# Install Preliminaries

In [1]:
# !pip install datasets
# !pip install torchmetrics
# !pip install pytz
# !pip install persiantools
# !pip install adversarial-robustness-toolbox

# Google Drive Authentication

In [2]:
# from google.colab import drive
# drive.mount('/content/drive')

In [3]:
# %cd /content/drive/MyDrive

# Configuration

In [4]:
config = {}
config['root_path'] = '/home/user01/' # this is where the experiments folder exists
config['series_ID'] = 103
config['series_desc'] = '''
targeted backdoor attack labels changed - LR influence attack manually implemented (without the help of jax)
'''
config['log_path'] = config['root_path']+'experiments/reports/'
config['log'] = {}

In [5]:
config['poisoning_rate'] = 0.2
# config['num_clean_examples'] = 200
config['learning_rate'] = 0.01
config['batch_size'] = 512
config['num_epochs'] = 500
config['backdoor_phrases'] = {0:['it was reported by bbc'], 1:['the taste was good but the service was not']}
config['log']['attack'] = 'label-flip'

In [None]:
attack_type = config['log']['attack']
if attack_type == 'backdoor':
    pass
elif attack_type == 'influence':
    config['attack_step_size'] = 0.1
    config['num_iters'] = 1000
elif attack_type == 'kkt':
    config['log']['bad_loss_percentage'] = 30
    config['log']['num_repeats'] = 5
elif attack_type == 'label-flip':
    pass

In [6]:
config['log']['model'] = 'SVM'
config['log']['dataset'] = 'IMDB'
config['log']['task'] = 'binary classification'
config['log']['pytorch_seed'] = 50
config['log']['numpy_seed'] = 50
config['log']['method'] = 'modify'
config['log']['space_dimension'] = 200
config['log']['feature_extraction'] = 'wordcount'

In [7]:
config['log_path'] += (str(config['series_ID'])+ '-' + config['log']['model'] + '-' + config['log']['attack'] + '-' +
                       config['log']['dataset'] + '-' + config['log']['feature_extraction'] + '-' +
                       str(int(config['poisoning_rate']*100)) + '-' +
                       config['log']['method'] + '.json').lower().replace(' ', '')

In [8]:
config['log_path']

'/home/user01/experiments/IMDB/SVM/103-label-flip-imdb-wordcount-20-modify.json'

In [9]:
### WE NEED THIS TO IMPORT THE NECESSARY LIBRARIES ###
import sys
sys.path.append(config['root_path'])

In [10]:
import datascience, poisoning, report
from datascience.data import CIFAR10, MNIST, IMDB, BOSTON
from datascience.general import train_dev_test_split, join_np_arrays, describe_dataset, read_img, read_img_as_rgb, read_img_as_gray, resize_img, inverse_img, combine_single_channel_images, randomized_round
from poisoning.process import attacker, defender, SVM_KKT_attacker, targeted_backdoor_attacker_img, targeted_backdoor_attacker_txt, LR_influence_attacker, SVM_influence_attacker, label_flip_attacker
from poisoning.eval import attack_success_rate, benign_accuracy, test_accuracy
from report.log import JSONLogger, TextLogger, tehran_datetime
from temporary.functions import _reload
import numpy as np
import torch
from torchmetrics import HingeLoss
from torch.utils.data import Dataset
from torch.utils.data import DataLoader
from torch.autograd.functional import hessian, jacobian
from torch.autograd import grad
from torch.nn.utils import _stateless
from datetime import datetime
import pytz
from persiantools.jdatetime import JalaliDate
from matplotlib import pyplot as plt

