In [1]:
from google.colab import drive
drive.mount('/content/gdrive')

Drive already mounted at /content/gdrive; to attempt to forcibly remount, call drive.mount("/content/gdrive", force_remount=True).


In [2]:
!pip install cleverhans==3.0.1 tensorflow==1.12.0



In [3]:
from cleverhans.attacks import BasicIterativeMethod
from torchvision import datasets, transforms
from adversarial import AdversarialExperiment
import numpy as np
import pandas as pd

Using device: cuda


In [0]:
home_dir = '/content/gdrive/My Drive/Colab Notebooks/newlogic'
BATCH_SIZE = 100

In [0]:
test_data = datasets.MNIST(home_dir + '/mnist', train=False, transform=transforms.ToTensor())

In [0]:
models = pd.read_csv(home_dir + '/output/mnist-models.csv')

In [0]:
attack_specs = [
    {'ord': 2, 'epsilon': 3},
    {'ord': np.inf, 'epsilon': 0.3},
]

In [9]:
results = []
for attack_spec in attack_specs:
    bim_params = {
        'ord': attack_spec['ord'], 
        'eps': attack_spec['epsilon'], 
        'clip_min': 0., 'clip_max': 1.,
        'nb_iter': 50, 'eps_iter': .01
    }
    ex = AdversarialExperiment(BasicIterativeMethod, bim_params, test_data, 
                                batch_size=BATCH_SIZE)
    for model_name in models.name:
        print(attack_spec)
        model_path = home_dir + '/output/' + model_name + '.pkl'
        accuracies = ex.evaluate_model(model_path, num_batches=25)
        results.append({
            'model_name': model_name,
            'accuracies': accuracies,
            'logits': ex.saved_adv_preds.copy(),
            'attack_type': 'BIM',
            **attack_spec
        })

{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu.pkl


[INFO 2019-10-20 22:50:17,438 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxfit_l1_01_05.pkl


[INFO 2019-10-20 22:50:28,922 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxfit_l2_01_05.pkl


[INFO 2019-10-20 22:50:40,382 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxmargin_l1_01_05.pkl


[INFO 2019-10-20 22:50:51,901 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxmargin_l2_01_05.pkl


[INFO 2019-10-20 22:51:03,470 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog.pkl


[INFO 2019-10-20 22:51:15,279 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.95 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-more-neurons.pkl


[INFO 2019-10-20 22:51:28,553 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.95 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-maxout_2.pkl


[INFO 2019-10-20 22:52:02,960 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-minmaxout_4_2.pkl


[INFO 2019-10-20 22:52:21,010 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.97 (std=0.01)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-minmaxout_4_2-sigmoid_out.pkl


[INFO 2019-10-20 22:53:07,761 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.97 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out.pkl


[INFO 2019-10-20 22:53:54,727 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out-max_fit_l1_1.pkl


[INFO 2019-10-20 22:55:14,484 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': 2, 'epsilon': 3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out-max_fit_l1_1-scrambling.pkl


[INFO 2019-10-20 22:56:34,327 cleverhans] Constructing new graph for attack BasicIterativeMethod
[INFO 2019-10-20 22:57:53,627 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.96 (std=0.02)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu.pkl


[INFO 2019-10-20 22:58:04,601 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.02 (std=0.01)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxfit_l1_01_05.pkl


[INFO 2019-10-20 22:58:15,453 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.03 (std=0.01)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxfit_l2_01_05.pkl


[INFO 2019-10-20 22:58:26,687 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.02 (std=0.01)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxmargin_l1_01_05.pkl


[INFO 2019-10-20 22:58:37,614 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.02 (std=0.02)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relu-maxmargin_l2_01_05.pkl


[INFO 2019-10-20 22:58:48,764 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.02 (std=0.01)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog.pkl


[INFO 2019-10-20 22:59:01,677 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.03 (std=0.02)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-more-neurons.pkl


[INFO 2019-10-20 22:59:35,502 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.04 (std=0.02)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-maxout_2.pkl


[INFO 2019-10-20 22:59:53,028 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.09 (std=0.03)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-minmaxout_4_2.pkl


[INFO 2019-10-20 23:00:39,272 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.21 (std=0.04)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-minmaxout_4_2-sigmoid_out.pkl


[INFO 2019-10-20 23:01:25,564 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.31 (std=0.04)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out.pkl


[INFO 2019-10-20 23:02:44,816 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.42 (std=0.04)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out-max_fit_l1_1.pkl


[INFO 2019-10-20 23:04:04,103 cleverhans] Constructing new graph for attack BasicIterativeMethod


Accuracy under attack: 0.49 (std=0.05)
{'ord': inf, 'epsilon': 0.3}
Evaluating model: /content/gdrive/My Drive/Colab Notebooks/newlogic/output/cnn-mnist-relog-spherical-minmaxout_4_2-sigmoid_out-max_fit_l1_1-scrambling.pkl
Accuracy under attack: 0.54 (std=0.05)


In [0]:
pd.DataFrame(results).to_json(home_dir + '/output/mnist-bim-results.json')

In [0]:
# for attack_spec in attack_specs:
#     bim_params = {
#         'ord': attack_spec['ord'], 
#         'eps': attack_spec['epsilon'], 
#         'clip_min': 0., 'clip_max': 1.,
#         'nb_iter': 50, 'eps_iter': .01
#     }
#     ex = AdversarialExperiment(BasicIterativeMethod, bim_params, test_data, 
#                                 batch_size=BATCH_SIZE)
#     for model_name in models.iloc[-5:].name:
#         model_path = home_dir + '/output/' + model_name + '.pkl'
#         ex.evaluate_model(model_path, num_batches=25)