In [1]:
# Import packages
import numpy as np
import tensorflow as tf
import keras
from keras import Model
import os, glob
import resnet_modified # modified to have zero verbosity, deperacated several printing step, lr -> learning_rate in calling adam.
from keras.datasets import cifar10
from keras.utils import to_categorical
from sklearn.model_selection import train_test_split
from resnet_modified import ResNet
from keras.callbacks import ModelCheckpoint, LearningRateScheduler, ReduceLROnPlateau
from keras.models import load_model
from keras import layers
from keras.layers import Dense
import pandas as pd

In [2]:
(x, y), (x_test, y_test) = cifar10.load_data()

In [3]:
x_train, x_v, y_train, y_v = train_test_split(x, y, test_size=0.2, random_state=42)

In [4]:
x_train = x_train.astype('float32') / 255.0
x_val = x_v.astype('float32') / 255.0
x_test = x_test.astype('float32') / 255.0

y_train_categorical_10 = to_categorical(y_train,10)
y_val_categorical_10 = to_categorical(y_v,10)
y_test_categorical_10 = to_categorical(y_test,10)


In [5]:
adv_x_tr_pgd_by_resnet56v1_0_untarget = np.load("adversarial_examples/gen_by_ResNet/pgd_0.376_x_untarget.npy")
adv_x_val_pgd_by_resnet56v1_0_untarget = np.load("adversarial_examples/gen_by_ResNet/pgd_0.376_x_val_untarget.npy")

adv_x_tr_pgd_by_resnet56v1_0_target_to_ll = np.load("adversarial_examples/gen_by_ResNet/pgd_0.376_x_target_to_ll.npy")
adv_x_val_pgd_by_resnet56v1_0_target_to_ll = np.load("adversarial_examples/gen_by_ResNet/pgd_0.376_x_val_target_to_ll.npy")

adv_x_tr_cw_by_resnet56v1_0_untarget = np.load("adversarial_examples/gen_by_ResNet/cwl2_x_tr_untargeted.npy")
adv_x_val_cw_by_resnet56v1_0_untarget = np.load("adversarial_examples/gen_by_ResNet/cwl2_x_v_untargeted.npy")



nb_iter = 8
norm = 2

eps = 216/255
eps_iter = 96/255
These are parameters for PGD.
L2 norm, big perturbation (~ 0.83) for pgd

typical parameter for succesful pgd attack : for L2, 1/255 - 3/255, and for L infinite (norm = np.inf), 8/255

max iteration = 100 for cwl2


In [6]:
label_dict = {(3,1) : 'ResNet20v1',
        (3,2) : 'ResNet20v2',
        (9,1): 'ResNet56v1',
        (9,2): 'ResNet56v2'}

In [None]:
## custom turn specialist function

def lr_schedule(epoch):
    """Learning Rate Schedule

    Learning rate is scheduled to be reduced after 5, 10, 15, 18 epochs.
    Called automatically every epoch as part of callbacks during training.

    # Arguments
        epoch (int): The number of epochs

    # Returns
        lr (float32): learning rate
    """
    lr = 1e-3
    if epoch > 18:
        lr *= 0.5e-3
    elif epoch > 15:
        lr *= 1e-3
    elif epoch > 10:
        lr *= 1e-2
    elif epoch > 5:
        lr *= 1e-1
#     print('Learning rate: ', lr)
    return lr

def turn_specialist(model : Model, path : str,
        x_tr: np.ndarray | None = None,
        y_tr: np.ndarray | None = None,
        x_v: np.ndarray | None = None,
        y_v: np.ndarray | None = None,
        epochs: int = 21,
        learning_rate : float = 1e-3,
        batch_size: int = 128,
        # save_each: bool = False,
        # save_bests: int | None = None,
        verbose: int = 1,
        name : str = ''
    ):
        
        # build specialist network
        base = Model(inputs = model.inputs, outputs = model.layers[-2].output, name=f"base{name}")
        x    = keras.Input(shape=base.input_shape[1:], name=f"in{name}")
        y    = Dense(10, name=f"dense{name}")(base(x)) # 10 can be changed to len(newtarget)
        z    = layers.Softmax(name=f"softmax{name}")(y)
        specialist = Model(inputs = x, outputs = z)
        specialist.compile(
            optimizer=tf.keras.optimizers.Adam(learning_rate=learning_rate),
            loss="categorical_crossentropy",
            metrics=["accuracy"],
        )
        




        # callbacks
        callbacks = [ModelCheckpoint(path, monitor="val_accuracy",
                                    save_best_only=True, verbose=verbose)]
        
        callbacks += [LearningRateScheduler(lr_schedule),
                        ReduceLROnPlateau(factor=np.sqrt(0.1), patience=5, min_lr=5e-7)]

        # fit 
        hist = specialist.fit(x_tr, y_tr, batch_size=batch_size,
                        validation_data=(x_v, y_v),
                        epochs=epochs, callbacks=callbacks, verbose=verbose)



