # nn.DataParallel(model).load_state_dict(torch.load(CIFAR10_RESNET50_CKPT_PATH,
    #                                                   lambda storage, location: storage)['net'])

    model.to(device)
    model.train(False)
    model_ref.to(device)
    model_ref.train(False)

    freeze_model(model)
    freeze_model(model_ref)
    return (model, imagenet_normalize), (model_ref, imagenet_normalize)


def attack_batch(cs, steps, model_tup, ref_model_tup, bx, by, bm, device):
    n = len(bx)
    by_np = by.to('cpu').numpy()
    model, pre_fn = model_tup
    ref_model_tup = (ref_model_tup[0], lambda x: x)

    best_dist = np.full((n, ), np.inf, dtype=np.float32)
    best_adv = bx.cpu().numpy()
    best_adv_gs = np.zeros((n, 56, 56), dtype=np.float32)
    best_adv_conf = np.zeros((n,), dtype=np.float32)

    bx0 = bx.clone()
    bx = bx.clone().requires_grad_()

    bx1 = bx.cpu().detach().clone()


    unpert_gray = bx1.numpy().mean(axis = 1, keepdims=True)

    edges = np.empty_like(unpert_gray)

    for index, image in enumerate(unpert_gray):
      edges[index] = filters.sobel(image.squeeze(0))

    weights = torch.tensor(edges).to(device)



    for i in range(200):
        bx_p = pre_fn(bx)
        logit = model(bx_p)
        adv_loss = F.nll_loss(F.log_softmax(logit), by, reduction='sum')
        final_grad = autograd.grad([adv_loss], [bx])[0]

        bx.data = bx.data - 1. / 255 * torch.where(weights > 0.1, final_grad.sign(), torch.tensor(0.).to(device))
        r = bx.data - bx0
        r.clamp_(-0.031, 0.031)
        bx.data = bx0 + r
        del final_grad

    bx_adv_start = bx.detach().clone()
    bx = bx_adv_start.clone().requires_grad_()

    label_indices = np.arange(0, n, dtype=np.int64)

    for c, num_step in zip(cs, steps):
        for i in range(num_step):
            conf_base = 0.95 + i / num_step * 0.04
            conf = np.random.uniform(conf_base, 1, size=(n, )).astype(np.float32)
            conf_mat = ((1 - conf) / 9.).reshape((n, 1)).repeat(1000, 1)
            conf_mat[label_indices, by_np] = conf

            bx_p = pre_fn(bx)
            logit = model(bx_p)
            # print(F.log_softmax(logit))
            # print(len(F.log_softmax(logit)[0]))
            by_one = torch.tensor(conf_mat, device='cuda')
            adv_loss = (-by_one * F.log_softmax(logit)).sum()

            adv_gs = generate_gs_per_batches(ref_model_tup, bx_p, by, post_fn=imagenet_resize_postfn,
                                             keep_grad=True)

            if i % 2 == 0:
                with torch.no_grad():
                    prob = F.softmax(logit).gather(1, by.view(n, -1)).view(n)
                prob = prob.cpu().numpy()
                now_gs = generate_gs_per_batches(model_tup, bx, by, post_fn=imagenet_resize_postfn)
                print(now_gs.shape)
                diff = now_gs.detach() - bm
                now_dist = (diff * diff).view(n, -1).sum(1).cpu().numpy()
                mask = np.logical_and(prob > 0.8, now_dist < best_dist)
                indices_np = np.nonzero(mask)[0]
                indices = torch.tensor(indices_np, device=device)
                best_dist[indices_np] = now_dist[indices_np]
                best_adv[indices_np] = bx.detach()[indices].cpu().numpy()
                best_adv_gs[indices_np] = now_gs[indices].cpu().numpy()
                best_adv_conf[indices_np] = prob[indices_np]

            diff = adv_gs - bm
            int_loss = (diff * diff).view(n, -1).sum()
            loss = adv_loss + c * int_loss
            final_grad = autograd.grad([loss], [bx])[0]

            bx.data = bx.data - 1./255 * final_grad.sign()
            r = bx.data - bx0
            r.clamp_(-0.031, 0.031)
            bx.data = bx0 + r
            bx.data.clamp_(0, 1)

            if i % 2 == 0:
                succeed_indices = np.nonzero(best_dist < np.inf)[0]

                print('c', c, 'step', i,
                      'succeed:', len(succeed_indices), 'conf:', np.mean(best_adv_conf[succeed_indices]),
                      'dist', np.mean(best_dist[succeed_indices]))

