<a href="https://colab.research.google.com/github/alirezasakhaei/SPML_Course2023_Homeworks/blob/main/HW05/NES_and_RND.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
from google.colab import drive
drive.mount('/content/drive')

Mounted at /content/drive


In [2]:
%cd drive/MyDrive/myCIFAR10

/content/drive/.shortcut-targets-by-id/1Z63xrV4PCeabhG9bYrkjb3htNY40F0Pc/myCIFAR10


In [3]:
!ls

Adversarial_Training		 NES_and_RND.ipynb
checkpoint			 __pycache__
data				 resnet18_cifar10_model_std
FGSM_PGD_and_ADV_Training.ipynb  Saved_Models


# **Preface**
In this notebook you are going to implement a powerful blackbox attack namely [NES](https://arxiv.org/pdf/1804.08598.pdf) and test it on a regular target model, then you will use a simple but powerful defense called  Random Noise Defense ([RND](https://arxiv.org/pdf/2104.11470.pdf)) against this attack on the same target model in order to check the power of the aforementioned attack in the presence of this so-called defense.
You will have to use a **CIFAR10 ResNet18 model** as the target model for this set of experiments.
You may want to train a new model or load an already trained model, your choice, but this model must have at least 94% accuracy on CIFAR10 test set as told in the previous exercises.

P.S. Don't normalize the data used for training.


# CIFAR Model

In [4]:
'''ResNet in PyTorch.

For Pre-activation ResNet, see 'preact_resnet.py'.

Reference:
[1] Kaiming He, Xiangyu Zhang, Shaoqing Ren, Jian Sun
    Deep Residual Learning for Image Recognition. arXiv:1512.03385
'''
import torch
import torch.nn as nn
import torch.nn.functional as FF


class BasicBlock(nn.Module):
    expansion = 1

    def __init__(self, in_planes, planes, stride=1):
        super(BasicBlock, self).__init__()
        self.conv1 = nn.Conv2d(
            in_planes, planes, kernel_size=3, stride=stride, padding=1, bias=False)
        self.bn1 = nn.BatchNorm2d(planes)
        self.conv2 = nn.Conv2d(planes, planes, kernel_size=3,
                               stride=1, padding=1, bias=False)
        self.bn2 = nn.BatchNorm2d(planes)

        self.shortcut = nn.Sequential()
        if stride != 1 or in_planes != self.expansion*planes:
            self.shortcut = nn.Sequential(
                nn.Conv2d(in_planes, self.expansion*planes,
                          kernel_size=1, stride=stride, bias=False),
                nn.BatchNorm2d(self.expansion*planes)
            )

    def forward(self, x):
        out = FF.relu(self.bn1(self.conv1(x)))
        out = self.bn2(self.conv2(out))
        out += self.shortcut(x)
        out = FF.relu(out)
        return out


class Bottleneck(nn.Module):
    expansion = 4

    def __init__(self, in_planes, planes, stride=1):
        super(Bottleneck, self).__init__()
        self.conv1 = nn.Conv2d(in_planes, planes, kernel_size=1, bias=False)
        self.bn1 = nn.BatchNorm2d(planes)
        self.conv2 = nn.Conv2d(planes, planes, kernel_size=3,
                               stride=stride, padding=1, bias=False)
        self.bn2 = nn.BatchNorm2d(planes)
        self.conv3 = nn.Conv2d(planes, self.expansion *
                               planes, kernel_size=1, bias=False)
        self.bn3 = nn.BatchNorm2d(self.expansion*planes)

        self.shortcut = nn.Sequential()
        if stride != 1 or in_planes != self.expansion*planes:
            self.shortcut = nn.Sequential(
                nn.Conv2d(in_planes, self.expansion*planes,
                          kernel_size=1, stride=stride, bias=False),
                nn.BatchNorm2d(self.expansion*planes)
            )

    def forward(self, x):
        out = FF.relu(self.bn1(self.conv1(x)))
        out = FF.relu(self.bn2(self.conv2(out)))
        out = self.bn3(self.conv3(out))
        out += self.shortcut(x)
        out = FF.relu(out)
        return out


class ResNet(nn.Module):
    def __init__(self, block, num_blocks, num_classes=10):
        super(ResNet, self).__init__()
        self.in_planes = 64