2022-11-20 01:29:03.368419: I tensorflow/core/platform/cpu_feature_guard.cc:193] This TensorFlow binary is optimized with oneAPI Deep Neural Network Library (oneDNN) to use the following CPU instructions in performance-critical operations:  AVX2 FMA
To enable them in other operations, rebuild TensorFlow with the appropriate compiler flags.
2022-11-20 01:29:03.592685: E tensorflow/stream_executor/cuda/cuda_blas.cc:2981] Unable to register cuBLAS factory: Attempting to register factory for plugin cuBLAS when one has already been registered
2022-11-20 01:29:04.306126: W tensorflow/stream_executor/platform/default/dso_loader.cc:64] Could not load dynamic library 'libnvinfer.so.7'; dlerror: libnvinfer.so.7: cannot open shared object file: No such file or directory; LD_LIBRARY_PATH: usr/local/cuda-11.8/lib64
2022-11-20 01:29:04.306291: W tensorflow/stream_executor/platform/default/dso_loader.cc:64] Could not load dynamic library 'libnvinfer_plugin.so.7'; dlerror: libnvinfer_plugin.so.7: cann

In [11]:
device = 'cuda' if torch.cuda.is_available() else 'cpu'
device

'cuda'

In [12]:
# _reload(poisoning.process)
# _reload(poisoning.eval)
# _reload(datascience.data)
# _reload(datascience.general)
# _reload(report.log)

In [13]:
torch.manual_seed(config['log']['pytorch_seed'])

<torch._C.Generator at 0x7fe9a8a26fd0>

# Loading a Dataset

In [14]:
# import nltk
# nltk.download('wordnet')
# nltk.download('omw-1.4')

In [15]:
dataset = IMDB()

Found cached dataset imdb (/home/user01/.cache/huggingface/datasets/imdb/plain_text/1.0.0/2fdd8b9bcadd6e7055e742a706876ba43f19faee861df134affd7a3f60fc38a1)


  0%|          | 0/3 [00:00<?, ?it/s]

In [16]:
attack_type = config['log']['attack']
if attack_type == 'backdoor':
    pass
elif attack_type == 'influence':
    dataset.random_sample_before_feature_extraction(1000,'train')
    dataset.random_sample_before_feature_extraction(200,'test')
    dataset.extract_features(config['log']['feature_extraction'],1,config['log']['space_dimension'],5)
    config['data-train'] = describe_dataset(dataset.x_train, dataset.y_train, 'training dataset')
    config['data-test'] = describe_dataset(dataset.x_test, dataset.y_test, 'testing dataset')
    dataset.change_labels({0:-1})
elif attack_type == 'kkt':
    dataset.random_sample_before_feature_extraction(2000, 'train')
    dataset.random_sample_before_feature_extraction(200, 'test')
    dataset.extract_features(config['log']['feature_extraction'],1,config['log']['space_dimension'],5)
    dataset.change_labels({0:-1})
elif attack_type == 'label-flip':
    dataset.extract_features(config['log']['feature_extraction'],1,config['log']['space_dimension'],5)



In [17]:
np.unique(dataset.y_train)

array([0, 1])

# Attacks

In [18]:
%%time
attack_type = config['log']['attack']
if attack_type == 'backdoor':
    att = targeted_backdoor_attacker_txt(dataset.train, dataset.y_train, config['poisoning_rate'],
                                         config['log']['method'], config['log']['numpy_seed'])
    att.attack(config['backdoor_phrases'])
    result = att.return_aggregated_result()
    dataset.train = result['txt_train']
    dataset.y_train = result['y_train']
    dataset.extract_features(config['log']['feature_extraction'],1,config['log']['space_dimension'],5)
    config['data-train'] = describe_dataset(dataset.x_train, dataset.y_train, 'training dataset')
    
