In [207]:
# Load dependencies

import torch
import torch.nn as nn
import torch.nn.functional as F
import torch.backends.cudnn as cudnn
import torchvision
import torchvision.models as models
import torch.optim as optim 
import os
import torchvision.transforms as transforms
import torchvision.transforms.functional as TF
from tqdm import tqdm
from torch.utils.tensorboard import SummaryWriter
import torchattacks
from torchmetrics.functional.image import peak_signal_noise_ratio, structural_similarity_index_measure

In [208]:
# Setup CUDA Device

device = 'cuda' if torch.cuda.is_available() else 'cpu'
print(f'Device using: {device}')

Device using: cuda


In [209]:
model_name = "Mobilenetv3Small"
version = "v4"
training_name = "ARD"

height = 224
num_classes = 7
epochs = 50
lr = 0.00017
lr_factor = 0.1
lr_threshold = 6
weight_decay = 0.0002
batch_size = 32

# Attack hyperparameters 
epsilon = 8.0 / 255
alpha = 2.0 / 255
steps = 10

# Knowledge Distillation hyperparameters
temp = 20.0
alpha = 1.0

In [210]:
# Graph writer initialize for data visualization

writer = SummaryWriter("runs/trashbox/" + f'{training_name}--{model_name}.{version}')

In [211]:
preprocessing = transforms.Compose([
    transforms.RandomResizedCrop((height, height)),
    transforms.RandomHorizontalFlip(),
    transforms.ToTensor()
])
test_preprocessing = transforms.Compose([
    transforms.RandomResizedCrop((height, height)),
    transforms.ToTensor()
])

In [212]:
# Training and Validation dataset

print('===>> Preparing data...')
trash_train_dataset = torchvision.datasets.ImageFolder('dataset/trashbox/train', transform=preprocessing)
trash_train_loader = torch.utils.data.DataLoader(dataset=trash_train_dataset, shuffle=True, batch_size=batch_size)
trash_val_dataset = torchvision.datasets.ImageFolder('dataset/trashbox/val', transform=test_preprocessing)
trash_val_loader = torch.utils.data.DataLoader(dataset=trash_val_dataset, shuffle=True, batch_size=batch_size)

===>> Preparing data...


In [213]:
print('====>> Setting up teacher model...')

# Initialize architecture with modified output features
teacher_model = models.googlenet(weights=models.GoogLeNet_Weights.DEFAULT)
infeatures = teacher_model.fc.in_features
teacher_model.fc = nn.Linear(infeatures, num_classes, True)

# Load saved weights 
checkpoint = torch.load('./best_trained_models/best_AT--Googlenet.v1_epoch98.pth')

if 'module' in list(checkpoint['net'].keys())[0]:
    new_state_dict = {k.replace("module.", ""): v for k, v in checkpoint['net'].items()}
    teacher_model.load_state_dict(new_state_dict)
else:
    teacher_model.load_state_dict(checkpoint['net'])

teacher_model = teacher_model.to(device)

for param in teacher_model.parameters():
    param.requires_grad = False

teacher_model.eval()

====>> Setting up teacher model...


GoogLeNet(
  (conv1): BasicConv2d(
    (conv): Conv2d(3, 64, kernel_size=(7, 7), stride=(2, 2), padding=(3, 3), bias=False)
    (bn): BatchNorm2d(64, eps=0.001, momentum=0.1, affine=True, track_running_stats=True)
  )
  (maxpool1): MaxPool2d(kernel_size=3, stride=2, padding=0, dilation=1, ceil_mode=True)
  (conv2): BasicConv2d(
    (conv): Conv2d(64, 64, kernel_size=(1, 1), stride=(1, 1), bias=False)
    (bn): BatchNorm2d(64, eps=0.001, momentum=0.1, affine=True, track_running_stats=True)
  )
  (conv3): BasicConv2d(
    (conv): Conv2d(64, 192, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
    (bn): BatchNorm2d(192, eps=0.001, momentum=0.1, affine=True, track_running_stats=True)
  )
  (maxpool2): MaxPool2d(kernel_size=3, stride=2, padding=0, dilation=1, ceil_mode=True)
  (inception3a): Inception(
    (branch1): BasicConv2d(
      (conv): Conv2d(192, 64, kernel_size=(1, 1), stride=(1, 1), bias=False)
      (bn): BatchNorm2d(64, eps=0.001, momentum=0.1, affine=True, track

