In [1]:
# !ls adversarial-robustness-toolbox/
import os
os.chdir('/home/surthi/adversarial-robustness-toolbox/')

In [2]:
from __future__ import absolute_import, division, print_function, unicode_literals

import logging
import tensorflow as tf
import keras.backend as k
from keras.models import Sequential
from keras.layers import Dense, Flatten, Conv2D, MaxPooling2D, Activation, Dropout, BatchNormalization
from keras.regularizers import l2
import numpy as np
from art.attacks import DeepFool
from art.classifiers import KerasClassifier
from art.utils import load_dataset
from art.data_generators import KerasDataGenerator
from art.defences import AdversarialTrainer


Using TensorFlow backend.


In [3]:
#https://keras.io/examples/cifar10_resnet/
def evaluate(clf, x_train, y_train, x_test, y_test):
    # train acc
    train_preds = np.argmax(clf.predict(x_train), axis=1)
    train_acc = np.sum(train_preds == np.argmax(y_train, axis=1)) / y_train.shape[0]
    # test acc
    test_preds = np.argmax(clf.predict(x_test), axis=1)
    test_acc = np.sum(test_preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
    print("\nTraining and Test accuracies: %.2f %.2f%%" % (train_acc*100, test_acc*100))
    return train_acc, test_acc

def plot_curves(model, title='model accuracy and loss'):
    import matplotlib.pyplot as plt
    plt.plot(model.history.history['acc'])
    plt.plot(model.history.history['loss'])
    plt.title(title)
    plt.xlabel('Epoch')
    plt.legend(['Accuracy', 'Loss'], loc='upper left')
    return plt

def save_clf(c, folder, clf_filename, model_filename):
    cwd = os.getcwd()
    os.chdir(folder)
    import pickle
    with open(clf_filename, "wb") as f:
        pickle.dump(c.__getstate__, f)
    c._model.save(model_filename)
    os.chdir(cwd)

DUMP_FOLDER = '/home/surthi/models/'
def pickle_dump(data, filename, folder=DUMP_FOLDER):
    cwd = os.getcwd()
    os.chdir(folder)
    import pickle
    with open(filename, "wb") as f:
        pickle.dump(data, f)
    os.chdir(cwd)

def pickle_load(filename):
    import pickle
    with open(filename, "rb") as f:
        data = pickle.load(f)
    return data

def load_clf(folder, clf_filename, model_filename):
    cwd = os.getcwd()
    os.chdir(folder)
    import pickle
    with open(clf_filename, "rb") as f:
        clf_state = pickle.load(f)
    model = tf.keras.models.load_model(model_filename)
    os.chdir(cwd)
    clf = KerasClassifier(model=model)
    clf.__setstate__(clf_state())
    return clf, model

In [4]:
# x_train, y_train,\
# x_test, y_test,\
# x_train_fgsm_adv, x_test_fgsm_adv, \
# x_train_bim_adv, x_test_bim_adv,\
# x_train_deepfool_adv, x_test_deepfool_adv, \
# x_train_deepfool_adv_5to10, x_test_deepfool_adv_5to10, \
# x_train_cl2_adv, x_test_cl2_adv, \
# x_train_cl2_adv_5to10,x_test_cl2_adv_5to10, \
#  = pickle_load('/home/surthi/models/cifar10/vanilla_clf_adv_data.pkl')

# pickle_dump((x_train, y_train, x_test, y_test), 'vanilla_clf_train_test_data.pkl')
# pickle_dump((x_train_bim_adv, x_test_bim_adv), 'vanilla_clf_bim_xtrain_xtest.pkl')

# Load Data and Models

In [4]:
(g_x_train, g_y_train, g_x_test, g_y_test) = pickle_load('/home/surthi/models/vanilla_clf_train_test_data.pkl')
(g_x_train_bim_adv, g_x_test_bim_adv) = pickle_load('/home/surthi/models/vanilla_clf_bim_xtrain_xtest.pkl')