            del final_grad, loss, int_loss
    return dict(best_dist=best_dist, best_adv=best_adv, best_adv_gs=best_adv_gs, best_adv_conf=best_adv_conf)


def analyze_batch(model_tup, bx, by, bm, result):
    n = len(bx)
    succeed = (result['best_dist'] < np.inf).astype(np.int64)
    diff = (bm - result['best_adv_gs']).reshape((n, -1))
    return dict(succeed=succeed, l2_dist=np.linalg.norm(diff, 2, axis=1),
                l1_dist=np.linalg.norm(diff, 1, axis=1))


def main(data_path, save_path, batch_size, device, steps, cs, begin, end):
    model_tup, ref_model_tup = load_model(device)
    dobj = np.load(data_path)
    img_x, img_y, img_m = dobj['img_x'], dobj['img_yt'], dobj['benign_gs']
    # print(img_m.shape)
    if begin != -1 and end != -1:
        beg, end = begin, end
        img_x, img_y, img_m = img_x[beg:end], img_y[beg:end], img_m[beg:end]
    n, batch_size = len(img_x), batch_size
    n_batches = (n + batch_size - 1) // batch_size
    results = []
    for i in range(n_batches):
        si = i * batch_size
        ei = min(n, si + batch_size)
        bx_np, by_np, bm_np = img_x[si:ei], img_y[si:ei], img_m[si:ei]
        bx, by, bm = [torch.tensor(arr, device=device) for arr in (bx_np, by_np, bm_np)]
        result = attack_batch(cs, steps, model_tup, ref_model_tup, bx, by, bm, device)
        result.update(analyze_batch(model_tup, bx_np, by_np, bm_np, result))
        results.append(result)

    keys = list(results[0].keys())
    save_dobj = {}
    for key in keys:
        save_dobj[key] = np.concatenate([i[key] for i in results], axis=0)
    save_dobj['img_x'] = img_x
    save_dobj['img_y'] = dobj['img_y']
    save_dobj['img_yt'] = img_y
    save_dobj['benign_gs'] = img_m
    np.savez(save_path, **save_dobj)


def start_attack():
    data_path = 'gs.npz'
    save_path = 'output_1.npz'
    batch_size = 10
    steps = [301, 201, 101, 101, 101]
    cs = [0.001, 0.004, 0.01, 0.05, 0.07]
    begin = -1
    end = -1
    device = 'cuda' if torch.cuda.is_available() else 'cpu'

    main(data_path, save_path, batch_size, device, steps, cs, begin, end)

In [22]:
start_attack()

  adv_loss = F.nll_loss(F.log_softmax(logit), by, reduction='sum')
  adv_loss = (-by_one * F.log_softmax(logit)).sum()
  loss = F.nll_loss(F.log_softmax(logit), by)
  prob = F.softmax(logit).gather(1, by.view(n, -1)).view(n)


torch.Size([10, 56, 56])
c 0.001 step 0 succeed: 9 conf: 0.9601243 dist 47.274277
torch.Size([10, 56, 56])
c 0.001 step 2 succeed: 9 conf: 0.9601243 dist 47.274277
torch.Size([10, 56, 56])
c 0.001 step 4 succeed: 9 conf: 0.9601243 dist 47.274277
torch.Size([10, 56, 56])
c 0.001 step 6 succeed: 9 conf: 0.9599608 dist 45.74157
torch.Size([10, 56, 56])
c 0.001 step 8 succeed: 9 conf: 0.9458065 dist 44.845535
torch.Size([10, 56, 56])
c 0.001 step 10 succeed: 9 conf: 0.94330627 dist 44.26962
torch.Size([10, 56, 56])
c 0.001 step 12 succeed: 9 conf: 0.94330627 dist 44.26962
torch.Size([10, 56, 56])
c 0.001 step 14 succeed: 9 conf: 0.94330627 dist 44.26962
torch.Size([10, 56, 56])
c 0.001 step 16 succeed: 9 conf: 0.94330627 dist 44.26962
torch.Size([10, 56, 56])
c 0.001 step 18 succeed: 9 conf: 0.94645286 dist 40.503376
torch.Size([10, 56, 56])
c 0.001 step 20 succeed: 9 conf: 0.94645286 dist 40.503376
torch.Size([10, 56, 56])
c 0.001 step 22 succeed: 9 conf: 0.94645286 dist 40.503376
torch.S

KeyboardInterrupt: ignored