In [1]:
import os
import torch
import time
import json
import numpy as np
import pandas as pd
import random

import torchvision
import torchvision.transforms as transforms
import matplotlib.pyplot as plt
import torch.nn as nn
import torch.nn.functional as F
import torch.optim as optim


from torchvision.datasets import CIFAR10
from torchvision.transforms import ToTensor
from torch.utils.data.dataloader import DataLoader
from torch.utils.data.sampler import SubsetRandomSampler
from torch.utils.data import Dataset

from sklearn.model_selection import train_test_split
from sklearn.preprocessing import StandardScaler
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, classification_report
from sklearn.metrics import confusion_matrix
from sklearn import metrics

In [2]:
import matplotlib.pyplot as plt
%matplotlib inline

In [3]:
def set_seed(seed):
    torch.backends.cudnn.deterministic = True
    torch.backends.cudnn.benchmark = False
    torch.manual_seed(seed)
    torch.cuda.manual_seed_all(seed)
    np.random.seed(seed)
    random.seed(seed)

In [4]:
# https://gist.github.com/kevinzakka/d33bf8d6c7f06a9d8c76d97a7879f5cb
def load_data_v2(shuffle=True, batch_size=None, seed=None):
    torch.manual_seed(seed)

    normalize = transforms.Normalize(
        mean=[0.4914, 0.4822, 0.4465],
        std=[0.2023, 0.1994, 0.2010],
    )

    # define transforms for validation and train.
    valid_transform = transforms.Compose([
        transforms.ToTensor(),
        normalize,
    ])
    train_transform = transforms.Compose([
        transforms.ToTensor(),
        normalize,
    ])

    # loading in dataset.
    train_dataset = CIFAR10(train=True, download=True,
                            root="../data", transform=train_transform)
    valid_dataset = CIFAR10(train=True, download=True,
                            root="../data", transform=valid_transform)
    # need to transform the test according to the train.
    test_dataset = CIFAR10(train=False, download=True,
                           root="../data", transform=train_transform)

    print("Train Size: {}, Test Size: {}, Valid Size: {}".format(
        len(train_dataset), len(test_dataset), len(valid_dataset)))

    # spliiting into validation/train/test.
    num_train = len(train_dataset)
    indices = list(range(num_train))
    valid_size = 0.10
    split = int(np.floor(valid_size * num_train))
    if shuffle:
        np.random.shuffle(indices)

    train_idx, valid_idx = indices[split:], indices[:split]
    print("Train Size:{} Valid Size: {}".format(len(train_idx), len(valid_idx)))
    train_sampler = SubsetRandomSampler(train_idx)
    valid_sampler = SubsetRandomSampler(valid_idx)

    train_loader = DataLoader(
        train_dataset, batch_size=batch_size, sampler=train_sampler,
        num_workers=0, pin_memory=True,
    )
    valid_loader = DataLoader(
        valid_dataset, batch_size=batch_size, sampler=valid_sampler,
        num_workers=0, pin_memory=True,
    )
    test_loader = DataLoader(
        test_dataset, batch_size=batch_size, shuffle=True,
        num_workers=0, pin_memory=True,
    )
    return train_loader, valid_loader, test_loader


In [5]:
train_loader, val_loader, test_loader = load_data_v2(
            batch_size=512, shuffle=True, seed=1)

Files already downloaded and verified
Files already downloaded and verified
Files already downloaded and verified
Train Size: 50000, Test Size: 10000, Valid Size: 50000
Train Size:45000 Valid Size: 5000


In [6]:
def imshow(img, title):
    npimg = img.numpy()
    fig = plt.figure(figsize = (5, 15))
    plt.imshow(np.transpose(npimg,(1,2,0)))
    plt.title(title)
    plt.show()

In [7]:
sampleX,sampleY = iter(train_loader).next()
print("The sample data shape is ",sampleX.shape,sampleY.shape)