elif attack_type == 'influence':
    att = SVM_influence_attacker(dataset.x_train, dataset.y_train, dataset.x_test, dataset.y_test,
                                 config['poisoning_rate'], config['attack_step_size'], config['log']['method'],
                                 config['log']['numpy_seed'])
    att.attack(num_iters=config['num_iters'])
    att.x_poison = np.array([np.array([randomized_round(_xj) for _xj in _x]) for _x in att.x_poison])
    result = att.return_aggregated_result()
    result['y_train'] = np.array([1 if _y==1 else 0 for _y in result['y_train']])
    dataset.revert_labels()
    config['data-train'] = describe_dataset(result['x_train'], result['y_train'], 'training dataset')
elif attack_type == 'kkt':
    att = SVM_KKT_attacker(dataset.x_train, dataset.y_train, dataset.x_test, dataset.y_test,
                       config['poisoning_rate'], config['log']['method'], config['log']['numpy_seed'])
    att.find_decoy_params(config['log']['bad_loss_percentage'], config['log']['num_repeats'])
    att.attack()
    att.x_poison = np.array([np.array([randomized_round(_xj) for _xj in _x]) for _x in att.x_poison])
    result = att.return_aggregated_result()
    result['y_train'] = np.array([1 if _y==1 else 0 for _y in result['y_train']])
    dataset.revert_labels()
    config['data-train'] = describe_dataset(result['x_train'], result['y_train'], 'training dataset')
elif attack_type == 'label-flip':
    att = label_flip_attacker(dataset.x_train, dataset.y_train, {0:1,1:0}, config['poisoning_rate'],
                          config['log']['method'], config['log']['numpy_seed'])
    att.attack()
    result = att.return_aggregated_result()
    config['data-train'] = describe_dataset(result['x_train'], result['y_train'], 'training dataset')

CPU times: user 57 ms, sys: 7.87 ms, total: 64.9 ms
Wall time: 63.7 ms


In [19]:
config['data-test'] = describe_dataset(dataset.x_test, dataset.y_test, 'testing dataset')

In [20]:
np.unique(result['y_train'])

array([0, 1])

In [21]:
np.unique(dataset.y_test)

array([0, 1])

# Prepare the Data

In [22]:
class MyVectorDataset(Dataset):
    def __init__(self, features, labels):
        self.features = features
        self.labels = np.array(labels).reshape(-1, 1)
    def __len__(self):
        return self.features.shape[0]
    def __getitem__(self, idx):
        return torch.Tensor(self.features[idx]).to(device), torch.Tensor(self.labels[idx]).to(device)

In [23]:
if attack_type == 'backdoor':
    train_dataset = MyVectorDataset(dataset.x_train, dataset.y_train)
elif attack_type in {'influence','kkt','label-flip'}:
    train_dataset = MyVectorDataset(result['x_train'], result['y_train'])
test_dataset = MyVectorDataset(dataset.x_test, dataset.y_test)

In [24]:
train_dataloader = DataLoader(train_dataset, batch_size=config['batch_size'], shuffle=True)
test_dataloader = DataLoader(test_dataset, batch_size=config['batch_size'], shuffle=True)
# clean_dataloader = DataLoader(clean_dataset, batch_size=config['batch_size'], shuffle=True)

# Train a Model

In [25]:
class SVM(torch.nn.Module):
    def __init__(self):
        super(SVM, self).__init__() 
        self.linear = torch.nn.Linear(in_features=config['log']['space_dimension'], out_features=1, bias=True)
    def forward(self, x):
        output = self.linear(x)
        return output

In [26]:
def output_to_label(out):
    if out >= 0:
      return 1
    else:
      return 0

In [27]:
def make_prediction(model, x_arr):
  outs = list(model(torch.Tensor(x_arr)).squeeze().detach().numpy())
  labels = [output_to_label(out) for out in outs]
  return np.array(labels)

In [28]:
model = SVM()
model = model.to(device)
loss_fn = HingeLoss()
optimizer = torch.optim.SGD(model.parameters(), lr=config['learning_rate'], weight_decay=1e-5)

In [29]:
def train_loop(dataloader, model, loss_fn, optimizer, epoch_num):
    num_points = len(dataloader.dataset)
    for batch, (features, labels) in enumerate(dataloader):        
        # Compute prediction and loss
        pred = model(features)
        loss = loss_fn(pred, labels)
        
        # Backpropagation
        optimizer.zero_grad() # sets gradients of all model parameters to zero
        loss.backward() # calculate the gradients again
        optimizer.step() # w = w - learning_rate * grad(loss)_with_respect_to_w

        if batch % 100 == 0:
            loss, current = loss.item(), batch * len(features)
            print(f"\r Epoch {epoch_num} - loss: {loss:>7f}  [{current:>5d}/{num_points:>5d}]", end=" ")