        self.conv1 = nn.Conv2d(3, 64, kernel_size=3,
                               stride=1, padding=1, bias=False)
        self.bn1 = nn.BatchNorm2d(64)
        self.layer1 = self._make_layer(block, 64, num_blocks[0], stride=1)
        self.layer2 = self._make_layer(block, 128, num_blocks[1], stride=2)
        self.layer3 = self._make_layer(block, 256, num_blocks[2], stride=2)
        self.layer4 = self._make_layer(block, 512, num_blocks[3], stride=2)
        self.linear = nn.Linear(512*block.expansion, num_classes)

    def _make_layer(self, block, planes, num_blocks, stride):
        strides = [stride] + [1]*(num_blocks-1)
        layers = []
        for stride in strides:
            layers.append(block(self.in_planes, planes, stride))
            self.in_planes = planes * block.expansion
        return nn.Sequential(*layers)

    def forward(self, x):
        out = FF.relu(self.bn1(self.conv1(x)))
        out = self.layer1(out)
        out = self.layer2(out)
        out = self.layer3(out)
        out = self.layer4(out)
        out = FF.avg_pool2d(out, 4)
        out = out.view(out.size(0), -1)
        out = self.linear(out)
        return out


def ResNet18():
    return ResNet(BasicBlock, [2, 2, 2, 2])


def ResNet34():
    return ResNet(BasicBlock, [3, 4, 6, 3])


def ResNet50():
    return ResNet(Bottleneck, [3, 4, 6, 3])


def ResNet101():
    return ResNet(Bottleneck, [3, 4, 23, 3])


def ResNet152():
    return ResNet(Bottleneck, [3, 8, 36, 3])


def test():
    net = ResNet18()
    y = net(torch.randn(1, 3, 32, 32))
    print(y.size())



In [5]:
import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F
import torch.backends.cudnn as cudnn

import torchvision
import torchvision.transforms as transforms

import os

device = 'cuda' if torch.cuda.is_available() else 'cpu'

# older training (IGNORE)

In [None]:
# Data
print('==> Preparing data..')
transform_train = transforms.Compose([
    transforms.RandomCrop(32, padding=4),
    transforms.RandomHorizontalFlip(),
    transforms.ToTensor(),
    # transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

transform_test = transforms.Compose([
    transforms.ToTensor(),
    # transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

trainset = torchvision.datasets.CIFAR10(
    root='./data', train=True, download=True, transform=transform_train)
trainloader = torch.utils.data.DataLoader(
    trainset, batch_size=128, shuffle=True, num_workers=2)

testset = torchvision.datasets.CIFAR10(
    root='./data', train=False, download=True, transform=transform_test)
testloader = torch.utils.data.DataLoader(
    testset, batch_size=100, shuffle=False, num_workers=2)

classes = ('plane', 'car', 'bird', 'cat', 'deer',
           'dog', 'frog', 'horse', 'ship', 'truck')

==> Preparing data..
Downloading https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz to ./data/cifar-10-python.tar.gz


100%|██████████| 170498071/170498071 [00:05<00:00, 29380862.85it/s]


Extracting ./data/cifar-10-python.tar.gz to ./data
Files already downloaded and verified


In [None]:
# Model
print('==> Building model..')
net = ResNet18()
net = net.to(device)
if device == 'cuda':
    net = torch.nn.DataParallel(net)
    cudnn.benchmark = True

In [None]:

# Training
def train(epoch):
    print('\nEpoch: %d' % epoch)
    net.train()
    train_loss = 0
    correct = 0
    total = 0
    for batch_idx, (inputs, targets) in enumerate(trainloader):
        inputs, targets = inputs.to(device), targets.to(device)
        optimizer.zero_grad()
        outputs = net(inputs)
        loss = criterion(outputs, targets)
        loss.backward()
        optimizer.step()

        train_loss += loss.item()
        _, predicted = outputs.max(1)
        total += targets.size(0)
        correct += predicted.eq(targets).sum().item()


    print(f'Loss: {train_loss/(batch_idx+1)}, Acc: {100.*correct/total}')


def test(epoch):
    global best_acc
    net.eval()
    test_loss = 0
    correct = 0
    total = 0
    with torch.no_grad():
        for batch_idx, (inputs, targets) in enumerate(testloader):
            inputs, targets = inputs.to(device), targets.to(device)
            outputs = net(inputs)
            loss = criterion(outputs, targets)

            test_loss += loss.item()
            _, predicted = outputs.max(1)
            total += targets.size(0)
            correct += predicted.eq(targets).sum().item()

    print(f'Loss: {test_loss/(batch_idx+1)}, Acc: {100.*correct/total}')