In [214]:
# Setup student model 

print('====>> Setting up student model...')
student_model = models.mobilenet_v3_small(weights=None)

# for param in student_model.parameters():
#     param.requires_grad = False

student_model.classifier = nn.Sequential(
    nn.Linear(in_features=576, out_features=1024, bias=True),
    nn.Hardswish(),
    nn.Dropout(p=0.2, inplace=True),
    nn.Linear(in_features=1024, out_features=num_classes, bias=True)
)

# # Load saved weights 
# checkpoint = torch.load('./best_trained_models/best_NORMAL--Mobilenetv3Small.v1_epoch40.pth')

# if 'module' in list(checkpoint['net'].keys())[0]:
#     new_state_dict = {k.replace("module.", ""): v for k, v in checkpoint['net'].items()}
#     student_model.load_state_dict(new_state_dict)
# else:
#     student_model.load_state_dict(checkpoint['net'])

student_model = student_model.to(device)

====>> Setting up student model...


In [215]:
# Initialize adversarial attack for generating adversarial samples

attack = torchattacks.TPGD(student_model, eps=epsilon, alpha=alpha, steps=steps)

In [216]:
# Setup Loss functions

XENT_loss = nn.CrossEntropyLoss()
KL_loss = nn.KLDivLoss()

In [217]:
# Train Loop

def train(epoch, optimizer):
    train_loss = 0
    correct = 0
    total = 0
    adv_correct = 0
    student_model.train()
    total_ssim = 0
    total_psnr = 0

    iterator = tqdm(trash_train_loader, ncols=0, leave=False)
    for i, (inputs, targets)in enumerate(iterator):
        inputs, targets = inputs.to(device),targets.to(device)

        optimizer.zero_grad()
        adv_image = attack(inputs, targets)

        # Soft labels
        teacher_output = teacher_model(inputs)
        student_output = student_model(inputs)
        adv_student_output = student_model(adv_image)
        
        # ARD loss function formula
        loss =  alpha* temp* temp*KL_loss(F.log_softmax(adv_student_output/ temp, dim=1),F.softmax(teacher_output/ temp, dim=1))+(1.0- alpha)*XENT_loss(student_output, targets)
        loss.backward()
        optimizer.step()

        # Measure loss
        train_loss += loss.item()
        iterator.set_description(str(loss.item()))      

        # Get total 
        total += targets.size(0)

        # SSIM and PSNR 
        total_psnr += peak_signal_noise_ratio(adv_image, inputs, reduction='sum')
        total_ssim += structural_similarity_index_measure(adv_image, inputs, reduction='sum')
        
        # Measure clean and adversarial accuracy 
        _, predicted = student_output.max(1)
        correct += predicted.eq(targets).sum().item()
        _, adv_predicted = adv_student_output.max(1)
        adv_correct += adv_predicted.eq(targets).sum().item()
    
    # SSIM and PSNR Average
    avg_ssim = total_ssim / total
    avg_psnr = total_psnr / total

    writer.add_scalar("Average SSIM: " + model_name, avg_ssim, epoch)
    writer.add_scalar("Average PSNR: " + model_name, avg_psnr, epoch)

    training_loss = train_loss  / total
    train_adv_accuracy = 100.0 * correct / total
    adv_train_adv_accuracy = 100.0 * adv_correct / total
    
    print('\nTotal adversarial train accuracy:', 100. * correct / total)
    print('Total adversarial train loss:', train_loss)
    
    # Write graph over epoch
    writer.add_scalar('Train loss: ' + model_name, training_loss, epoch)
    writer.add_scalar('Train accuracy: ' + model_name, train_adv_accuracy, epoch)
    writer.add_scalar('Adversarial Train accuracy: ' + model_name, adv_train_adv_accuracy, epoch)

    return training_loss

In [218]:
# Test function
best_loss = float(0)

def test(epoch, optimizer):
    global best_loss
    print('\n[ Test epoch: %d ]' % epoch)
    student_model.eval()
    benign_correct = 0
    adv_correct = 0
    total = 0
    with torch.no_grad():
        iterator = tqdm(trash_val_loader, ncols=0, leave=False)
        for i, (inputs, targets) in enumerate(iterator):
            inputs, targets = inputs.to(device), targets.to(device)
            
            total += targets.size(0)

            with torch.enable_grad():
                adv_images = attack(inputs, targets)
            