        # ---------- summary ----------
        metric = "val_accuracy"
        best = np.max(hist.history[metric])
        first = hist.history[metric][0]
        print(f"best {metric} {best:.3f} (first {first:.3f})")
        return specialist, hist


In [8]:
training_y_long=np.concatenate([y_train,y_train+10],axis=0)
training_y_long = keras.utils.to_categorical(training_y_long,20)
validating_y_long=np.concatenate([y_v,y_v+10],axis=0)
validating_y_long = keras.utils.to_categorical(validating_y_long,20)

In [9]:
# ## Structure varies, adversarial is from ResNet56v1, PGD method, untargeted , L2 norm, 216/255 epsilon perturbation

# training_x = np.concatenate([x_train,adv_x_tr_pgd_by_resnet56v1_0_untarget],axis=0)
# validating_x = np.concatenate([x_val,adv_x_val_pgd_by_resnet56v1_0_untarget],axis=0)
# for n in [3,9]:
#     for v in [1,2]:
#         for label in [0,1,2,3]:
#             path = f'adversarial_models/full_and_fine/{label_dict[(n,v)]}_ff_untargeted-adv_{label}.keras'
#             print(f'fit starts {label_dict[(n,v)]}_ff_untargeted-adv_{label}.keras')
#             resnet_model = ResNet(path,training_x,training_y_long,validating_x,validating_y_long,n=n,version=v)
#             resnet_model.train(save_best_only=True,epochs=200)
#             print(f'fit ends. Turn into specialist on original only')
#             specialist = turn_specialist(load_model(path),
#                 f'adversarial_models/specialized_from_full_and_fine/classifying_original_from_{label_dict[(n,v)]}_ff_untargeted-adv_{label}.keras', 
#                 x_train, y_train_categorical_10, 
#                 x_val, y_val_categorical_10)



In [None]:
## PGD method, targeted to least likely logit

training_x = np.concatenate([x_train,adv_x_tr_pgd_by_resnet56v1_0_target_to_ll],axis=0)
validating_x = np.concatenate([x_val,adv_x_val_pgd_by_resnet56v1_0_target_to_ll],axis=0)

for n, v, label in [(9,2,2),(9,2,3)]:
    path = f'adversarial_models/full_and_fine/{label_dict[(n,v)]}_ff_targeted-adv_{label}.keras'
    print(f'fit starts {label_dict[(n,v)]}_ff_targeted-adv_{label}.keras')

    # Train full + fine model 
    resnet_model = ResNet(
        path,
        training_x, training_y_long,
        validating_x, validating_y_long,
        n=n, version=v
    )
    resnet_model.train(save_best_only=True, epochs=200)

    print(f'fit ends. Turn into specialist on original only')

    # Load best model and train specialist on original data
    specialist = turn_specialist(
        load_model(path),
        f'adversarial_models/specialized_from_full_and_fine/classifying_original_from_{label_dict[(n,v)]}_ff_targeted-adv_{label}.keras',
        x_train, y_train_categorical_10,
        x_val, y_val_categorical_10
    )

fit starts ResNet56v2_ff_targeted-adv_2.keras


In [10]:
## load pre-trained CIFAR10 ResNet models
folder = 'CIFAR10models/ResNet/'
pattern = os.path.join(folder, '*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

for f, model_ in loaded_models.items():
    base = f.replace('.keras','')
    parts = base.split('_')
    structure = label_dict[(int(parts[1]), int(parts[2][-1]))]
    idx = parts[-1][-1]
    

    path = f'CIFAR10models/more_tunned/{structure}_more_specialized_{idx}.keras'
    print(f'index:{idx}\nstructure:{structure}')
    specialist = turn_specialist(
        model_,
        path,
        x_train, y_train_categorical_10,    
        x_val, y_val_categorical_10
        )

index:0
structure:ResNet20v1
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.88040, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras
Epoch 2/21
Epoch 2: val_accuracy did not improve from 0.88040
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.88040
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.88040
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.88040
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.88040
Epoch 7/21
Epoch 7: val_accuracy improved from 0.88040 to 0.90490, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.90490 to 0.90660, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90660 to 0.90690, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras
Epoch 10/21
Epoch 10: val_accuracy did not improve from 0.90690
Epoch 11/21
Epoch 11

Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.87460
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.87460
Epoch 7/21
Epoch 7: val_accuracy improved from 0.87460 to 0.90110, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.90110 to 0.90160, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90160 to 0.90310, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras
Epoch 10/21
Epoch 10: val_accuracy improved from 0.90310 to 0.90340, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras
Epoch 11/21
Epoch 11: val_accuracy improved from 0.90340 to 0.90370, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras
Epoch 12/21
Epoch 12: val_accuracy improved from 0.90370 to 0.90500, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_1.keras


