In [1]:
import numpy as np
import pandas as pd

from sklearn.metrics import accuracy_score, precision_recall_fscore_support, roc_auc_score, confusion_matrix
from sklearn.preprocessing import label_binarize

import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F
from torch.utils.data import DataLoader, TensorDataset


import time

In [2]:
head = {
            "model" : '',
            "attack_model": '',
            'epsilon': '',
            'Accuracy': '',
            'Macro Precision': '',
            'Weighted Precision': '',
            'Macro Recall': '',
            'Weighted Recall': '',
            'Macro F1': '',
            'Weighted F1': '',

        }
head = pd.DataFrame([head])
head.to_csv("./Free_Adversarial_Training.csv", mode='a', index=False)


In [3]:
def calculate_performance_metrics(X_test, y_test, model, model_name, attack_name, eps):
    model.eval()
    device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
    model.to(device)
    
    all_preds = []
    all_labels = []
    probabilities = []

    num_classes = len(np.unique(y_test))
    
    X_test_tensor = torch.tensor(X_test, dtype=torch.float32)
    y_test_tensor = torch.tensor(y_test, dtype=torch.long)
    test_dataset = TensorDataset(X_test_tensor, y_test_tensor)
    test_loader = DataLoader(dataset=test_dataset)

    with torch.no_grad():
        
        for inputs, labels in test_loader:
            inputs, labels = inputs.to(device), labels.to(device)
            outputs = model(inputs)
            preds = torch.argmax(outputs, dim=1)
            all_preds.extend(preds.cpu().numpy())
            all_labels.extend(labels.cpu().numpy())
            probabilities.extend(torch.nn.functional.softmax(outputs, dim=1).cpu().numpy())
        
        all_preds = np.array(all_preds)
        all_labels = np.array(all_labels)
        probabilities = np.array(probabilities)
        
        accuracy = accuracy_score(all_labels, all_preds)

        precision_macro, recall_macro, f1_macro, _ = precision_recall_fscore_support(all_labels, all_preds, average='macro')
        precision_weighted, recall_weighted, f1_weighted, _ = precision_recall_fscore_support(all_labels, all_preds, average='weighted')
    

        print(f"Accuracy: {accuracy}")
        
        print("\nmacro")
        print(f"Precision: {precision_macro}\nRecall: {recall_macro}\nF1 Score: {f1_macro}")
    
        print("\nweighted")
        print(f"Precision: {precision_weighted}\nRecall: {recall_weighted}\nF1 Score: {f1_weighted}")
        print()
        

        new_row = {
            "model" : model_name,
            "attack_model" : attack_name,
            'epsilon': eps,
            'Accuracy': accuracy,
            'Macro Precision': precision_macro,
            'Weighted Precision': precision_weighted,
            'Macro Recall': recall_macro,
            'Weighted Recall': recall_weighted,
            'Macro F1': f1_macro,
            'Weighted F1': f1_weighted,

        }
        new_row_df = pd.DataFrame([new_row])
        new_row_df.to_csv("./Free_Adversarial_Training.csv", mode='a', index=False, header=False)



In [4]:
# def calculate_performance_metrics(X_test, y_test, model, model_name, attack_name, eps):
#     model.eval()
#     device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
#     model.to(device)
    
#     all_preds = []
#     all_labels = []
#     probabilities = []

#     num_classes = len(np.unique(y_test))
    
#     X_test_tensor = torch.tensor(X_test, dtype=torch.float32)
#     y_test_tensor = torch.tensor(y_test, dtype=torch.long)
#     test_dataset = TensorDataset(X_test_tensor, y_test_tensor)
#     test_loader = DataLoader(dataset=test_dataset)

#     with torch.no_grad():
        
#         for inputs, labels in test_loader:
#             inputs, labels = inputs.to(device), labels.to(device)
#             outputs = model(inputs)
#             preds = torch.argmax(outputs, dim=1)
#             all_preds.extend(preds.cpu().numpy())
#             all_labels.extend(labels.cpu().numpy())
#             probabilities.extend(torch.nn.functional.softmax(outputs, dim=1).cpu().numpy())
        
#         all_preds = np.array(all_preds)
#         all_labels = np.array(all_labels)
#         probabilities = np.array(probabilities)

#         np.save(f"/home/jovyan/Sample_Based_Extension/UNSW/UNSW_Defense_Label/UNSW_Def4/y_pred_{attack_name}{eps}_Def4.npy", all_preds)