            # Output
            natural_outputs = student_model(inputs)
            adv_outputs = student_model(adv_images)

            # Prediction
            _, adv_predicted = adv_outputs.max(1)
            _, natural_predicted = natural_outputs.max(1)
            
            # Correct top 1
            benign_correct += natural_predicted.eq(targets).sum().item()
            adv_correct += adv_predicted.eq(targets).sum().item()

            iterator.set_description(str(adv_predicted.eq(targets).sum().item()/targets.size(0)))
    
    # Adversarial and Clean Accuracy 
    benign_val_accuracy = 100.0 * benign_correct / total
    adv_val_accuracy = 100.0 * adv_correct / total 
    
    # Logs
    print('\nTotal benign test accuarcy:', benign_val_accuracy)
    print('Total adversarial test Accuarcy:', adv_val_accuracy)
    
    # Graph
    writer.add_scalar("Natural test accuracy: " + model_name, benign_val_accuracy, epoch)
    writer.add_scalar("Adversarial test accuracy: " + model_name, adv_val_accuracy, epoch)
    
    # Save checkpoint
    state = {
        'epoch' : epoch,
        'net': student_model.state_dict(),
        'optim' : optimizer.state_dict()
    }
    if not os.path.isdir('checkpoint'):
        os.mkdir('checkpoint')
    torch.save(state, './checkpoint/' + f'{training_name}--{model_name}.{version}.pth')
    if benign_val_accuracy > best_loss:
        print(f'Model saved: f{benign_val_accuracy}')
        torch.save(state, './trained_model/' + f'best_{training_name}_{model_name}_{version}_epoch{epoch}.pth')
    print('Model Saved!')
    return benign_val_accuracy, adv_val_accuracy

In [219]:
def main():
    learning_rate = lr
    optimizer = optim.Adam(student_model.parameters(), lr=learning_rate, weight_decay=0.0002)
    model_path = f'./checkpoint/{training_name}--{model_name}.{version}.pth'
    scheduler = torch.optim.lr_scheduler.ReduceLROnPlateau(optimizer, mode='min', patience=lr_threshold, factor=lr_factor)
    if os.path.exists(model_path):
        # Load the saved model and optimizer state
        checkpoint = torch.load(model_path)
        student_model.load_state_dict(checkpoint['net'])
        optimizer.load_state_dict(checkpoint['optim'])
        start_epoch = checkpoint['epoch'] + 1
        print(f"=> Loaded checkpoint '{model_path}' (epoch {start_epoch})")
    else:
        start_epoch = 0
        print(f"=> No checkpoint found at '{model_path}'. Starting training from scratch.")


    for epoch in range(start_epoch, epochs):
        train_loss = train(epoch, optimizer)
        benign_val_accuracy , _ = test(epoch, optimizer)
        scheduler.step(metrics=train_loss, epoch=epoch)
        scheduler.print_lr(True, student_model.parameters(), learning_rate, epoch)

In [220]:
if __name__ == '__main__':
    main()

=> Loaded checkpoint './checkpoint/ARD--Mobilenetv3Small.v4.pth' (epoch 20)


                                                           


Total adversarial train accuracy: 49.394215281182156
Total adversarial train loss: 50.88530596345663

[ Test epoch: 20 ]





Total benign test accuarcy: 48.792813026389666
Total adversarial test Accuarcy: 43.7956204379562
Model saved: f48.792813026389666
Model Saved!
Epoch 00020: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.422228447370266
Total adversarial train loss: 50.42973965406418

[ Test epoch: 21 ]


                                                        


Total benign test accuarcy: 48.792813026389666
Total adversarial test Accuarcy: 42.84110050533408
Model saved: f48.792813026389666
Model Saved!
Epoch 00021: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.49226136284054
Total adversarial train loss: 50.88567318022251

[ Test epoch: 22 ]


                                                        