In [6]:
cnn_clf_bn, cnn_model_bn = load_clf('/home/surthi/models/cifar10/', 'vanilla_clf_with_bn.h5', 'vanilla_clf_with_bn_model.h5')
evaluate(cnn_clf_bn, g_x_train, g_y_train, g_x_test, g_y_test)
evaluate(cnn_clf_bn, g_x_train_bim_adv, g_y_train, g_x_test_bim_adv, g_y_test)

cnn_clf, cnn_model = load_clf('/home/surthi/models/cifar10/', 'vanilla_clf.h5', 'vanilla_clf_model.h5')
evaluate(cnn_clf, g_x_train, g_y_train, g_x_test, g_y_test)
evaluate(cnn_clf, g_x_train_bim_adv, g_y_train, g_x_test_bim_adv, g_y_test)

Instructions for updating:
Colocations handled automatically by placer.
Instructions for updating:
Please use `rate` instead of `keep_prob`. Rate should be set to `rate = 1 - keep_prob`.
Instructions for updating:
Use tf.cast instead.
Instructions for updating:

Future major versions of TensorFlow will allow gradients to flow
into the labels input on backprop by default.

See `tf.nn.softmax_cross_entropy_with_logits_v2`.


Training and Test accuracies: 98.15 82.28%

Training and Test accuracies: 2.99 5.60%

Training and Test accuracies: 97.93 81.64%

Training and Test accuracies: 0.42 4.39%


(0.00416, 0.0439)

# Adversarial Training with 1 epoch of clean data and 1 epoch of BIM adversarial data

### Runs 10 epochs of adversarial training with 5 epochs on clean data and 5 epochs on bim-adv-data

In [8]:
def adv_training_1(clf, x_train, y_train, x_train_adv, x_test_adv, x_test, y_test, epochs=5, batch_size=128):
    print("Before training:")
    evaluate(clf, x_train, y_train, x_test, y_test)    
    evaluate(clf, x_train_adv, y_train, x_test_adv, y_test)
    
    for i in range(epochs):
        clf.fit(x_train_adv, y_train, nb_epochs=1, batch_size=128)
        clf.fit(x_train, y_train, nb_epochs=1, batch_size=128)
    
    print("After training:")
    evaluate(clf, x_train, y_train, x_test, y_test)    
    evaluate(clf, x_train_adv, y_train, x_test_adv, y_test)
    return clf

In [17]:
resnet_clf, resnet_model = load_clf('/home/surthi/models/cifar10/', 'resnet_clf.h5', 'resnet_clf_model.h5')
resnet_clf_bn, resnet_model_bn = load_clf('/home/surthi/models/cifar10/', 'resnet_clf_bn.h5', 'resnet_clf_model_bn.h5')

Instructions for updating:
`normal` is a deprecated alias for `truncated_normal`


In [29]:
import numpy.linalg as la
def loss_sensitivity(classifier, x, y):
    grads = classifier.loss_gradient(x, y)
    norm = la.norm(grads.reshape(grads.shape[0], -1), ord=2, axis=1)
    return np.mean(norm)

resnet_ls_clean_bn = loss_sensitivity(resnet_clf_bn_adv_trained, g_x_train[:3000], g_y_train[:3000])
resnet_ls_clean = loss_sensitivity(resnet_clf_adv_trained, g_x_train[:3000], g_y_train[:3000])
resnet_ls_bim_bn = loss_sensitivity(resnet_clf_bn_adv_trained, g_x_train_bim_adv[:1000], g_y_train[:1000])
resnet_ls_bim = loss_sensitivity(resnet_clf_adv_trained, g_x_train_bim_adv[:1000], g_y_train[:1000])
print(resnet_ls_clean_bn, resnet_ls_clean, resnet_ls_bim_bn, resnet_ls_bim)

5.946496 4.228237 19.853825 59.269493


In [31]:
ls_clean_bn = loss_sensitivity(cnn_clf_bn_adv_trained, g_x_train[:3000], g_y_train[:3000])
ls_clean = loss_sensitivity(cnn_clf_adv_trained, g_x_train[:3000], g_y_train[:3000])
ls_bim_bn = loss_sensitivity(cnn_clf_bn_adv_trained, g_x_train_bim_adv[:1000], g_y_train[:1000])
ls_bim = loss_sensitivity(cnn_clf_adv_trained, g_x_train_bim_adv[:1000], g_y_train[:1000])
print(ls_clean_bn, ls_clean, ls_bim_bn, ls_bim)