In [30]:
def test_loop(dataloader, model, loss_fn, epoch_num, name):
    num_points = len(dataloader.dataset)
    sum_test_loss, correct = 0, 0

    with torch.no_grad():
        for batch, (features, labels) in enumerate(dataloader):
            pred = model(features)
            sum_test_loss += loss_fn(pred, labels).item() # add the current loss to the sum of the losses
            # convert the outputs of the model on the current batch to a numpy array
            pred_lst = list(pred.cpu().numpy().squeeze())
            pred_lst = [output_to_label(item) for item in pred_lst]
            # convert the original labels corresponding to the current batch to a numpy array
            output_lst = list(labels.cpu().numpy().squeeze()) 
            # determine the points for which the model is correctly predicting the label (add a 1 for each)
            match_lst = [1 if p==o else 0 for (p, o) in zip(pred_lst, output_lst)] 
            # count how many points are labeled correctly in this batch and add the number to the overall count of the correct labeled points
            correct += sum(match_lst) 
            
    sum_test_loss /= num_points
    correct /= num_points
    config['log']['accuracy_'+name] = (100*correct)
    config['log']['loss_'+name] = sum_test_loss
    print(f"\r Epoch {epoch_num} - {name} Error: Accuracy: {(100*correct):>0.1f}%, Avg loss: {sum_test_loss:>8f}", end=" ")

In [31]:
%%time
for epoch_num in range(1, config['num_epochs']+1):
    train_loop(train_dataloader, model, loss_fn, optimizer, epoch_num)

 Epoch 500 - loss: 0.747521  [    0/25000] CPU times: user 14min 32s, sys: 2.6 s, total: 14min 34s
Wall time: 14min 32s


# Evaluation

In [32]:
test_loop(train_dataloader, model, loss_fn, config['num_epochs'], 'Train')

 Epoch 500 - Train Error: Accuracy: 67.2%, Avg loss: 0.001521 

In [33]:
test_loop(test_dataloader, model, loss_fn, config['num_epochs'], 'Test')

 Epoch 500 - Test Error: Accuracy: 77.0%, Avg loss: 0.001157 

In [34]:
if attack_type == 'backdoor':
    y_train_pred = make_prediction(model.to('cpu'), dataset.x_train)
elif attack_type in {'influence','kkt','label-flip'}:
    y_train_pred = make_prediction(model.to('cpu'), result['x_train'])
y_test_pred = make_prediction(model.to('cpu'), dataset.x_test)

In [35]:
config['log']['benign_accuracy'] = benign_accuracy(result['y_train'], y_train_pred, result['is_poison'])
config['log']['attack_success_rate'] = attack_success_rate(result['y_train'], y_train_pred, result['is_poison'])

In [36]:
config['datetime'] = tehran_datetime()

In [37]:
config

{'root_path': '/home/user01/',
 'series_ID': 103,
 'series_desc': '\ntargeted backdoor attack labels changed - LR influence attack manually implemented (without the help of jax)\n',
 'log_path': '/home/user01/experiments/IMDB/SVM/103-label-flip-imdb-wordcount-20-modify.json',
 'log': {'model': 'SVM',
  'dataset': 'IMDB',
  'task': 'binary classification',
  'pytorch_seed': 50,
  'numpy_seed': 50,
  'attack': 'label-flip',
  'method': 'modify',
  'space_dimension': 200,
  'bad_loss_percentage': 30,
  'num_repeats': 5,
  'feature_extraction': 'wordcount',
  'accuracy_Train': 67.208,
  'loss_Train': 0.001521251518726349,
  'accuracy_Test': 77.03999999999999,
  'loss_Test': 0.0011570309901237487,
  'benign_accuracy': 0.7798,
  'attack_success_rate': 0.2412},
 'poisoning_rate': 0.2,
 'learning_rate': 0.01,
 'batch_size': 512,
 'num_epochs': 500,
 'attack_step_size': 0.1,
 'num_iters': 1000,
 'backdoor_phrases': {0: ['it was reported by bbc'],
  1: ['the taste was good but the service was no

In [38]:
# logger = JSONLogger(config['log_path'], config)
# logger.log()