Total benign test accuarcy: 50.75800112296463
Total adversarial test Accuarcy: 46.097697922515444
Model saved: f50.75800112296463
Model Saved!
Epoch 00022: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.1981231178654
Total adversarial train loss: 48.61687543988228

[ Test epoch: 23 ]


                                                       


Total benign test accuarcy: 51.824817518248175
Total adversarial test Accuarcy: 46.659180235822575
Model saved: f51.824817518248175
Model Saved!
Epoch 00023: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.338188948805936
Total adversarial train loss: 48.80772749334574

[ Test epoch: 24 ]


                                                        


Total benign test accuarcy: 49.52274003368894
Total adversarial test Accuarcy: 45.816956765861875
Model saved: f49.52274003368894
Model Saved!
Epoch 00024: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.65333706842216
Total adversarial train loss: 48.79383820295334

[ Test epoch: 25 ]


                                                        


Total benign test accuarcy: 50.1965188096575
Total adversarial test Accuarcy: 45.53621560920831
Model saved: f50.1965188096575
Model Saved!
Epoch 00025: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 49.94047202185027
Total adversarial train loss: 47.83514057844877

[ Test epoch: 26 ]


                                                       


Total benign test accuarcy: 51.88096574957889
Total adversarial test Accuarcy: 43.402582818641214
Model saved: f51.88096574957889
Model Saved!
Epoch 00026: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.12255760207297
Total adversarial train loss: 47.8135888017714

[ Test epoch: 27 ]


                                                        


Total benign test accuarcy: 50.36496350364963
Total adversarial test Accuarcy: 45.14317798989332
Model saved: f50.36496350364963
Model Saved!
Epoch 00027: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.3606695146719
Total adversarial train loss: 47.33225882798433

[ Test epoch: 28 ]


                                                       


Total benign test accuarcy: 52.49859629421673
Total adversarial test Accuarcy: 46.322290847838296
Model saved: f52.49859629421673
Model Saved!
Epoch 00028: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.3606695146719
Total adversarial train loss: 46.64226488023996

[ Test epoch: 29 ]


                                                       


Total benign test accuarcy: 51.431779898933186
Total adversarial test Accuarcy: 44.69399213924761
Model saved: f51.431779898933186
Model Saved!
Epoch 00029: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.34666293157784
Total adversarial train loss: 47.79323721677065

[ Test epoch: 30 ]


                                                        


Total benign test accuarcy: 52.27400336889388
Total adversarial test Accuarcy: 46.15384615384615
Model saved: f52.27400336889388
Model Saved!
Epoch 00030: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.24308424959731
Total adversarial train loss: 45.52433146908879

[ Test epoch: 31 ]


                                                       


Total benign test accuarcy: 51.768669286917465
Total adversarial test Accuarcy: 45.53621560920831
Model saved: f51.768669286917465
Model Saved!
Epoch 00031: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.92093283843406
Total adversarial train loss: 46.183323096483946

[ Test epoch: 32 ]


                                                        


Total benign test accuarcy: 51.09489051094891
Total adversarial test Accuarcy: 43.121841661987645
Model saved: f51.09489051094891
Model Saved!
Epoch 00032: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.88591638069893
Total adversarial train loss: 45.83940253406763

[ Test epoch: 33 ]


                                                        


Total benign test accuarcy: 51.09489051094891
Total adversarial test Accuarcy: 46.15384615384615
Model saved: f51.09489051094891
Model Saved!
Epoch 00033: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 50.89992296379298
Total adversarial train loss: 45.23188029974699

[ Test epoch: 34 ]


                                                       


Total benign test accuarcy: 52.21785513756317
Total adversarial test Accuarcy: 45.70466030320045
Model saved: f52.21785513756317
Model Saved!
Epoch 00034: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.22907766650326
Total adversarial train loss: 43.733008697628975

[ Test epoch: 35 ]


                                                       


Total benign test accuarcy: 50.08422234699607
Total adversarial test Accuarcy: 45.08702975856261
Model saved: f50.08422234699607
Model Saved!
Epoch 00035: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.011975628545414
Total adversarial train loss: 44.76273651048541

[ Test epoch: 36 ]


                                                        