Epoch 9/21
Epoch 9: val_accuracy did not improve from 0.90670
Epoch 10/21
Epoch 10: val_accuracy improved from 0.90670 to 0.90700, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_2.keras
Epoch 11/21
Epoch 11: val_accuracy improved from 0.90700 to 0.90750, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_2.keras
Epoch 12/21
Epoch 12: val_accuracy improved from 0.90750 to 0.90770, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_2.keras
Epoch 13/21
Epoch 13: val_accuracy did not improve from 0.90770
Epoch 14/21
Epoch 14: val_accuracy did not improve from 0.90770
Epoch 15/21
Epoch 15: val_accuracy improved from 0.90770 to 0.90790, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_2.keras
Epoch 16/21
Epoch 16: val_accuracy did not improve from 0.90790
Epoch 17/21
Epoch 17: val_accuracy did not improve from 0.90790
Epoch 18/21
Epoch 18: val_accuracy did not improve from 0.90790
Epoch 19/21
Epoch 19: val_accu

Epoch 16: val_accuracy did not improve from 0.90590
Epoch 17/21
Epoch 17: val_accuracy improved from 0.90590 to 0.90600, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_4.keras
Epoch 18/21
Epoch 18: val_accuracy improved from 0.90600 to 0.90630, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_4.keras
Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.90630
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.90630
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.90630
best val_accuracy 0.906 (first 0.854)
index:5
structure:ResNet20v1
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.87200, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_5.keras
Epoch 2/21
Epoch 2: val_accuracy did not improve from 0.87200
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.87200
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.87200
Epoch 5/21
Epoch 5: val_accuracy improved from 0.87200 to 0.87560, 

Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.90970
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.90970
best val_accuracy 0.910 (first 0.872)
index:6
structure:ResNet20v1
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.87790, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_6.keras
Epoch 2/21
Epoch 2: val_accuracy did not improve from 0.87790
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.87790
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.87790
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.87790
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.87790
Epoch 7/21
Epoch 7: val_accuracy improved from 0.87790 to 0.90120, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_6.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.90120 to 0.90400, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_6.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90400 to 0.905

Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.88560
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.88560
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.88560
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.88560
Epoch 7/21
Epoch 7: val_accuracy improved from 0.88560 to 0.90300, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_7.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.90300 to 0.90540, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_7.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90540 to 0.90670, saving model to CIFAR10models/more_tunned/ResNet20v1_more_specialized_7.keras
Epoch 10/21
Epoch 10: val_accuracy did not improve from 0.90670
Epoch 11/21
Epoch 11: val_accuracy did not improve from 0.90670
Epoch 12/21
Epoch 12: val_accuracy did not improve from 0.90670
Epoch 13/21
Epoch 13: val_accuracy improved from 0.90670 to 0.90710, saving model to CIFAR10models/more_tunned/ResNet20v1_mor

Epoch 8/21
Epoch 8: val_accuracy improved from 0.93390 to 0.93690, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_0.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.93690 to 0.93860, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_0.keras
Epoch 10/21
Epoch 10: val_accuracy improved from 0.93860 to 0.93920, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_0.keras
Epoch 11/21
Epoch 11: val_accuracy improved from 0.93920 to 0.93980, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_0.keras
Epoch 12/21
Epoch 12: val_accuracy improved from 0.93980 to 0.94020, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_0.keras
Epoch 13/21
Epoch 13: val_accuracy did not improve from 0.94020
Epoch 14/21
Epoch 14: val_accuracy did not improve from 0.94020
Epoch 15/21
Epoch 15: val_accuracy did not improve from 0.94020
Epoch 16/21
Epoch 16: val_accuracy improved from 0.94020 to 0.94050, saving m

Epoch 12/21
Epoch 12: val_accuracy did not improve from 0.90740
Epoch 13/21
Epoch 13: val_accuracy improved from 0.90740 to 0.90750, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_1.keras
Epoch 14/21
Epoch 14: val_accuracy did not improve from 0.90750
Epoch 15/21
Epoch 15: val_accuracy did not improve from 0.90750
Epoch 16/21
Epoch 16: val_accuracy improved from 0.90750 to 0.90810, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_1.keras
Epoch 17/21
Epoch 17: val_accuracy did not improve from 0.90810
Epoch 18/21
Epoch 18: val_accuracy did not improve from 0.90810
Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.90810
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.90810
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.90810
best val_accuracy 0.908 (first 0.864)
index:2
structure:ResNet20v2
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.86240, saving model to CIFAR10models/more_tunned/ResNet20v2_more_speci