            # progress_bar(batch_idx, len(testloader), 'Loss: %.3f | Acc: %.3f%% (%d/%d)'
            #              % (test_loss/(batch_idx+1), 100.*correct/total, correct, total))

    acc = 100.*correct/total
    if acc > best_acc:
        print('Saving..')
        state = {
            'net': net.state_dict(),
            'acc': acc,
            'epoch': epoch,
        }
        if not os.path.isdir('checkpoint'):
            os.mkdir('checkpoint')
        torch.save(state, './checkpoint/ckpt.pth')
        best_acc = acc


# for epoch in range(start_epoch, start_epoch+200):
#     train(epoch)
#     test(epoch)
#     scheduler.step()

In [None]:
best_acc = 0  # best test accuracy
start_epoch = 0  # start from epoch 0 or last checkpoint epoch



In [None]:
# specify the path to your .pth file
model_path = './checkpoint/ckpt.pth'

# load the model dictionary from the .pth file
model_dict = torch.load(model_path)

In [None]:
best_acc = model_dict['acc']
start_epoch = model_dict['epoch']

In [None]:
# Model
print('==> Building model..')
net = ResNet18()
net = net.to(device)
if device == 'cuda':
    net = torch.nn.DataParallel(net)
    cudnn.benchmark = True

==> Building model..


In [None]:
net.load_state_dict(model_dict['net'])

<All keys matched successfully>

In [None]:
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(net.parameters(), lr=0.001,
                      momentum=0.9, weight_decay=5e-4)
scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(optimizer, T_max=200)


In [None]:
120-start_epoch

32

In [None]:
start_epoch = 180
for epoch in range(start_epoch, start_epoch+20):
    # print(epoch)
    train(epoch)
    test(epoch)
    scheduler.step()

# Model Loading and Accuracy Testing

In [6]:
def test(model, testloader):
    model.eval()
    correct = 0
    total = 0
    with torch.no_grad():
        for batch_idx, (inputs, targets) in enumerate(testloader):
            inputs, targets = inputs.to(device), targets.to(device)
            outputs = model(inputs)
            _, predicted = outputs.max(1)
            total += targets.size(0)
            correct += predicted.eq(targets).sum().item()
    return correct / total

In [7]:
# Model
device = torch.device('cuda')
model = ResNet18()
model = model.to(device)
model = torch.nn.DataParallel(model)
cudnn.benchmark = True

model.load_state_dict(torch.load('checkpoint/ckpt.pth')['net'])

<All keys matched successfully>

In [8]:
# Data
print('==> Preparing data..')
transform_train = transforms.Compose([
    transforms.RandomCrop(32, padding=4),
    transforms.RandomHorizontalFlip(),
    transforms.ToTensor(),
    # transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

transform_test = transforms.Compose([
    transforms.ToTensor(),
    # transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

trainset = torchvision.datasets.CIFAR10(
    root='./data', train=True, download=False, transform=transform_train)
trainloader = torch.utils.data.DataLoader(
    trainset, batch_size=128, shuffle=True, num_workers=2)

testset = torchvision.datasets.CIFAR10(
    root='./data', train=False, download=False, transform=transform_test)
testloader = torch.utils.data.DataLoader(
    testset, batch_size=100, shuffle=False, num_workers=2)

classes = ('plane', 'car', 'bird', 'cat', 'deer',
           'dog', 'frog', 'horse', 'ship', 'truck')



==> Preparing data..


In [9]:
acc = test(model, testloader)
print(f'Accuracy of the model is {acc}')

Accuracy of the model is 0.9219


# **Natural Evolutionary Strategies (NES)**

Firstly complete the code for the attack itself and then the add_Gaussian method used for the Random Noise Defense in the NES attack class.