        

In [5]:
x_test = np.load('/home/jovyan/Sample_Based_Extension/UNSW/x_test.npy')
x_train = np.load('/home/jovyan/Sample_Based_Extension/UNSW/x_train.npy')
x_val = np.load('/home/jovyan/Sample_Based_Extension/UNSW/x_val.npy')
y_test = np.load('/home/jovyan/Sample_Based_Extension/UNSW/y_test.npy')
y_train = np.load('/home/jovyan/Sample_Based_Extension/UNSW/y_train.npy')
y_val = np.load('/home/jovyan/Sample_Based_Extension/UNSW/y_val.npy')

In [6]:
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
print(f"Using {device} device")

Using cuda device


In [7]:
input_shape = x_train.shape[1]
output_shape = len(np.unique(y_train))

In [8]:
x_train_tensor = torch.tensor(x_train, dtype=torch.float32).to(device)
y_train_tensor = torch.tensor(y_train, dtype=torch.long).to(device)

x_val_tensor = torch.tensor(x_val, dtype=torch.float32).to(device)
y_val_tensor = torch.tensor(y_val, dtype=torch.long).to(device)

train_dataset = TensorDataset(x_train_tensor, y_train_tensor)
train_loader = DataLoader(train_dataset, batch_size=100, shuffle=True)

val_dataset = TensorDataset(x_val_tensor, y_val_tensor)
val_loader = DataLoader(val_dataset, batch_size=100, shuffle=True)

In [9]:
import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F

class DNNModel(nn.Module):
    def __init__(self, input_size, output_size):
        super(DNNModel, self).__init__()
        self.fc1 = nn.Linear(input_size, 50)
        self.fc2 = nn.Linear(50, 30)
        self.fc3 = nn.Linear(30, 20)
        self.fc4 = nn.Linear(20, output_size)

    def forward(self, x):
        x = F.relu(self.fc1(x))
        x = F.relu(self.fc2(x))
        x = F.relu(self.fc3(x))
        x = self.fc4(x)
        return x


In [10]:
def fgsm(grad, epsilon):
    sign_grad = grad.sign()
    return epsilon * sign_grad
    

In [11]:
# Initialize model, optimizer, and loss function
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
model = DNNModel(input_size=input_shape, output_size=output_shape).to(device)
optimizer = optim.Adam(model.parameters(), lr=0.001)
loss_function = nn.CrossEntropyLoss()

# Early stopping variables
min_delta = 0.001
patience = 5
patience_counter = 0
best_loss = float('inf')

# Adversarial training parameters
epsilon = 0.03  # Step size for FGSM
clip_eps = 0.1  # Maximum perturbation
n_repeats = 4   # Number of iterations to update noise

global_noise_data = torch.zeros(train_loader.batch_size, input_shape).to(device)


In [12]:
from torch.autograd import Variable


for epoch in range(10):
    model.train()
    train_loss = 0.0
    for inputs, labels in train_loader:
        inputs, labels = inputs.to(device), labels.to(device)
        for j in range(n_repeats):
            noise_batch = Variable(global_noise_data[0:inputs.size(0)], requires_grad=True).to(device)
            inputs_adv = inputs + noise_batch
            inputs_adv.clamp_(0, 1.0)
            optimizer.zero_grad()
            outputs = model(inputs_adv)
            loss = loss_function(outputs, labels)
            loss.backward()
            pert = fgsm(noise_batch.grad, epsilon)
            global_noise_data[0:inputs.size(0)] += pert.data
            global_noise_data.clamp_(-clip_eps, clip_eps)
            optimizer.step()
            train_loss += loss.item()

    avg_train_loss = train_loss / len(train_loader)

    model.eval()
    val_train_loss = 0.0
    correct_predictions = 0
    with torch.no_grad():
        for inputs, labels in val_loader:
            inputs, labels = inputs.to(device), labels.to(device)
            outputs = model(inputs)
            loss = loss_function(outputs, labels)
            val_train_loss += loss.item()
            _, predicted = torch.max(outputs.data, 1)
            correct_predictions += (predicted == labels).sum().item()

    avg_val_loss = val_train_loss / len(val_loader)
    val_accuracy = correct_predictions / len(val_dataset)

    print(f"Epoch {epoch+1}, Training Loss: {avg_train_loss:.4f}, Validation Loss: {avg_val_loss:.4f}, Validation Accuracy: {val_accuracy:.4f}")

