# Attacks (FGSM and Iterative)

This notebook has code to generate and test performance on FGSM and iterative attacks for categorical and high-dimentional labels

In [1]:
import os
import time
from google.colab import drive

drive.mount('/gdrive')

Mounted at /gdrive


## Categorical Labels

The following attacks are performed for categorical labels:

- FGSM untargeted
- FGSM targeted
- Test iterative untargeted
- Test iterative targeted

In [2]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label category --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 category model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_category/category_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_category/category_seed7_vgg19_attack_results_NN.pth.
Downloading https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz to ./data/cifar-10-python.tar.gz
170499072it [00:03, 49275721.06it/s]                   
Extracting ./data/cifar-10-python.tar.gz to ./data
Test FGSM untargeted
Epsilon: 0	Test Accuracy = 8806 / 10000 = 0.8806
Epsilon: 0.05	Test Accuracy = 2332 / 10000 = 0.2332
Epsilon: 0.1	Test Accuracy = 1032 / 10000 = 0.1032
Epsilon: 0.15	Test Accuracy = 736 / 10000 = 0.0736
Epsilon: 0.2	Test Accuracy = 636 / 10000 = 0.0636
Epsilon: 0.25	Test Accuracy = 612 / 10000 = 0.0612
Epsilon: 0.3	Test Accuracy = 642 / 10000 = 0.0642
Test FGSM targeted
Epsilon:

In [3]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label speech --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 speech model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_speech/speech_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_speech/speech_seed7_vgg19_attack_results_NN.pth.
Files already downloaded and verified
Test FGSM untargeted
Epsilon: 0	Test Accuracy = 8459 / 10000 = 0.8459
Epsilon: 0.05	Test Accuracy = 4035 / 10000 = 0.4035
Epsilon: 0.1	Test Accuracy = 3134 / 10000 = 0.3134
Epsilon: 0.15	Test Accuracy = 2711 / 10000 = 0.2711
Epsilon: 0.2	Test Accuracy = 2373 / 10000 = 0.2373
Epsilon: 0.25	Test Accuracy = 2060 / 10000 = 0.206
Epsilon: 0.3	Test Accuracy = 1797 / 10000 = 0.1797
Test FGSM targeted
Epsilon: 0	Test Accuracy = 8459 / 10000 = 0.8459
Epsilon: 0.05	Test Accuracy = 3982 / 10000 = 0.3982
Epsilon: 0.1	Test Accuracy = 2954 / 10000 = 0.2954
Epsilon: 0.15	Test Accuracy = 243

In [4]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label shuffle --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 shuffle model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_shuffle/shuffle_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_shuffle/shuffle_seed7_vgg19_attack_results_NN.pth.
Files already downloaded and verified
Test FGSM untargeted
Epsilon: 0	Test Accuracy = 8584 / 10000 = 0.8584
Epsilon: 0.05	Test Accuracy = 5292 / 10000 = 0.5292
Epsilon: 0.1	Test Accuracy = 4562 / 10000 = 0.4562
Epsilon: 0.15	Test Accuracy = 4330 / 10000 = 0.433
Epsilon: 0.2	Test Accuracy = 4262 / 10000 = 0.4262
Epsilon: 0.25	Test Accuracy = 4165 / 10000 = 0.4165
Epsilon: 0.3	Test Accuracy = 4027 / 10000 = 0.4027
Test FGSM targeted
Epsilon: 0	Test Accuracy = 8584 / 10000 = 0.8584
Epsilon: 0.05	Test Accuracy = 4230 / 10000 = 0.423
Epsilon: 0.1	Test Accuracy = 3248 / 10000 = 0.3248
Epsilon: 0.15	Test Accuracy =

In [5]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label uniform --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 uniform model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_uniform/uniform_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_uniform/uniform_seed7_vgg19_attack_results_NN.pth.
Files already downloaded and verified
Traceback (most recent call last):
  File "/gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py", line 122, in <module>
    model.load_state_dict(torch.load(best_model_path, map_location=torch.device(device)))
  File "/usr/local/lib/python3.7/dist-packages/torch/serialization.py", line 699, in load
    with _open_file_like(f, 'rb') as opened_file:
  File "/usr/local/lib/python3.7/dist-packages/torch/serialization.py", line 231, in _open_file_like
    return _open_file(name_or_buffer, mode)
  File "/usr/local/lib/python3.7/dist-packages/torch/ser

In [6]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label composite --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 composite model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_composite/composite_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_composite/composite_seed7_vgg19_attack_results_NN.pth.
Files already downloaded and verified
Test FGSM untargeted
Epsilon: 0	Test Accuracy = 8246 / 10000 = 0.8246
Epsilon: 0.05	Test Accuracy = 6431 / 10000 = 0.6431
Epsilon: 0.1	Test Accuracy = 6370 / 10000 = 0.637
Epsilon: 0.15	Test Accuracy = 6303 / 10000 = 0.6303
Epsilon: 0.2	Test Accuracy = 6061 / 10000 = 0.6061
Epsilon: 0.25	Test Accuracy = 5542 / 10000 = 0.5542
Epsilon: 0.3	Test Accuracy = 4936 / 10000 = 0.4936
Test FGSM targeted
Epsilon: 0	Test Accuracy = 8246 / 10000 = 0.8246
Epsilon: 0.05	Test Accuracy = 2821 / 10000 = 0.2821
Epsilon: 0.1	Test Accuracy = 1182 / 10000 = 0.1182
Epsilon: 0.15	Test

In [None]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label bert --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)

Start attacking cifar10 bert model (kNN) with manual seed 7 and model vgg19.
Best model location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_bert/bert_seed7_vgg19_best_model.pth.
Attack results location: /gdrive/MyDrive/practical_deep_learning/project/outputs/cifar10/seed7/vgg19/model_bert/bert_seed7_vgg19_attack_results_NN.pth.
Files already downloaded and verified
Test FGSM untargeted
Epsilon: 0	Test Accuracy = 8866 / 10000 = 0.8866
Epsilon: 0.05	Test Accuracy = 5164 / 10000 = 0.5164
Epsilon: 0.1	Test Accuracy = 4591 / 10000 = 0.4591
Epsilon: 0.15	Test Accuracy = 4349 / 10000 = 0.4349
Epsilon: 0.2	Test Accuracy = 4102 / 10000 = 0.4102
Epsilon: 0.25	Test Accuracy = 3793 / 10000 = 0.3793
Epsilon: 0.3	Test Accuracy = 3361 / 10000 = 0.3361
Test FGSM targeted
Epsilon: 0	Test Accuracy = 8866 / 10000 = 0.8866
Epsilon: 0.05	Test Accuracy = 4293 / 10000 = 0.4293
Epsilon: 0.1	Test Accuracy = 3174 / 10000 = 0.3174
Epsilon: 0.15	Test Accuracy = 2747 / 10000

In [None]:
start = time.time()
! python /gdrive/MyDrive/practical_deep_learning/project/original_experiments/attack.py --model vgg19 --dataset cifar10 --seed 7 --label random --base_dir /gdrive/MyDrive/practical_deep_learning/project/outputs --label_dir /gdrive/MyDrive/practical_deep_learning/project/original_experiments/labels/label_files/
end = time.time()
print("Time:", end-start)