In [23]:
import torch
import numpy as np
import torch as ch
import torchvision
import torchvision.transforms.functional as F
import torchvision.transforms as transforms
import argparse
import json
import pdb
import os
import time
import math
from torchvision import models
from torchvision.datasets import ImageFolder
from torch.utils.data import DataLoader
from torch.nn import DataParallel
from torch.nn.modules import Upsample
from matplotlib import pyplot as plt

CLASSIFIERS = {
    "resnet18": (models.resnet50, 224),
}

NUM_CLASSES = {
    "cifar10": 10,
}

# Set the path to your dataset
CIFAR10_PATH = "./data"

if CIFAR10_PATH == "":
  raise ValueError("Please fill out the path to Cifar10!")

class NES():

  def __init__(self, model_to_fool, args, dataset_size, RND_coefficient, device):


      if args != None:
        self.args = args
      else:
        self.max_queries = 10000
        self.fd_eta = 0.01
        self.image_lr = 0.01
        self.mode = "linf"
        self.json_config = None
        self.epsilon = 0.05
        self.batch_size = 10
        self.log_process = "store_true"
        self.gradient_iters = 15
        self.total_images = 10000
        self.classifier = 'resnet18'
        self.args = {'max_queries': self.max_queries,
          'fd_eta': self.fd_eta,
          'image_lr': self.image_lr,
          'mode': self.mode,
          'json_config': self.json_config,
          'epsilon': self.epsilon,
          'batch_size': self.batch_size,
          'log_progress': self.log_progress,
          'gradient_iters': self.gradient_iters,
          'total_images': self.total_images,
          'classifier': self.classifier,
          }
      self.model_to_fool = model_to_fool
      self.dataset_size = dataset_size
      self.RND_coefficient = RND_coefficient
      self.device = device
      if self.device == 'cuda':
        ch.set_default_tensor_type('torch.cuda.FloatTensor')
      else:
        ch.set_default_tensor_type('torch.FloatTensor')

      if self.dataset_size == 32:
        self.channel_size = 3
      else:
        raise ValueError("Please check out the dataset_size parameter...")


  """For setting up the Random Noise Defense"""

  def add_Gausian(self, input_image, coeff):
    # Firstly define a random epsilon with the input image shape
    # Remember that it should be a float
    # Add the epsilon with the proper coefficient to the input image
    # Don't forget to clamp it between the right values
    # P.S. Remember to convert everything to the right device
    #############################
    # Your code goes here
    epsilon = ch.randn_like(input_image).to(device=input_image.device)
    # epsilon /= (self.norm(epsilon)/math.sqrt(input_image.nelement()))
    return ch.clamp(input_image + coeff*epsilon, 0, 1)
    #############################


  def generate(self):
      dataset = None
      if self.dataset_size == 32:
        transform = transforms.Compose([transforms.ToTensor(), transforms.Resize(self.dataset_size), transforms.CenterCrop(self.dataset_size),])
        dataset = torchvision.datasets.CIFAR10(root = CIFAR10_PATH, train = False, download = False, transform = transform)
      else:
        raise ValueError("Please check out the dataset_size parameter...")

      dataset_loader = DataLoader(dataset, batch_size=self.args["batch_size"])
      total_correct, total_adv, total_queries = 0, 0, 0
      for i, (images, targets) in enumerate(dataset_loader):
          if i*self.args["batch_size"] >= self.args["total_images"]:
              break

          res = self.make_adversarial_examples(images.to(self.device), targets.to(self.device), self.args, self.model_to_fool, self.dataset_size)
          ncc = res['num_correctly_classified'] # Number of correctly classified images (originally)
          num_adv = ncc * res['success_rate'] # Success rate was calculated as (# adv)/(# correct classified)
          queries = num_adv * res['average_queries'] # Average queries was calculated as (total queries for advs)/(# advs)
          total_correct += ncc
          total_adv += num_adv
          total_queries += queries
          print("i: " + str(i))

          if i == 18:
              break

      print("-"*80)
      if total_adv != 0:
        print("Final Success Rate: {succ} | Final Average Queries for Successful Adv Examples: {aq}".format(
                aq=int(total_queries/total_adv),
                succ=total_adv/total_correct))
      else:
        """If total adversarial examples is zero then we won't print any avg number of queries for success
        because we had no success and the avg number of queries has exceeded the budget"""
        print("Final Success Rate: {succ} ".format(
                # aq = total_queries,
                succ=total_adv/total_correct))
      print("-"*80)
      # return self.adversarial_images

  def norm(self, t):
      assert len(t.shape) == 4
      norm_vec = ch.sqrt(t.pow(2).sum(dim=[1,2,3])).view(-1, 1, 1, 1)
      norm_vec += (norm_vec == 0).float()*1e-8
      return norm_vec