    # Early stopping check using min_delta
    if best_loss - avg_val_loss > min_delta:
        best_loss = avg_val_loss
        patience_counter = 0
    else:
        patience_counter += 1

    if patience_counter >= patience:
        print("Early stopping triggered")
        break

Epoch 1, Training Loss: 0.9255, Validation Loss: 0.5147, Validation Accuracy: 0.8562
Epoch 2, Training Loss: 0.7941, Validation Loss: 0.4632, Validation Accuracy: 0.8691
Epoch 3, Training Loss: 0.7727, Validation Loss: 0.6610, Validation Accuracy: 0.8498
Epoch 4, Training Loss: 0.7637, Validation Loss: 0.5359, Validation Accuracy: 0.8768
Epoch 5, Training Loss: 0.7555, Validation Loss: 0.7353, Validation Accuracy: 0.8566
Epoch 6, Training Loss: 0.7513, Validation Loss: 0.9039, Validation Accuracy: 0.8328
Epoch 7, Training Loss: 0.7502, Validation Loss: 1.4222, Validation Accuracy: 0.7573
Early stopping triggered


In [12]:

model.load_state_dict(torch.load("/home/jovyan/Sample_Based_Extension/UNSW/UNSW_Defense/Free_Adversarial_Training/Free_Adversarial_Training.pt"))

  model.load_state_dict(torch.load("/home/jovyan/Sample_Based_Extension/UNSW/UNSW_Defense/Free_Adversarial_Training/Free_Adversarial_Training.pt"))


<All keys matched successfully>

In [13]:
# calculate_performance_metrics(x_test, y_test, model, 'DNN', 'baseline', '0')

In [14]:
epsilon = 0
Def = "Def4"
attack_names = [
    "baseline", "BIM", "FGSM", "PGD", "DF",
    "AutoPGD", "ZOO", "CaFA", "SINIFGSM", "VNIFGSM"
]

percentage = ["100", "50", "20", "1"]
model_name = ["XGB", "RF", "DT" ]

base_path = "/home/jovyan/Sample_Based_Extension/UNSW/UNSW_Dynamite_Selection_Data"

for m_name in model_name:
    for p in percentage:
        for attack in attack_names:
            print(f"start {m_name} {p} {attack}")
            
            x_path = f"{base_path}/{m_name}/UNSW_Input{p}/x_test_adv_{attack}_{Def}.npy"
            y_path = f"{base_path}/{m_name}/UNSW_Input{p}/y_test_adv_{attack}_{Def}.npy"

            try:
                x_test_adv = np.load(x_path)
                y_test_adv = np.load(y_path)
                print(x_test_adv.shape, y_test_adv.shape)

                m_per_name = f"{m_name}{p}"
                calculate_performance_metrics(x_test_adv, y_test_adv, model, m_per_name, attack, epsilon)
            except FileNotFoundError:
                print(x_path, "not found")

                new_row = {
                    "model" : "0",
                    "attack_model" : "0",
                    'epsilon': "0",
                    'Accuracy': "0",
                    'Macro Precision': "0",
                    'Weighted Precision': "0",
                    'Macro Recall': "0",
                    'Weighted Recall': "0",
                    'Macro F1': "0",
                    'Weighted F1': "0",
                }
                new_row_df = pd.DataFrame([new_row])
                new_row_df.to_csv("./Free_Adversarial_Training.csv", mode='a', index=False, header=False)


start XGB 100 baseline
(856, 56) (856,)
Accuracy: 0.6869158878504673

macro
Precision: 0.42488038277511964
Recall: 0.49178591048211995
F1 Score: 0.4177639259717978

weighted
Precision: 0.5366308187631356
Recall: 0.6869158878504673
F1 Score: 0.5787001506002806

start XGB 100 BIM
(1223, 56) (1223,)
Accuracy: 0.9133278822567457

macro
Precision: 0.5209106688664329
Recall: 0.6674580236718965
F1 Score: 0.5203566671599822

weighted
Precision: 0.9844655839944969
Recall: 0.9133278822567457
F1 Score: 0.9459867366279311

start XGB 100 FGSM
(1225, 56) (1225,)
Accuracy: 0.9355102040816327

macro
Precision: 0.4965337954939341
Recall: 0.47082990961380444
F1 Score: 0.48334036271615355

weighted
Precision: 0.9865822516181516
Recall: 0.9355102040816327
F1 Score: 0.960367708449892