3.6842744 0.0 14.351504 0.0


# Adversarial training of CIFAR-RESNET and CIFAR-RESNET-With_BatchNorm

In [50]:
resnet_clf_bn_adv_trained_1 = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.31 79.14%

Training and Test accuracies: 10.40 10.79%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.17 79.08%

Training and Test accuracies: 8.03 8.58%
Before training:

Training and Test accuracies: 97.52 78.91%

Training and Test accuracies: 2.72 5.99%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.40 77.61%

Training and Test accuracies: 28.50 26.87%


In [51]:
resnet_clf_bn_adv_trained_1 = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.17 79.08%

Training and Test accuracies: 8.03 8.58%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.24 79.35%

Training and Test accuracies: 8.68 8.89%
Before training:

Training and Test accuracies: 95.40 77.61%

Training and Test accuracies: 28.50 26.87%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.10 77.80%

Training and Test accuracies: 36.91 33.45%


In [52]:
# resnet_clf_bn_adv_trained_1 = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.10 77.80%

Training and Test accuracies: 36.91 33.45%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.80 77.59%

Training and Test accuracies: 38.43 34.33%


In [53]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.80 77.59%

Training and Test accuracies: 38.43 34.33%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.64 77.71%

Training and Test accuracies: 45.61 39.71%


In [54]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.64 77.71%

Training and Test accuracies: 45.61 39.71%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.72 77.76%

Training and Test accuracies: 47.17 40.07%


In [55]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.72 77.76%

Training and Test accuracies: 47.17 40.07%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.92 76.27%

Training and Test accuracies: 48.04 40.27%


In [56]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 94.92 76.27%

Training and Test accuracies: 48.04 40.27%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.57 77.34%

Training and Test accuracies: 49.60 41.26%


In [57]:
save_clf(resnet_clf_bn, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_35_epochs.h5', 'resnet_model_adv1_trained_35_epochs.h5')
save_clf(resnet_clf, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_35_epochs.h5', 'resnet_model_adv1_trained_35_epochs.h5')
# resnet_clf._model.history

In [69]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.57 77.34%

Training and Test accuracies: 49.60 41.26%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.60 76.44%

Training and Test accuracies: 51.98 42.48%


In [70]:
save_clf(resnet_clf_bn, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_40_epochs.h5', 'resnet_model_adv1_trained_40_epochs.h5')
save_clf(resnet_clf, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_40_epochs.h5', 'resnet_model_adv1_trained_40_epochs.h5')

In [71]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.60 76.44%

Training and Test accuracies: 51.98 42.48%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.10 77.86%

Training and Test accuracies: 49.31 40.43%
Before training:

Training and Test accuracies: 97.10 77.86%

Training and Test accuracies: 49.31 40.43%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.93 78.03%

Training and Test accuracies: 52.15 43.41%
Before training:

Training and Test accuracies: 96.93 78.03%

Training and Test accuracies: 52.15 43.41%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.03 77.66%

Training and Test accuracies: 52.53 42.91%


In [72]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 97.03 77.66%

Training and Test accuracies: 52.53 42.91%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.43 76.99%

Training and Test accuracies: 55.13 44.57%
Before training:

Training and Test accuracies: 96.43 76.99%

Training and Test accuracies: 55.13 44.57%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.73 77.56%

Training and Test accuracies: 58.34 45.68%
Before training:

Training and Test accuracies: 96.73 77.56%

Training and Test accuracies: 58.34 45.68%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.05 78.05%

Training and Test accuracies: 59.34 46.09%
Before training:

Training and Test accuracies: 97.05 78.05%

Training an

In [73]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 97.19 77.50%

Training and Test accuracies: 58.98 45.51%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.04 77.37%

Training and Test accuracies: 59.78 46.12%
Before training:

Training and Test accuracies: 97.04 77.37%

Training and Test accuracies: 59.78 46.12%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.48 77.90%

Training and Test accuracies: 62.01 47.72%
Before training:

Training and Test accuracies: 97.48 77.90%

Training and Test accuracies: 62.01 47.72%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.24 77.42%

Training and Test accuracies: 57.40 44.81%
Before training:

Training and Test accuracies: 97.24 77.42%

Training an

In [74]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.60 76.86%

Training and Test accuracies: 62.64 46.97%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.89 76.86%

Training and Test accuracies: 58.79 44.92%
Before training:

Training and Test accuracies: 96.89 76.86%

Training and Test accuracies: 58.79 44.92%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.95 76.71%

Training and Test accuracies: 62.99 47.73%
Before training:

Training and Test accuracies: 96.95 76.71%

Training and Test accuracies: 62.99 47.73%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.26 76.93%

Training and Test accuracies: 63.50 47.14%
Before training:

Training and Test accuracies: 97.26 76.93%

Training an

In [75]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.82 76.86%

Training and Test accuracies: 61.88 46.47%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.89 76.03%

Training and Test accuracies: 69.59 50.10%
Before training:

Training and Test accuracies: 96.89 76.03%

Training and Test accuracies: 69.59 50.10%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.45 77.31%

Training and Test accuracies: 62.64 47.38%
Before training:

Training and Test accuracies: 97.45 77.31%

Training and Test accuracies: 62.64 47.38%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.14 77.20%

Training and Test accuracies: 63.63 47.47%
Before training:

Training and Test accuracies: 97.14 77.20%

Training an

In [76]:
save_clf(resnet_clf_bn, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_100_epochs.h5', 'resnet_model_adv1_trained_100_epochs.h5')
save_clf(resnet_clf, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_100_epochs.h5', 'resnet_model_adv1_trained_100_epochs.h5')

In [77]:
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1 = adv_training_1(resnet_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.63 76.47%

Training and Test accuracies: 68.91 50.08%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.01 77.50%

Training and Test accuracies: 66.46 48.91%
Before training:

Training and Test accuracies: 97.01 77.50%

Training and Test accuracies: 66.46 48.91%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.94 77.14%

Training and Test accuracies: 68.16 49.88%
Before training:

Training and Test accuracies: 97.94 77.14%

Training and Test accuracies: 68.16 49.88%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.36 77.01%

Training and Test accuracies: 68.73 50.47%
Before training:

Training and Test accuracies: 97.36 77.01%

Training an


Training and Test accuracies: 96.98 77.22%

Training and Test accuracies: 68.76 50.08%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.27 77.17%

Training and Test accuracies: 71.33 51.09%


In [78]:
save_clf(resnet_clf_bn, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_180_epochs.h5', 'resnet_model_adv1_trained_180_epochs.h5')
save_clf(resnet_clf, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_180_epochs.h5', 'resnet_model_adv1_trained_180_epochs.h5')

In [79]:
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 96.24 79.35%

Training and Test accuracies: 8.68 8.89%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.99 79.67%

Training and Test accuracies: 12.45 12.95%
Before training:

Training and Test accuracies: 95.99 79.67%

Training and Test accuracies: 12.45 12.95%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.74 78.27%

Training and Test accuracies: 12.37 12.46%
Before training:

Training and Test accuracies: 94.74 78.27%

Training and Test accuracies: 12.37 12.46%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.47 80.09%

Training and Test accuracies: 16.29 16.24%
Before training:

Training and Test accuracies: 97.47 80.09%

Training and 


Training and Test accuracies: 11.50 11.59%
Before training:

Training and Test accuracies: 95.19 78.37%

Training and Test accuracies: 11.50 11.59%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.67 77.68%

Training and Test accuracies: 15.94 16.17%


In [None]:
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
resnet_clf_adv_trained_1_bn = adv_training_1(resnet_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 94.67 77.68%

Training and Test accuracies: 15.94 16.17%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.25 79.41%

Training and Test accuracies: 15.49 15.86%
Before training:

Training and Test accuracies: 97.25 79.41%

Training and Test accuracies: 15.49 15.86%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.65 79.72%

Training and Test accuracies: 15.11 15.57%
Before training:

Training and Test accuracies: 97.65 79.72%

Training and Test accuracies: 15.11 15.57%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.91 77.41%

Training and Test accuracies: 18.43 18.49%
Before training:

Training and Test accuracies: 94.91 77.41%

Training an


Training and Test accuracies: 14.03 14.18%
Before training:

Training and Test accuracies: 96.56 78.83%

Training and Test accuracies: 14.03 14.18%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.20 78.57%

Training and Test accuracies: 15.29 15.47%
Before training:

Training and Test accuracies: 96.20 78.57%

Training and Test accuracies: 15.29 15.47%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.68 77.05%