Epoch 17: val_accuracy did not improve from 0.91420
Epoch 18/21
Epoch 18: val_accuracy did not improve from 0.91420
Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.91420
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.91420
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.91420
best val_accuracy 0.914 (first 0.862)
index:3
structure:ResNet20v2
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.88320, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_3.keras
Epoch 2/21
Epoch 2: val_accuracy did not improve from 0.88320
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.88320
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.88320
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.88320
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.88320
Epoch 7/21
Epoch 7: val_accuracy improved from 0.88320 to 0.90960, saving model to CIFAR10models/more_tunned/ResNet20v2_more_specialized_3.keras
Epoch 8/21
Epoch 8: val_accu

best val_accuracy 0.913 (first 0.883)
index:0
structure:ResNet56v1
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.83290, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_0.keras
Epoch 2/21
Epoch 2: val_accuracy improved from 0.83290 to 0.88480, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_0.keras
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.88480
Epoch 4/21
Epoch 4: val_accuracy improved from 0.88480 to 0.89470, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_0.keras
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.89470
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.89470
Epoch 7/21
Epoch 7: val_accuracy improved from 0.89470 to 0.94160, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_0.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.94160 to 0.94410, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_0.keras
Epoch 9/21
Epoch 9: val_a

Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.87340
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.87340
Epoch 6/21
Epoch 6: val_accuracy improved from 0.87340 to 0.87440, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_1.keras
Epoch 7/21
Epoch 7: val_accuracy improved from 0.87440 to 0.91210, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_1.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.91210 to 0.91360, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_1.keras
Epoch 9/21
Epoch 9: val_accuracy did not improve from 0.91360
Epoch 10/21
Epoch 10: val_accuracy did not improve from 0.91360
Epoch 11/21
Epoch 11: val_accuracy improved from 0.91360 to 0.91370, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_1.keras
Epoch 12/21
Epoch 12: val_accuracy improved from 0.91370 to 0.91450, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_1.keras
Epoch 13/21
Epoch 13:

Epoch 8/21
Epoch 8: val_accuracy improved from 0.90210 to 0.90390, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_2.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90390 to 0.90510, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_2.keras
Epoch 10/21
Epoch 10: val_accuracy improved from 0.90510 to 0.90700, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_2.keras
Epoch 11/21
Epoch 11: val_accuracy did not improve from 0.90700
Epoch 12/21
Epoch 12: val_accuracy did not improve from 0.90700
Epoch 13/21
Epoch 13: val_accuracy did not improve from 0.90700
Epoch 14/21
Epoch 14: val_accuracy improved from 0.90700 to 0.90720, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_2.keras
Epoch 15/21
Epoch 15: val_accuracy did not improve from 0.90720
Epoch 16/21
Epoch 16: val_accuracy did not improve from 0.90720
Epoch 17/21
Epoch 17: val_accuracy did not improve from 0.90720
Epoch 18/21
Epoch 18: val_accura

Epoch 12/21
Epoch 12: val_accuracy did not improve from 0.90980
Epoch 13/21
Epoch 13: val_accuracy improved from 0.90980 to 0.91000, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_3.keras
Epoch 14/21
Epoch 14: val_accuracy did not improve from 0.91000
Epoch 15/21
Epoch 15: val_accuracy improved from 0.91000 to 0.91060, saving model to CIFAR10models/more_tunned/ResNet56v1_more_specialized_3.keras
Epoch 16/21
Epoch 16: val_accuracy did not improve from 0.91060
Epoch 17/21
Epoch 17: val_accuracy did not improve from 0.91060
Epoch 18/21
Epoch 18: val_accuracy did not improve from 0.91060
Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.91060
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.91060
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.91060
best val_accuracy 0.911 (first 0.856)
index:0
structure:ResNet56v2
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.89670, saving model to CIFAR10models/more_tunned/ResNet56v2_more_speci

Epoch 17/21
Epoch 17: val_accuracy did not improve from 0.94820
Epoch 18/21
Epoch 18: val_accuracy did not improve from 0.94820
Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.94820
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.94820
Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.94820
best val_accuracy 0.948 (first 0.897)
index:1
structure:ResNet56v2
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.84280, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_1.keras
Epoch 2/21
Epoch 2: val_accuracy improved from 0.84280 to 0.86960, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_1.keras
Epoch 3/21
Epoch 3: val_accuracy improved from 0.86960 to 0.87040, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_1.keras
Epoch 4/21
Epoch 4: val_accuracy improved from 0.87040 to 0.88150, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_1.keras
Epoch 5/21
Epoch 5: val_accuracy did

Epoch 21/21
Epoch 21: val_accuracy did not improve from 0.92220
best val_accuracy 0.922 (first 0.843)
index:2
structure:ResNet56v2
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.85490, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_2.keras
Epoch 2/21
Epoch 2: val_accuracy improved from 0.85490 to 0.87380, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_2.keras
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.87380
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.87380
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.87380
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.87380
Epoch 7/21
Epoch 7: val_accuracy improved from 0.87380 to 0.91500, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_2.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.91500 to 0.91560, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_2.keras
Epoch 9/21
Epoch 9: val_accuracy improved fr

Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.87110
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.87110
Epoch 6/21
Epoch 6: val_accuracy improved from 0.87110 to 0.87760, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_3.keras
Epoch 7/21
Epoch 7: val_accuracy improved from 0.87760 to 0.91220, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_3.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.91220 to 0.91340, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_3.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.91340 to 0.91460, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_3.keras
Epoch 10/21
Epoch 10: val_accuracy improved from 0.91460 to 0.91480, saving model to CIFAR10models/more_tunned/ResNet56v2_more_specialized_3.keras
Epoch 11/21
Epoch 11: val_accuracy did not improve from 0.91480
Epoch 12/21
Epoch 12: val_accuracy did not improve from 0.91480
Epoch 13/21
Epoch 13:

In [None]:

training_x = np.concatenate([x_train,adv_x_tr_pgd_by_resnet56v1_0_target_to_ll],axis=0)
validating_x = np.concatenate([x_val,adv_x_val_pgd_by_resnet56v1_0_target_to_ll],axis=0)

for n in [3,9]:
    for v in [1,2]:
        for label in [0,1,2,3]:
            path = f'adversarial_models/full_and_fine/{label_dict[(n,v)]}_ff_targeted-adv_{label}.keras'
            print(f'fit starts {label_dict[(n,v)]}_ff_targeted-adv_{label}.keras')
            resnet_model = ResNet(path,training_x,training_y_long,validating_x,validating_y_long,n=n,version=v)
            resnet_model.train(save_best_only=True,epochs=200)
            print(f'fit ends. Turn into specialist on original only')
            specialist = turn_specialist(load_model(path),
                f'adversarial_models/specialized_from_full_and_fine/classifying_original_from_{label_dict[(n,v)]}_ff_targeted-adv_{label}.keras', 
                x_train, y_train_categorical_10, 
                x_val, y_val_categorical_10)




fit starts ResNet20v1_ff_targeted-adv_0.keras
fit ends. Turn into specialist on original only
best val_accuracy 0.903 (first 0.844)
fit starts ResNet20v1_ff_targeted-adv_1.keras
fit ends. Turn into specialist on original only
best val_accuracy 0.904 (first 0.822)
fit starts ResNet20v1_ff_targeted-adv_2.keras
fit ends. Turn into specialist on original only
best val_accuracy 0.902 (first 0.800)
fit starts ResNet20v1_ff_targeted-adv_3.keras


In [None]:
## Now adversarial is CWL2, max iteration = 100
training_x = np.concatenate([x_train,adv_x_tr_cw_by_resnet56v1_0_untarget],axis=0)
validating_x = np.concatenate([x_val,adv_x_val_cw_by_resnet56v1_0_untarget],axis=0)

training_y_long=np.concatenate([y_train,y_train[:10001]+10],axis=0)
training_y_long = keras.utils.to_categorical(training_y_long,20)

for n, v, label in [(9,2,1),(9,2,2),(9,2,3)]:
    path = f'adversarial_models/full_and_fine/{label_dict[(n,v)]}_ff_cw-adv_{label}.keras'
    print(f'fit starts {label_dict[(n,v)]}_ff_cw-adv_{label}.keras')
    resnet_model = ResNet(path,training_x,training_y_long,validating_x,validating_y_long,n=n,version=v)
    resnet_model.train(save_best_only=True,epochs=200)
    print(f'fit ends. Turn into specialist on original only')
    specialist = turn_specialist(load_model(path),
        f'adversarial_models/specialized_from_full_and_fine/classifying_original_from_{label_dict[(n,v)]}_ff_cw-adv_{label}.keras', 
        x_train, y_train_categorical_10, 
        x_val, y_val_categorical_10, verbose = 1)







fit starts ResNet56v2_ff_cw-adv_1.keras
Epoch 1/200
Epoch 1: val_acc improved from -inf to 0.26935, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 2/200
Epoch 2: val_acc improved from 0.26935 to 0.28085, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 3/200
Epoch 3: val_acc improved from 0.28085 to 0.34590, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 4/200
Epoch 4: val_acc improved from 0.34590 to 0.34930, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 5/200
Epoch 5: val_acc did not improve from 0.34930
Epoch 6/200
Epoch 6: val_acc did not improve from 0.34930
Epoch 7/200
Epoch 7: val_acc did not improve from 0.34930
Epoch 8/200
Epoch 8: val_acc improved from 0.34930 to 0.36290, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 9/200
Epoch 9: val_acc did not improve from 0.36290
Epoch 10/200
Epoch 10: val

Epoch 27/200
Epoch 27: val_acc did not improve from 0.59435
Epoch 28/200
Epoch 28: val_acc improved from 0.59435 to 0.62370, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 29/200
Epoch 29: val_acc did not improve from 0.62370
Epoch 30/200
Epoch 30: val_acc did not improve from 0.62370
Epoch 31/200
Epoch 31: val_acc did not improve from 0.62370
Epoch 32/200
Epoch 32: val_acc did not improve from 0.62370
Epoch 33/200
Epoch 33: val_acc did not improve from 0.62370
Epoch 34/200
Epoch 34: val_acc did not improve from 0.62370
Epoch 35/200
Epoch 35: val_acc did not improve from 0.62370
Epoch 36/200
Epoch 36: val_acc did not improve from 0.62370
Epoch 37/200
Epoch 37: val_acc improved from 0.62370 to 0.64005, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 38/200
Epoch 38: val_acc improved from 0.64005 to 0.64030, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 39/200
Epoch 39: val_acc 