start XGB 100 PGD
(1223, 56) (1223,)
Accuracy: 0.9133278822567457

macro
Precision: 0.5209106688664329
Recall: 0.6674580236718965
F1 Score: 0.5203566671599822

weighted
Precision: 0.9844655839944969
Recall: 0.9133278822567457

  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9480840543881335

macro
Precision: 0.5
Recall: 0.47404202719406674
F1 Score: 0.4866751269035533

weighted
Precision: 1.0
Recall: 0.9480840543881335
F1 Score: 0.9733502538071066

start RF 50 FGSM
(778, 56) (778,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9832904884318766

macro
Precision: 0.5
Recall: 0.4916452442159383
F1 Score: 0.4957874270900843

weighted
Precision: 1.0
Recall: 0.9832904884318766
F1 Score: 0.9915748541801684

start RF 50 PGD
(809, 56) (809,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9480840543881335

macro
Precision: 0.5
Recall: 0.47404202719406674
F1 Score: 0.4866751269035533

weighted
Precision: 1.0
Recall: 0.9480840543881335
F1 Score: 0.9733502538071066

start RF 50 DF
(294, 56) (294,)
Accuracy: 0.9115646258503401

macro
Precision: 0.6176470588235294
Recall: 0.9545454545454546
F1 Score: 0.6666666666666666

weighted
Precision: 0.9791916766706682
Recall: 0.9115646258503401
F1 Score: 0.9368318756073857

start RF 50 AutoPGD
(3002, 56) (3002,)
Accuracy: 0.9830113257828115

macro
Precision: 0.6816638370118845
Recall: 0.7855978871656553
F1 Score: 0.7214924607484133

weighted
Precision: 0.9873938031125825
Recall: 0.9830113257828115
F1 Score: 0.9848992240866006

start RF 50 ZOO
(3232, 56) (3232,)
Accuracy: 0.9040841584158416

macro
Precision: 0.739586728374943
Recall: 0.5475971562139833
F1 Score: 0.5623060362904353

weighted
Precision: 0.8766327259314811
Recall: 0.9040841584158416
F1 Score: 0.8729699036005034

start RF 50 CaFA
(1040, 56) (1040,)
Accuracy: 0.

  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9764309764309764

macro
Precision: 0.5
Recall: 0.4882154882154882
F1 Score: 0.4940374787052811

weighted
Precision: 1.0
Recall: 0.9764309764309764
F1 Score: 0.9880749574105623

start RF 50 VNIFGSM
(690, 56) (690,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9797101449275363

macro
Precision: 0.5
Recall: 0.48985507246376814
F1 Score: 0.49487554904831627

weighted
Precision: 1.0
Recall: 0.9797101449275363
F1 Score: 0.9897510980966326

start RF 20 baseline
(942, 56) (942,)
Accuracy: 0.7611464968152867

macro
Precision: 0.6444386620617875
Recall: 0.5188671083205616
F1 Score: 0.4793854316347961

weighted
Precision: 0.7082632591926074
Recall: 0.7611464968152867
F1 Score: 0.6786104272169612

start RF 20 BIM
(564, 56) (564,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.8581560283687943

macro
Precision: 0.5
Recall: 0.42907801418439717
F1 Score: 0.4618320610687023

weighted
Precision: 1.0
Recall: 0.8581560283687943
F1 Score: 0.9236641221374046

start RF 20 FGSM
(445, 56) (445,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9887640449438202

macro
Precision: 0.5
Recall: 0.4943820224719101
F1 Score: 0.4971751412429379

weighted
Precision: 1.0
Recall: 0.9887640449438202
F1 Score: 0.9943502824858758

start RF 20 PGD
(564, 56) (564,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.8581560283687943

macro
Precision: 0.5
Recall: 0.42907801418439717
F1 Score: 0.4618320610687023

weighted
Precision: 1.0
Recall: 0.8581560283687943
F1 Score: 0.9236641221374046

start RF 20 DF
(292, 56) (292,)
Accuracy: 0.8904109589041096

macro
Precision: 0.5555555555555556
Recall: 0.9444444444444444
F1 Score: 0.5705882352941176

weighted
Precision: 0.9878234398782344
Recall: 0.8904109589041096
F1 Score: 0.9310233682514102

start RF 20 AutoPGD
(2364, 56) (2364,)
Accuracy: 0.9589678510998308

macro
Precision: 0.5471820578367151
Recall: 0.6497646555412923
F1 Score: 0.5677471041197373