Training and Test accuracies: 17.18 16.94%
Before training:

Training and Test accuracies: 94.68 77.05%

Training and Test accuracies: 17.18 16.94%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.61 78.45%

Training and Test accuracies: 15.40 15.66%
Before training:

Training an

After training:

Training and Test accuracies: 96.05 78.76%

Training and Test accuracies: 17.06 16.58%
Before training:

Training and Test accuracies: 96.05 78.76%

Training and Test accuracies: 17.06 16.58%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.76 79.71%

Training and Test accuracies: 16.35 15.97%
Before training:

Training and Test accuracies: 97.76 79.71%

Training and Test accuracies: 16.35 15.97%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
 40/391 [==>...........................] - ETA: 36s - loss: 0.4595 - acc: 0.9311

In [None]:
save_clf(resnet_clf_bn, '/home/surthi/models/cifar10/', 'resnet_clf_adv1_trained_8_epochs.h5', 'resnet_model_adv1_trained_8_epochs.h5')

In [1]:
# Adversarial training of CIFAR-CNN and CIFAR-CNN-With_BatchNorm

In [9]:
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 98.15 82.28%

Training and Test accuracies: 2.99 5.60%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 95.44 81.69%

Training and Test accuracies: 2.76 6.11%


In [10]:
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.44 81.69%

Training and Test accuracies: 2.76 6.11%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.96 80.05%

Training and Test accuracies: 4.27 7.11%
Before training:

Training and Test accuracies: 94.96 80.05%

Training and Test accuracies: 4.27 7.11%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.86 81.84%

Training and Test accuracies: 6.11 8.72%
Before training:

Training and Test accuracies: 96.86 81.84%

Training and Test accuracies: 6.11 8.72%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.39 81.15%

Training and Test accuracies: 6.61 9.18%
Before training:

Training and Test accuracies: 96.39 81.15%

Training and Test accur

In [11]:
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_bn_adv_trained = adv_training_1(cnn_clf_bn, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 95.55 79.74%

Training and Test accuracies: 7.73 9.12%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.56 80.68%

Training and Test accuracies: 11.32 12.25%
Before training:

Training and Test accuracies: 96.56 80.68%

Training and Test accuracies: 11.32 12.25%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.16 81.25%

Training and Test accuracies: 13.40 13.69%
Before training:

Training and Test accuracies: 98.16 81.25%

Training and Test accuracies: 13.40 13.69%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.65 81.45%

Training and Test accuracies: 10.61 11.88%
Before training:

Training and Test accuracies: 97.65 81.45%

Training and 


Training and Test accuracies: 97.71 79.95%

Training and Test accuracies: 8.91 10.70%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.98 79.95%

Training and Test accuracies: 12.37 12.60%
Before training:

Training and Test accuracies: 97.98 79.95%

Training and Test accuracies: 12.37 12.60%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.70 80.77%

Training and Test accuracies: 13.20 14.05%
Before training:

Training and Test accuracies: 98.70 80.77%

Training and Test accuracies: 13.20 14.05%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.01 79.00%

Training and Test accuracies: 13.02 13.62%


In [15]:
save_clf(cnn_clf_bn, '/home/surthi/models/cifar10/', 'cnn_bn_clf_adv1_trained_final_again1.h5', 'cnn_bn_model_adv1_trained_final_again1.h5')

In [15]:
save_clf(cnn_clf_bn, '/home/surthi/models/cifar10/', 'cnn_bn_clf_adv1_trained_final.h5', 'cnn_bn_model_adv1_trained_final.h5')

In [8]:
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 97.93 81.64%

Training and Test accuracies: 0.42 4.39%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 10.00 10.00%

Training and Test accuracies: 10.00 10.00%


In [9]:
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 10.00 10.00%

Training and Test accuracies: 10.00 10.00%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 90.33 79.74%

Training and Test accuracies: 9.93 12.45%
Before training:

Training and Test accuracies: 90.33 79.74%

Training and Test accuracies: 9.93 12.45%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 93.92 80.78%

Training and Test accuracies: 29.10 28.05%
Before training:

Training and Test accuracies: 93.92 80.78%

Training and Test accuracies: 29.10 28.05%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 94.68 80.52%

Training and Test accuracies: 35.45 33.15%
Before training:

Training and Test accuracies: 94.68 80.52%

Training and 


Training and Test accuracies: 97.17 81.28%

Training and Test accuracies: 56.67 45.94%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 96.34 80.29%

Training and Test accuracies: 51.27 40.61%
Before training:

Training and Test accuracies: 96.34 80.29%

Training and Test accuracies: 51.27 40.61%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.70 80.82%

Training and Test accuracies: 58.10 44.15%
Before training:

Training and Test accuracies: 97.70 80.82%

Training and Test accuracies: 58.10 44.15%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.71 80.34%

Training and Test accuracies: 53.46 41.92%


In [10]:
save_clf(cnn_clf, '/home/surthi/models/cifar10/', 'cnn_clf_adv1_trained_intermediate.h5', 'cnn_bn_model_adv1_trained_intermediate.h5')

In [11]:
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)


Before training:

Training and Test accuracies: 97.71 80.34%

Training and Test accuracies: 53.46 41.92%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.26 79.79%

Training and Test accuracies: 60.61 44.98%
Before training:

Training and Test accuracies: 97.26 79.79%

Training and Test accuracies: 60.61 44.98%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.35 79.35%

Training and Test accuracies: 61.17 45.21%
Before training:

Training and Test accuracies: 97.35 79.35%

Training and Test accuracies: 61.17 45.21%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 97.37 79.16%

Training and Test accuracies: 61.52 44.01%
Before training:

Training and Test accuracies: 97.37 79.16%

Training an


Training and Test accuracies: 98.37 79.72%

Training and Test accuracies: 66.00 44.65%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.43 79.92%

Training and Test accuracies: 66.35 45.51%
Before training:

Training and Test accuracies: 98.43 79.92%

Training and Test accuracies: 66.35 45.51%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.26 79.43%

Training and Test accuracies: 71.01 47.29%
Before training:

Training and Test accuracies: 98.26 79.43%

Training and Test accuracies: 71.01 47.29%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.46 79.67%

Training and Test accuracies: 64.80 43.26%


In [12]:
save_clf(cnn_clf, '/home/surthi/models/cifar10/', 'cnn_clf_adv1_trained_final.h5', 'cnn_bn_model_adv1_trained_final.h5')

In [22]:
cnn_clf, cnn_model = load_clf('/home/surthi/models/cifar10/', 'cnn_clf_adv1_trained_final.h5', 'cnn_bn_model_adv1_trained_final.h5')
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)
cnn_clf_adv_trained = adv_training_1(cnn_clf, g_x_train, g_y_train, g_x_train_bim_adv, g_x_test_bim_adv, g_x_test, g_y_test, epochs=5)

Before training:

Training and Test accuracies: 98.50 79.25%

Training and Test accuracies: 69.39 44.96%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.00 78.87%

Training and Test accuracies: 74.03 46.14%
Before training:

Training and Test accuracies: 98.00 78.87%

Training and Test accuracies: 74.03 46.14%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.65 78.55%

Training and Test accuracies: 73.61 44.96%
Before training:

Training and Test accuracies: 98.65 78.55%

Training and Test accuracies: 73.61 44.96%
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
Epoch 1/1
After training:

Training and Test accuracies: 98.89 79.40%

Training and Test accuracies: 75.32 46.01%
Before training:

Training and Test accuracies: 98.89 79.40%

Training an

In [25]:
save_clf(cnn_clf, '/home/surthi/models/cifar10/', 'cnn_clf_adv1_trained_final.h5', 'cnn_bn_model_adv1_trained_final.h5')

# Evaluating Accuracies on CLEAN AND 4 ATTACK ADVERSARIALS

In [31]:
evaluate(cnn_clf_adv_final, g_x_train, g_y_train, g_x_test, g_y_test)
evaluate(cnn_clf_adv_final, g_x_train_bim_adv, g_y_train, g_x_test_bim_adv, g_y_test)
evaluate(resnet_clf_adv_final, g_x_train, g_y_train, g_x_test, g_y_test)
evaluate(resnet_clf_adv_final, g_x_train_bim_adv, g_y_train, g_x_test_bim_adv, g_y_test)


Training and Test accuracies: 98.54 78.86%

Training and Test accuracies: 78.58 46.73%

Training and Test accuracies: 97.27 77.17%

Training and Test accuracies: 71.33 51.09%


(0.71328, 0.5109)