Epoch 55: val_acc did not improve from 0.65025
Epoch 56/200
Epoch 56: val_acc did not improve from 0.65025
Epoch 57/200
Epoch 57: val_acc improved from 0.65025 to 0.65500, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 58/200
Epoch 58: val_acc did not improve from 0.65500
Epoch 59/200
Epoch 59: val_acc did not improve from 0.65500
Epoch 60/200
Epoch 60: val_acc improved from 0.65500 to 0.65820, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 61/200
Epoch 61: val_acc did not improve from 0.65820
Epoch 62/200
Epoch 62: val_acc improved from 0.65820 to 0.67060, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 63/200
Epoch 63: val_acc did not improve from 0.67060
Epoch 64/200
Epoch 64: val_acc did not improve from 0.67060
Epoch 65/200
Epoch 65: val_acc did not improve from 0.67060
Epoch 66/200
Epoch 66: val_acc did not improve from 0.67060
Epoch 67/200
Epoch 67: val_acc did not impro

Epoch 83/200
Epoch 83: val_acc improved from 0.78160 to 0.80310, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 84/200
Epoch 84: val_acc did not improve from 0.80310
Epoch 85/200
Epoch 85: val_acc improved from 0.80310 to 0.80690, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 86/200
Epoch 86: val_acc improved from 0.80690 to 0.80715, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 87/200
Epoch 87: val_acc did not improve from 0.80715
Epoch 88/200
Epoch 88: val_acc improved from 0.80715 to 0.80870, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 89/200
Epoch 89: val_acc did not improve from 0.80870
Epoch 90/200
Epoch 90: val_acc improved from 0.80870 to 0.81560, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_1.keras
Epoch 91/200
Epoch 91: val_acc did not improve from 0.81560
Epoch 92/200
Epoch 92: val_acc did not improv

Epoch 137: val_acc did not improve from 0.82485
Epoch 138/200
Epoch 138: val_acc did not improve from 0.82485
Epoch 139/200
Epoch 139: val_acc did not improve from 0.82485
Epoch 140/200
Epoch 140: val_acc did not improve from 0.82485
Epoch 141/200
Epoch 141: val_acc did not improve from 0.82485
Epoch 142/200
Epoch 142: val_acc did not improve from 0.82485
Epoch 143/200
Epoch 143: val_acc did not improve from 0.82485
Epoch 144/200
Epoch 144: val_acc did not improve from 0.82485
Epoch 145/200
Epoch 145: val_acc did not improve from 0.82485
Epoch 146/200
Epoch 146: val_acc did not improve from 0.82485
Epoch 147/200
Epoch 147: val_acc did not improve from 0.82485
Epoch 148/200
Epoch 148: val_acc did not improve from 0.82485
Epoch 149/200
Epoch 149: val_acc did not improve from 0.82485
Epoch 150/200
Epoch 150: val_acc did not improve from 0.82485
Epoch 151/200
Epoch 151: val_acc did not improve from 0.82485
Epoch 152/200
Epoch 152: val_acc did not improve from 0.82485
Epoch 153/200
Epoch 15

Epoch 166/200
Epoch 166: val_acc did not improve from 0.82550
Epoch 167/200
Epoch 167: val_acc did not improve from 0.82550
Epoch 168/200
Epoch 168: val_acc did not improve from 0.82550
Epoch 169/200
Epoch 169: val_acc did not improve from 0.82550
Epoch 170/200
Epoch 170: val_acc did not improve from 0.82550
Epoch 171/200
Epoch 171: val_acc did not improve from 0.82550
Epoch 172/200
Epoch 172: val_acc did not improve from 0.82550
Epoch 173/200
Epoch 173: val_acc did not improve from 0.82550
Epoch 174/200
Epoch 174: val_acc did not improve from 0.82550
Epoch 175/200
Epoch 175: val_acc did not improve from 0.82550
Epoch 176/200
Epoch 176: val_acc did not improve from 0.82550
Epoch 177/200
Epoch 177: val_acc did not improve from 0.82550
Epoch 178/200
Epoch 178: val_acc did not improve from 0.82550
Epoch 179/200
Epoch 179: val_acc did not improve from 0.82550
Epoch 180/200
Epoch 180: val_acc did not improve from 0.82550
Epoch 181/200
Epoch 181: val_acc did not improve from 0.82550
Epoch 18