The sample data shape is  torch.Size([512, 3, 32, 32]) torch.Size([512])


In [8]:
def imshow(img):
  img = img / 2 + 0.5   # unnormalize
  npimg = img.numpy()   # convert from tensor
  plt.imshow(np.transpose(npimg, (1, 2, 0))) 
  plt.show()

In [9]:
dataiter = iter(train_loader)
imgs, lbls = dataiter.next()

In [10]:
# Just for showing frogs
# for i in range(100):  # show just the frogs
#     if lbls[i] == 6:  # 6 = frog
#         imshow(torchvision.utils.make_grid(imgs[i]))

## Checking Accuracy + F1 Score 

In [11]:
class Net(nn.Module):
    def __init__(self):
        super(Net, self).__init__()
        self.conv1 = nn.Conv2d(3, 6, 5)
        self.pool = nn.MaxPool2d(2, 2)
        self.conv2 = nn.Conv2d(6, 16, 5)
        self.fc1 = nn.Linear(16 * 5 * 5, 120)
        self.fc2 = nn.Linear(120, 84)
        self.fc3 = nn.Linear(84, 10)
        self.softmax = nn.Softmax(dim=1)

    def forward(self, x):
        x = self.pool(F.relu(self.conv1(x)))
        x = self.pool(F.relu(self.conv2(x)))
        x = x.view(-1, 16 * 5 * 5)
        x = F.relu(self.fc1(x))
        x = F.relu(self.fc2(x))
        x = self.fc3(x)
        x = self.softmax(x)
        return x

In [12]:
pwd

'/app/timeseries/adversarial'

In [13]:
model = torch.load('/app/timeseries/adversarial/models/cifar/af1.pth').to("cuda:3")
model.eval()

Net(
  (conv1): Conv2d(3, 6, kernel_size=(5, 5), stride=(1, 1))
  (pool): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
  (conv2): Conv2d(6, 16, kernel_size=(5, 5), stride=(1, 1))
  (fc1): Linear(in_features=400, out_features=120, bias=True)
  (fc2): Linear(in_features=120, out_features=84, bias=True)
  (fc3): Linear(in_features=84, out_features=10, bias=True)
  (softmax): Softmax(dim=1)
)

In [14]:
device='cuda:3'

In [15]:
test_preds, test_labels = np.array([]), np.array([])
with torch.no_grad():
    for i, (inputs, labels) in enumerate(test_loader):
        labels_list = labels.cpu().numpy()

        inputs = inputs.to(device)
        labels = labels.to(device)

        output = model(inputs)
        _, predicted = torch.max(output, 1)

        pred_arr = predicted.cpu().numpy()
        label_arr = labels.cpu().numpy()

        test_labels = np.concatenate([test_labels, label_arr])
        test_preds = np.concatenate([test_preds, pred_arr])


    # calculating metrics 
    test_acc = accuracy_score(y_true=test_labels, y_pred=test_preds)
    test_f1_micro = f1_score(y_true=test_labels, y_pred=test_preds, average='micro')
    test_f1_macro = f1_score(y_true=test_labels, y_pred=test_preds, average='macro')

In [18]:
print("accuracy: {}".format(test_acc))
print(test_f1_micro)
print(test_f1_macro)

accuracy: 0.5943
0.5943
0.5997470307383832


## Doing the L2 Adversarial Attack

Based on the paper, i.e. not exact same version of the code on https://github.com/carlini/nn_robust_attacks

(1) Binary search method for c, (2) Optimization on tanh space, (3) Choosing method best l2 adversaries is NOT IN THIS CODE.

