In [1]:
import os

import torch
import argparse

from util.data_parser import parse_data
from util.model_utils import test_model, model_load
from util.utility import find_gpu, Logger

import torch.nn.functional as F




In [2]:
# 使用argparse处理命令行参数
parser = argparse.ArgumentParser(description='PyTorch CIFAR10 Training')
# dataset，默认值为'cifar10'
parser.add_argument('--dataset', type = str, default = 'cifar10', help = 'The dataset used, default = "cifar10".')
# batch_size，用于指定批量大小
parser.add_argument('--batch_size', type = int, default = 128, help = 'The batch size, default is 128.')
# model_type，用于指定模型类型
parser.add_argument('--model_type', type = str, default = 'resnet18', help = 'The type of the model, default is "resnet18".')
args = parser.parse_args()

usage: ipykernel_launcher.py [-h] [--dataset DATASET]
                             [--batch_size BATCH_SIZE]
                             [--model_type MODEL_TYPE]
ipykernel_launcher.py: error: unrecognized arguments: --f=/home/linfeng/.local/share/jupyter/runtime/kernel-v2-10158658WxOFeWPoqfr.json


SystemExit: 2

  warn("To exit: use 'exit', 'quit', or Ctrl-D.", stacklevel=1)


In [None]:
# 设备选择
device = torch.device(f"cuda:{find_gpu()}" if torch.cuda.is_available() and find_gpu() is not None else "cpu")
print(f"Using {device}.")

device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

In [None]:
# 初始化日志和保存目录
save_folder = f'./checkpoint1/{args.dataset}/{args.model_type}/'
os.makedirs(save_folder, exist_ok=True)
log_path = os.path.join(save_folder, 'logger.log')
logger = Logger(log_path=log_path)

NameError: name 'args' is not defined

In [None]:
# 假设你的数据加载函数可以这样调用（确保使用与训练时相同的参数）
_, _, testloader, _ = parse_data(name=args.dataset, batch_size=args.batch_size, valid_ratio=None)

Files already downloaded and verified
Files already downloaded and verified
Files already downloaded and verified
50000 instances are picked from the training set


In [None]:
model = model_load(dataset=args.dataset, model_type=args.model_type, model_path='./checkpoint', normalize=None)
model = model.to(device)
model.eval()  # 设置为评估模式

Sequential(
  (0): DataNormalizeLayer()
  (1): ResNet(
    (conv1): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
    (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
    (layer1): Sequential(
      (0): BasicBlock(
        (conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (shortcut): Sequential()
      )
      (1): BasicBlock(
        (conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1)

In [None]:
import torch
import logging

def fgsm_attack(model, image, label, epsilon):
    # 设置损失函数
    criterion = torch.nn.CrossEntropyLoss()

    # 激活图像的梯度属性
    image.requires_grad = True

    # 正向传播和损失计算
    output = model(image)
    model.zero_grad()
    loss = criterion(output, label)
    loss.backward()

    # 生成扰动图像
    image_grad = image.grad.data
    perturbed_image = image + epsilon * image_grad.sign()
    perturbed_image = torch.clamp(perturbed_image, 0, 1)  # 保持数据在正常范围内

    # 日志记录
    logging.info(f'FGSM Attack - Loss: {loss.item()}')

    return perturbed_image


def pgd_attack(model, images, labels, eps, alpha, iters=40):
    # 定义损失函数
    criterion = torch.nn.CrossEntropyLoss()

    original_images = images.data.clone()

    for i in range(iters):
        images.requires_grad = True
        outputs = model(images)
        model.zero_grad()
        cost = criterion(outputs, labels)
        cost.backward()

        # 更新扰动图像
        images = images + alpha * images.grad.sign()
        # 保持扰动大小在 eps 范围内
        eta = torch.clamp(images - original_images, min=-eps, max=eps)
        images = torch.clamp(original_images + eta, 0, 1).detach_()

        # 日志记录
        logging.info(f'PGD Attack - Iteration {i+1}/{iters}, Loss: {cost.item()}')

    return images



In [None]:
correct = 0
total = 0
epsilon = 0.03  # FGSM 的扰动大小

for images, labels in testloader:
    images, labels = images.to(device), labels.to(device)
    images.requires_grad = True
    
    criterion = torch.nn.CrossEntropyLoss()

    # FGSM 攻击
    outputs = model(images)
    loss = criterion(outputs, labels)
    model.zero_grad()
    loss.backward()
    perturbed_data = fgsm_attack(images, epsilon, images.grad)

    # PGD 攻击
    # perturbed_data = pgd_attack(model, images, labels, eps=0.03, alpha=0.01, iters=40)

    outputs = model(perturbed_data)
    _, predicted = torch.max(outputs.data, 1)
    total += labels.size(0)
    correct += (predicted == labels).sum().item()

print('Accuracy of the attacked network on the 10000 test images: %d %%' % (100 * correct / total))


Accuracy of the attacked network on the 10000 test images: 13 %