Total benign test accuarcy: 51.60022459292532
Total adversarial test Accuarcy: 43.458731049971924
Model saved: f51.60022459292532
Model Saved!
Epoch 00036: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.397156663631904
Total adversarial train loss: 44.397863924503326

[ Test epoch: 37 ]


                                                       


Total benign test accuarcy: 52.667040988208875
Total adversarial test Accuarcy: 48.28747894441325
Model saved: f52.667040988208875
Model Saved!
Epoch 00037: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.859373905735694
Total adversarial train loss: 43.585524167865515

[ Test epoch: 38 ]


                                                       


Total benign test accuarcy: 50.36496350364963
Total adversarial test Accuarcy: 45.70466030320045
Model saved: f50.36496350364963
Model Saved!
Epoch 00038: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.06947265214651
Total adversarial train loss: 43.90507337078452

[ Test epoch: 39 ]


                                                        


Total benign test accuarcy: 52.27400336889388
Total adversarial test Accuarcy: 47.50140370578327
Model saved: f52.27400336889388
Model Saved!
Epoch 00039: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.14650885916381
Total adversarial train loss: 43.73718673363328

[ Test epoch: 40 ]


                                                       


Total benign test accuarcy: 52.723189219539584
Total adversarial test Accuarcy: 47.332959011791125
Model saved: f52.723189219539584
Model Saved!
Epoch 00040: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.89439036347083
Total adversarial train loss: 43.971238762140274

[ Test epoch: 41 ]


                                                       


Total benign test accuarcy: 51.31948343627176
Total adversarial test Accuarcy: 46.54688377316115
Model saved: f51.31948343627176
Model Saved!
Epoch 00041: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.363610897121646
Total adversarial train loss: 42.64749775826931

[ Test epoch: 42 ]


                                                        


Total benign test accuarcy: 52.21785513756317
Total adversarial test Accuarcy: 47.78214486243683
Model saved: f52.21785513756317
Model Saved!
Epoch 00042: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.28657469010435
Total adversarial train loss: 43.335441552102566

[ Test epoch: 43 ]


                                                        


Total benign test accuarcy: 51.9371139809096
Total adversarial test Accuarcy: 46.88377316114543
Model saved: f51.9371139809096
Model Saved!
Epoch 00043: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.922403529658936
Total adversarial train loss: 42.46371237188578

[ Test epoch: 44 ]


                                                        


Total benign test accuarcy: 52.04941044357103
Total adversarial test Accuarcy: 46.771476698484
Model saved: f52.04941044357103
Model Saved!
Epoch 00044: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 51.60725541004272
Total adversarial train loss: 42.95815173536539

[ Test epoch: 45 ]


                                                       


Total benign test accuarcy: 51.03874227961819
Total adversarial test Accuarcy: 45.816956765861875
Model saved: f51.03874227961819
Model Saved!
Epoch 00045: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE3680> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.50367672806219
Total adversarial train loss: 42.94339594617486

[ Test epoch: 46 ]


                                                       


Total benign test accuarcy: 53.284671532846716
Total adversarial test Accuarcy: 48.11903425042111
Model saved: f53.284671532846716
Model Saved!
Epoch 00046: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.881854471601656
Total adversarial train loss: 42.0409861728549

[ Test epoch: 47 ]


                                                       


Total benign test accuarcy: 51.54407636159461
Total adversarial test Accuarcy: 48.231330713082535
Model saved: f51.54407636159461
Model Saved!
Epoch 00047: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.50367672806219
Total adversarial train loss: 41.88702003657818

[ Test epoch: 48 ]


                                                       


Total benign test accuarcy: 52.61089275687816
Total adversarial test Accuarcy: 46.322290847838296
Model saved: f52.61089275687816
Model Saved!
Epoch 00048: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


                                                           


Total adversarial train accuracy: 52.804818264584355
Total adversarial train loss: 41.2615753673017

[ Test epoch: 49 ]


                                                        


Total benign test accuarcy: 54.40763615946098
Total adversarial test Accuarcy: 48.231330713082535
Model saved: f54.40763615946098
Model Saved!
Epoch 00049: adjusting learning rate of group <generator object Module.parameters at 0x000002A18BAE0F20> to 1.7000e-04.