Epoch 19/21
Epoch 19: val_accuracy did not improve from 0.91920
Epoch 20/21
Epoch 20: val_accuracy did not improve from 0.91920
Epoch 21/21
Epoch 21: val_accuracy improved from 0.91920 to 0.91930, saving model to adversarial_models/specialized_from_full_and_fine/classifying_original_from_ResNet56v2_ff_cw-adv_1.keras
best val_accuracy 0.919 (first 0.868)
fit starts ResNet56v2_ff_cw-adv_2.keras
Epoch 1/200
Epoch 1: val_acc improved from -inf to 0.25730, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 2/200
Epoch 2: val_acc did not improve from 0.25730
Epoch 3/200
Epoch 3: val_acc improved from 0.25730 to 0.26305, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 4/200
Epoch 4: val_acc improved from 0.26305 to 0.34620, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 5/200
Epoch 5: val_acc did not improve from 0.34620
Epoch 6/200
Epoch 6: val_acc improved from 0.34620 to 0.37020, savin

Epoch 23/200
Epoch 23: val_acc improved from 0.54895 to 0.55630, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 24/200
Epoch 24: val_acc did not improve from 0.55630
Epoch 25/200
Epoch 25: val_acc did not improve from 0.55630
Epoch 26/200
Epoch 26: val_acc improved from 0.55630 to 0.60205, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 27/200
Epoch 27: val_acc did not improve from 0.60205
Epoch 28/200
Epoch 28: val_acc improved from 0.60205 to 0.61360, saving model to adversarial_models/full_and_fine/ResNet56v2_ff_cw-adv_2.keras
Epoch 29/200
Epoch 29: val_acc did not improve from 0.61360
Epoch 30/200
Epoch 30: val_acc did not improve from 0.61360
Epoch 31/200
Epoch 31: val_acc did not improve from 0.61360
Epoch 32/200

In [14]:
# ## load pre-trained CIFAR10 ResNet models
# folder = 'CIFAR10models/ResNet/'
# pattern = os.path.join(folder, '*.keras')
# file_list = sorted(glob.glob(pattern))
# loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

# ## specialize once
# for f, model_ in loaded_models.items():
#     base = f.replace('.keras','')
#     parts = base.split('_')
#     structure = label_dict[(int(parts[1]), int(parts[2][-1]))]
#     idx = parts[-1][-1]
    

#     path = f'CIFAR10models/more_tunned/{structure}_more_specialized_{idx}.keras'
#     specialist = turn_specialist(
#         model_,
#         path,
#         x_train, y_train_categorical_10,    
#         x_val, y_val_categorical_10
#         )
    
## once more
model= load_model('CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras')
print('accuracy (model specialized once) :',np.sum(np.argmax(model.predict(x_test),axis=-1) == y_test.reshape(-1)))
      
path = f'CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras'
specialist = turn_specialist(
    model,
    path,
    x_train, y_train_categorical_10,    
    x_val, y_val_categorical_10,
    name = '_twice'
    )
print('accuracy (model specialized twice) :',np.sum(np.argmax(specialist.predict(x_test),axis=-1) == y_test.reshape(-1)))
 

accuracy (model specialized once) : 9052
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.86460, saving model to CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras
Epoch 2/21
Epoch 2: val_accuracy did not improve from 0.86460
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.86460
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.86460
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.86460
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.86460
Epoch 7/21
Epoch 7: val_accuracy improved from 0.86460 to 0.89780, saving model to CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.89780 to 0.90110, saving model to CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras
Epoch 9/21
Epoch 9: val_accuracy improved from 0.90110 to 0.90250, saving model to CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras
Epoch 10/21
Epoch 10: val_accuracy did not improve f

AttributeError: 'NoneType' object has no attribute 'predict'

In [18]:
## once more
model= load_model('CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras')
print('accuracy (model specialized twice) :',np.sum(np.argmax(model.predict(x_test),axis=-1) == y_test.reshape(-1)))
      
path = f'CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras'
specialist = turn_specialist(
    model,
    path,
    x_train, y_train_categorical_10,    
    x_val, y_val_categorical_10,
    name = '_third'
    )
print('accuracy (model specialized third) :',np.sum(np.argmax(specialist[0].predict(x_test),axis=-1) == y_test.reshape(-1)))
 

accuracy (model specialized once) : 8976
Epoch 1/21
Epoch 1: val_accuracy improved from -inf to 0.84430, saving model to CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras
Epoch 2/21
Epoch 2: val_accuracy improved from 0.84430 to 0.85680, saving model to CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras
Epoch 3/21
Epoch 3: val_accuracy did not improve from 0.85680
Epoch 4/21
Epoch 4: val_accuracy did not improve from 0.85680
Epoch 5/21
Epoch 5: val_accuracy did not improve from 0.85680
Epoch 6/21
Epoch 6: val_accuracy did not improve from 0.85680
Epoch 7/21
Epoch 7: val_accuracy improved from 0.85680 to 0.89450, saving model to CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras
Epoch 8/21
Epoch 8: val_accuracy improved from 0.89450 to 0.89880, saving model to CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras
Epoch 9/21
Epoch 9: val_accuracy did not improve from 0.89880
Epoch 10/21
Epoch 10: val_accuracy improved from