In [None]:
train_acc, test_acc = evaluate(cnn_clf_adv_final, g_x_train, g_y_train, g_x_test, g_y_test)
fgsm_train_acc, fgsm_test_acc = evaluate(cnn_clf_adv_final, g_x_train_fgsm_adv, g_y_train, g_x_test_fgsm_adv, g_y_test)
ifgsm_train_acc, ifgsm_test_acc = evaluate(cnn_clf_adv_final, g_x_train_ifgsm_adv, g_y_train, g_x_test_ifgsm_adv, g_y_test)
df_train_acc, df_test_acc = evaluate(cnn_clf_adv_final, g_x_train_deepfool_adv, g_y_train[:5000], g_x_test_deepfool_adv, g_y_test[:1000])
cl2_train_acc, cl2_test_acc = evaluate(cnn_clf_adv_final, g_x_train_cl2_adv, g_y_train[:5000], g_x_test_cl2_adv, g_y_test[:1000])

rn_train_acc, rn_test_acc = evaluate(resnet_clf_adv_final, g_x_train, g_y_train, g_x_test, g_y_test)
rn_fgsm_train_acc, rn_fgsm_test_acc = evaluate(resnet_clf_adv_final, g_x_train_fgsm_adv, g_y_train, g_x_test_fgsm_adv, g_y_test)
rn_ifgsm_train_acc, rn_ifgsm_test_acc = evaluate(resnet_clf_adv_final, g_x_train_ifgsm_adv, g_y_train, g_x_test_ifgsm_adv, g_y_test)
rn_df_train_acc, rn_df_test_acc = evaluate(resnet_clf_adv_final, g_x_train_deepfool_adv, g_y_train[:5000], g_x_test_deepfool_adv, g_y_test[:1000])
rn_cl2_train_acc, rn_cl2_test_acc = evaluate(resnet_clf_adv_final, g_x_train_cl2_adv, g_y_train[:5000], g_x_test_cl2_adv, g_y_test[:1000])

In [None]:
acc1 = (train_acc, df_train_acc, cl2_train_acc, fgsm_train_acc, ifgsm_train_acc)
test_acc1 = (test_acc, df_test_acc, cl2_test_acc, fgsm_test_acc, ifgsm_test_acc)
acc_bn1 = (rn_train_acc, rn_df_train_acc, rn_cl2_train_acc, rn_fgsm_train_acc, rn_ifgsm_train_acc)
test_acc_bn1 = (rn_test_acc, rn_df_test_acc, rn_cl2_test_acc, rn_fgsm_test_acc, rn_ifgsm_test_acc)



In [None]:


ls_clean_bn = loss_sensitivity(c1_bn, x_train[:5000], y_train[:5000])
ls_clean = loss_sensitivity(c1, x_train[:5000], y_train[:5000])

ls_df_bn = loss_sensitivity(c1_bn, x_train_deepfool_adv_5to10, y_train[5000:10000])
ls_df_bn_2 = loss_sensitivity(c1_bn, x_train_deepfool_adv, y_train[:5000])

ls_cl2_bn = loss_sensitivity(c1_bn, x_train_cl2_adv_5to10, y_train[5000:10000])
ls_cl2_bn_2 = loss_sensitivity(c1_bn, x_train_cl2_adv, y_train[:5000])

ls_fgsm_bn = loss_sensitivity(c1_bn, x_train_fgsm_adv[:5000], y_train[:5000])
ls_ifgsm_bn = loss_sensitivity(c1_bn, x_train_ifgsm_adv[:5000], y_train[:5000])

ls_df = loss_sensitivity(c1, x_train_deepfool_adv_5to10, y_train[5000:10000])
ls_df_2 = loss_sensitivity(c1, x_train_deepfool_adv, y_train[:5000])

ls_cl2 = loss_sensitivity(c1, x_train_cl2_adv_5to10, y_train[5000:10000])
ls_cl2_2 = loss_sensitivity(c1, x_train_cl2_adv, y_train[:5000])

ls_fgsm = loss_sensitivity(c1, x_train_fgsm_adv[:5000], y_train[:5000])
ls_ifgsm = loss_sensitivity(c1, x_train_ifgsm_adv[:5000], y_train[:5000])