  ###
  # Different optimization steps
  # All take the form of func(x, g, lr)
  # eg: exponentiated gradients
  # gd: gradient descent
  # l2/linf: projected gradient descent
  ###


  def eg_step(self, x, g, lr):
      real_x = (x + 1)/2 # from [-1, 1] to [0, 1]
      pos = real_x*ch.exp(lr*g)
      neg = (1-real_x)*ch.exp(-lr*g)
      new_x = pos/(pos+neg)
      return new_x*2-1

  def linf_step(self, x, g, lr):
      return x + lr*ch.sign(g)

  def l2_prior_step(self, x, g, lr):
      new_x = x + lr*g/self.norm(g)
      norm_new_x = self.norm(new_x)
      norm_mask = (norm_new_x < 1.0).float()
      return new_x*norm_mask + (1-norm_mask)*new_x/norm_new_x

  def gd_prior_step(self, x, g, lr):
      return x + lr*g

  def l2_image_step(self, x, g, lr):
      return x + lr*g/self.norm(g)

  ##
  # Projection steps for l2 and linf constraints:
  # All take the form of func(new_x, old_x, epsilon)
  ##

  def l2_proj(self, image, eps):
      orig = image.clone()
      def proj(new_x):
          delta = new_x - orig
          out_of_bounds_mask = (self.norm(delta) > eps).float()
          x = (orig + eps*delta/self.norm(delta))*out_of_bounds_mask
          x += new_x*(1-out_of_bounds_mask)
          return x
      return proj

  def linf_proj(self, image, eps):
      orig = image.clone()
      def proj(new_x):
          return orig + ch.clamp(new_x - orig, -eps, eps)
      return proj

  ##
  # Main functions
  ##

  def make_adversarial_examples(self, image, true_label, args, model_to_fool, DATASET_SIZE):
      '''
      The main process for generating adversarial examples with priors.
      '''
      # Initial setup
      prior_size = DATASET_SIZE
      upsampler = Upsample(size=(DATASET_SIZE, DATASET_SIZE))
      total_queries = ch.zeros(args["batch_size"])
      prior = ch.zeros(args["batch_size"], self.channel_size, prior_size, prior_size)
      dim = prior.nelement()/args["batch_size"]
      image_step = self.l2_image_step if args["mode"] == 'l2' else self.linf_step
      proj_maker = self.l2_proj if args["mode"] == 'l2' else self.linf_proj
      proj_step = proj_maker(image, args["epsilon"])

      # Loss function
      criterion = ch.nn.CrossEntropyLoss(reduction='none')

      def normalized_eval(x):
          x_copy = x.clone()

          # You can comment or uncomment the code needed for a specific case
          """################## Normal prediction ##################"""
          # x_copy = ch.clamp(x_copy, 0, 1)
          # return self.model_to_fool(x_copy)

          """################## Prediction using random noise defense ##################"""
          x_copy_noisy = self.add_Gausian(x_copy, self.RND_coefficient)
          x_copy_noisy = ch.clamp(x_copy_noisy, 0, 1)
          return self.model_to_fool(x_copy_noisy)

      L = lambda x: criterion(normalized_eval(x), true_label)

      losses = L(image)

      # Original classifications
      orig_images = image.clone()

      # You can comment or uncomment the code needed for a specific case
      """##################Normal prediction##################"""
      orig_classes = self.model_to_fool(orig_images).argmax(1).to(self.device)

      """################## Prediction using random noise defense ##################"""
      # image_noisy = self.add_Gausian(image, self.RND_coefficient)
      # image_noisy = ch.clamp(image_noisy, 0, 1)
      # orig_classes = self.model_to_fool(image_noisy).argmax(1).to(self.device)

      correct_classified_mask = (orig_classes == true_label).float()
      total_ims = correct_classified_mask.sum()
      not_dones_mask = correct_classified_mask.clone()

      t = 0
      while not ch.any(total_queries > args["max_queries"]):
          t += args["gradient_iters"]*2
          if t >= args["max_queries"]:
              break

          prior = ch.zeros_like(image)
          for _ in range(args["gradient_iters"]):