In [19]:
# number of iterations to perform gradient descent 
MAX_ITERATIONS = 1000
# larger values converge faster to less accurate results
LEARNING_RATE = 1e-2
# should we target one specific class? or just be wrong?
TARGETED = False
 # how strong the adversarial example should be
CONFIDENCE = 1e-4 


def cw_l2_attack(model, images, labels, targeted=TARGETED, 
                 c=CONFIDENCE, kappa=0, max_iter=MAX_ITERATIONS, learning_rate=0.01) :

    images = images.to(device)     
    labels = labels.to(device)

    # Define f-function
    def f(x):
        outputs = model(x)
        one_hot_labels = torch.eye(len(outputs[0]))[labels].to(device)

        i, _ = torch.max((1-one_hot_labels)*outputs, dim=1)
        j = torch.masked_select(outputs, one_hot_labels.byte())
        
        # If targeted, optimize for making the other class most likely 
        if targeted :
            return torch.clamp(i-j, min=-kappa)
        # If untargeted, optimize for making the other class most likely 
        else :
            return torch.clamp(j-i, min=-kappa)
    
    w = torch.zeros_like(images, requires_grad=True).to(device)
    optimizer = optim.Adam([w], lr=learning_rate)
    prev = 1e10
    
    for step in range(max_iter) :
        a = 1/2*(nn.Tanh()(w) + 1)
        loss1 = nn.MSELoss(reduction='sum')(a, images)
        loss2 = torch.sum(c*f(a))

        cost = loss1 + loss2
        optimizer.zero_grad()
        cost.backward()
        optimizer.step()

        # Early Stop when loss does not converge.
        if step % (max_iter//10) == 0 :
            if cost > prev :
                print('Attack Stopped due to CONVERGENCE....')
                return a
            prev = cost
        
        print('- Learning Progress : %2.2f %%        ' %((step+1)/max_iter*100), end='\r')

    attack_images = 1/2*(nn.Tanh()(w) + 1)

    return attack_images

In [20]:
print("Attack Image & Predicted Label")

model.eval()

correct = 0
total = 0

for i, (images, labels) in enumerate(test_loader):
    images = cw_l2_attack(model, images, labels, targeted=False, c=0.1)
    labels = labels.to(device)
    outputs = model(images)
    
    _, pre = torch.max(outputs.data, 1)

    # adding the nubme of images 
    total += images.shape[0]
    correct += (pre == labels).sum()
        
print('Accuracy of test text: %f %%' % (100 * float(correct) / total))

Attack Image & Predicted Label




Accuracy of test text: 26.610000 %    


In [22]:
train_loader_1, val_loader_1, test_loader_1 = load_data_v2(
            batch_size=1, shuffle=True, seed=1)

Files already downloaded and verified
Files already downloaded and verified
Files already downloaded and verified
Train Size: 50000, Test Size: 10000, Valid Size: 50000
Train Size:45000 Valid Size: 5000


In [23]:
print("Attack Image & Predicted Label")

model.eval()

correct = 0
total = 0
i = 0 
for images, labels in test_loader_1:
    images = cw_l2_attack(model, images, labels, targeted=False, c=0.1)
    labels = labels.to(device)
    outputs = model(images)
    
    _, pre = torch.max(outputs.data, 1)

    # adding the nubme of images 
    total += images.shape[0]
    correct += (pre == labels).sum()
    i += 1 
    if i > 50: 
        break
        
print('Accuracy of test text: %f %%' % (100 * float(correct) / total))

Attack Image & Predicted Label
- Learning Progress : 0.10 %        - Learning Progress : 0.20 %        - Learning Progress : 0.30 %        - Learning Progress : 0.40 %        - Learning Progress : 0.50 %        - Learning Progress : 0.60 %        - Learning Progress : 0.70 %        - Learning Progress : 0.80 %        - Learning Progress : 0.90 %        - Learning Progress : 1.00 %        - Learning Progress : 1.10 %        - Learning Progress : 1.20 %        - Learning Progress : 1.30 %        - Learning Progress : 1.40 %        - Learning Progress : 1.50 %        - Learning Progress : 1.60 %        



Accuracy of test text: 15.686275 %    