weighted
Precision: 0.9819284849106625
Recall: 0.9589678510998308
F1 Score: 0.9695789963047154

start RF 20 ZOO
(2614, 56) (2614,)
Accuracy: 0.8320581484315226

macro
Precision: 0.6260525189096617
Recall: 0.5226996013274094
F1 Score: 0.5084098177012494

weighted
Precision: 0.7721322562015533
Recall: 0.8320581484315226
F1 Score: 0.7769723175057194

start RF 20 CaFA
(881, 56) (881,)
Accuracy: 0.8

  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9713024282560706

macro
Precision: 0.5
Recall: 0.4856512141280353
F1 Score: 0.49272116461366183

weighted
Precision: 1.0
Recall: 0.9713024282560706
F1 Score: 0.9854423292273236

start RF 20 VNIFGSM
(443, 56) (443,)


  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.9841986455981941

macro
Precision: 0.5
Recall: 0.49209932279909707
F1 Score: 0.4960182025028441

weighted
Precision: 1.0
Recall: 0.9841986455981941
F1 Score: 0.9920364050056883

start RF 1 baseline
(670, 56) (670,)
Accuracy: 0.5791044776119403

macro
Precision: 0.6536195286195285
Recall: 0.5619196428571429
F1 Score: 0.4945749871597329

weighted
Precision: 0.6493039851248805
Recall: 0.5791044776119403
F1 Score: 0.5038300408588797

start RF 1 BIM
(39, 56) (39,)
Accuracy: 0.8461538461538461

macro
Precision: 0.5
Recall: 0.4230769230769231
F1 Score: 0.4583333333333333

weighted
Precision: 1.0
Recall: 0.8461538461538461
F1 Score: 0.9166666666666666

start RF 1 FGSM
(14, 56) (14,)
Accuracy: 1.0

macro
Precision: 1.0
Recall: 1.0
F1 Score: 1.0

weighted
Precision: 1.0
Recall: 1.0
F1 Score: 1.0

start RF 1 PGD
(39, 56) (39,)
Accuracy: 0.8461538461538461

macro
Precision: 0.5
Recall: 0.4230769230769231
F1 Score: 0.4583333333333333

weighted
Precision: 1.0
Recall: 0.8461538461538461
F

  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))
  _warn_prf(average, modifier, f"{metric.capitalize()} is", len(result))


Accuracy: 0.8483935742971888

macro
Precision: 0.45187165775401067
Recall: 0.4663355408388521
F1 Score: 0.45898967952199893

weighted
Precision: 0.8220797629018748
Recall: 0.8483935742971888
F1 Score: 0.8350294169617088

start RF 1 ZOO
(1699, 56) (1699,)
Accuracy: 0.6097704532077692

macro
Precision: 0.6690176750509857
Recall: 0.5791275471318855
F1 Score: 0.5316202106891369

weighted
Precision: 0.6621062935809404
Recall: 0.6097704532077692
F1 Score: 0.5479484313882748

start RF 1 CaFA
(536, 56) (536,)
Accuracy: 0.4216417910447761

macro
Precision: 0.4608353339397283
Recall: 0.45912380359505095
F1 Score: 0.42098880727039567

weighted
Precision: 0.5102532793290159
Recall: 0.4216417910447761
F1 Score: 0.42730098375607295

start RF 1 SINIFGSM
(7, 56) (7,)
Accuracy: 1.0

macro
Precision: 1.0
Recall: 1.0
F1 Score: 1.0

weighted
Precision: 1.0
Recall: 1.0
F1 Score: 1.0

start RF 1 VNIFGSM
(13, 56) (13,)
Accuracy: 1.0

macro
Precision: 1.0
Recall: 1.0
F1 Score: 1.0

weighted
Precision: 1.0
Rec

In [15]:

# torch.save(model.state_dict(), "./Free_Adversarial_Training.pt")

In [17]:
# import time

# epsilon_values = [0.01, 0.1, 0.2, 0.3]

# start_time = time.time()

# for epsilon in epsilon_values:
#     filename = f'/home/jovyan/Sample_Based_Extension/UNSW/transfer_attack/x_test_adv_BIM_eps_{epsilon}.npy'
#     x_test_adv = np.load(filename)

#     calculate_performance_metrics(x_test_adv, y_test, model, 'DNN', 'BIM', epsilon)

# end_time = time.time()
# result = end_time - start_time
# print(f"Execution Time: {result:.6f} seconds")