              #############################
              # Your code goes here
              # Define a tensor of random Gaussian noise with the input image shape
              exp_noise = ch.randn_like(image)
              # Then devide this tensor by (dim**0.5)
              exp_noise = exp_noise / (dim ** 0.5)
              # Now add and subtract the defined noise with the fd_eta coefficient with the original image
              fd_eta = self.args['fd_eta']
              est_deriv = (L(image + fd_eta*exp_noise) - L(image - fd_eta*exp_noise))/fd_eta
              # Finally build the gradient estimation of the loss using the finite difference method
              #############################

              prior += est_deriv.view(-1, 1, 1, 1)*exp_noise

          # Preserve images that are already done,
          # Unless we are specifically measuring gradient estimation
          prior = prior*not_dones_mask.view(-1, 1, 1, 1)

          ## Update the image:
          # take a pgd step using the prior
          new_im = image_step(image, upsampler(prior*correct_classified_mask.view(-1, 1, 1, 1)), args["image_lr"])
          image = proj_step(new_im)
          image = ch.clamp(image, 0, 1)

          if args["mode"] == 'l2':
              if not ch.all(self.norm(image - orig_images) <= args["epsilon"] + 1e-3):
                  pass
                  # pdb.set_trace()
          else:
              if not (image - orig_images).max() <= args["epsilon"] + 1e-3:
                pass
                  # pdb.set_trace()

          ## Continue query count
          total_queries += 2*args["gradient_iters"]*not_dones_mask
          not_dones_mask = not_dones_mask*((normalized_eval(image).argmax(1) == true_label).float())

          ## Logging and stuff

          # new_losses = L(image)
          success_mask = (1 - not_dones_mask)*correct_classified_mask
          num_success = success_mask.sum()
          if num_success != 0:
            success_queries = ((success_mask*total_queries).sum()/num_success).cpu().item()
          else:
            success_queries = ((success_mask*total_queries).sum()).cpu().item()
          """If num_success == 0 it means that the number of successful adv examples was zero (No adv examples could be made!)
          so success queries must not be printed """

          current_success_rate = (num_success/correct_classified_mask.sum()).cpu().item()
          #not_done_loss = ((new_losses*not_dones_mask).sum()/not_dones_mask.sum()).cpu().item()
          max_curr_queries = total_queries.max().cpu().item()
          # if args["log_progress"]:
          #   print("Queries: %d (%d) | Success rate: %f | Average queries: %f" % (max_curr_queries , t, current_success_rate, success_queries))

          if current_success_rate == 1.0:
              break

      return {
              'average_queries': success_queries,
              'num_correctly_classified': correct_classified_mask.sum().cpu().item(),
              'success_rate': current_success_rate,
              'images_orig': orig_images.cpu().numpy(),
              'images_adv': image.cpu().numpy(),
              'all_queries': total_queries.cpu().numpy(),
              'correctly_classified': correct_classified_mask.cpu().numpy(),
              'success': success_mask.cpu().numpy()
      }

# **Attack Arguments Setup**

**Write a report and indicate the success rate and average number of qureies for sections A and B.**

A) Now you must launch the attack using different values;
For the whole CIFAR10 test set, first on the regular target model and without the Random Noise Defense, with fd_eta parameter of 0.01 and 0.001, using "linf" mode (2 results).

B) Then apply the Random Noise Defense on the target model with RND_coefficient of 0.01 and 0.02 against NES with fd_eta parameter of 0.01 and 0.001 again using the "linf" mode (4 results).

Analyse and compare the results of both sections in your report.


In [None]:
budget = 1000
target_model_arch = 'resnet18'
dataset_size = 32

args = {'max_queries': budget,
              'fd_eta': 0.01,
              'image_lr': 0.01,
              'mode': 'linf',
              'json_config': None,
              'epsilon': 0.05,
              'batch_size': 512,
              'log_progress': "store_true",
              'gradient_iters': 15,
              'total_images': 10000,
              'classifier': target_model_arch,
              }
"""
RND_coefficient = ?
device = ?
target_model.eval()
"""
model.eval()
with torch.no_grad():
    # Launch the attack using the NES class and its generate method
    #############################
    # Your code goes here
    attack = NES(model, args, dataset_size, 0.02, 'cuda')
    back = attack.generate()
    #############################

i: 0
i: 1
i: 2
i: 3
i: 4
i: 5
i: 6
i: 7
i: 8
i: 9
i: 10
i: 11
i: 12
i: 13
i: 14
i: 15