TypeError: 'NoneType' object is not subscriptable

In [19]:
model_base = load_model('CIFAR10models/ResNet/n_3_v1_cifar10.keras')
print('accuracy (original) :',np.sum(np.argmax(model_base.predict(x_test),axis=-1) == y_test.reshape(-1)))

model_once= load_model('CIFAR10models/more_tunned/ResNet20v1_more_specialized_0.keras')
print('accuracy (model specialized once) :',np.sum(np.argmax(model_once.predict(x_test),axis=-1) == y_test.reshape(-1)))
     
model_twice= load_model('CIFAR10models/more_tunned/ResNet20v1_once_more_specialized_0.keras')
print('accuracy (model specialized twice) :',np.sum(np.argmax(model_twice.predict(x_test),axis=-1) == y_test.reshape(-1)))

model_third = load_model('CIFAR10models/more_tunned/ResNet20v1_twice_more_specialized_0.keras')
print('accuracy (model specialized three times) :',np.sum(np.argmax(model_third.predict(x_test),axis=-1) == y_test.reshape(-1)))


accuracy (original) : 8248
accuracy (model specialized once) : 9052
accuracy (model specialized twice) : 8976
accuracy (model specialized three times) : 8968


### Report Result

In [11]:
folder = 'adversarial_models/full_and_fine/'
pattern = os.path.join(folder, '*untargeted*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

In [14]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'ResNet20v1_ff_untargeted-adv_0.keras'
    # Extract family and index
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = parts[0]  # ResNet20v1, etc.
    attack_type = parts[2] + '_ff_pgd'  # untargeted
    idx = int(parts[-1].split('-')[-1])  # last digit after -adv_

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key][f'acc_{idx}'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(4)]
    acc_av = np.nanmean(accs)
    row = [f'{structure}']+[f'{attack_type}'] + accs + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model','attack_type', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

print(df)


        model            attack_type   acc_0   acc_1   acc_2   acc_3    acc_av
0  ResNet20v1  untargeted-adv_ff_pgd  0.8556  0.8386  0.8760  0.8519  0.855525
1  ResNet20v2  untargeted-adv_ff_pgd  0.7979  0.7940  0.8147  0.8118  0.804600
2  ResNet56v1  untargeted-adv_ff_pgd  0.8510  0.8290  0.8410  0.8340  0.838750
3  ResNet56v2  untargeted-adv_ff_pgd  0.7930  0.8220  0.8071  0.7914  0.803375


In [15]:
folder = 'adversarial_models/naive_method/'
pattern = os.path.join(folder, '*untargeted*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

In [17]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'ResNet20v1_naive_untargeted.keras' or 'ResNet20v1_naive_untargeted_fine.keras'
    # Extract family
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = parts[0]  # ResNet20v1, etc.
    if parts[-1] == 'fine':
        fine = 'fine'
    else:
        fine = ''
    attack_type = f'untargeted_naive_{fine}_pgd'  # untargeted
    # no idx

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key]['acc'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc', np.nan)]
    row = [f'{structure}']+[f'{attack_type}'] + accs
    rows.append(row)

df = pd.DataFrame(rows, columns=['model','attack_type', 'acc'])

print(df)


        model                attack_type     acc
0  ResNet20v1      untargeted_naive__pgd  0.8232
1  ResNet20v1  untargeted_naive_fine_pgd  0.9051
2  ResNet20v2      untargeted_naive__pgd  0.8040
3  ResNet20v2  untargeted_naive_fine_pgd  0.9069
4  ResNet56v1      untargeted_naive__pgd  0.8513
5  ResNet56v1  untargeted_naive_fine_pgd  0.9056
6  ResNet56v2      untargeted_naive__pgd  0.8172
7  ResNet56v2  untargeted_naive_fine_pgd  0.9101


In [18]:
folder = 'adversarial_models/specialized_from_full_and_fine/'
pattern = os.path.join(folder, '*untargeted*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

In [20]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'classifying_original_from_ResNet20v1_ff_untargeted-adv_0.keras'
    # Extract family and index
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = parts[3]  # ResNet20v1, etc.
    attack_type = parts[5] + '_experts'  
    idx = int(parts[-1].split('-')[-1])  # last digit after -adv_

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key][f'acc_{idx}'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(4)]
    acc_av = np.nanmean(accs)
    row = [f'{structure}']+[f'{attack_type}'] + accs + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model','attack_type', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

print(df)


        model             attack_type   acc_0   acc_1   acc_2   acc_3  \
0  ResNet20v1  untargeted-adv_experts  0.9029  0.8991  0.9009  0.9034   
1  ResNet20v2  untargeted-adv_experts  0.9101  0.9060  0.9058  0.9052   
2  ResNet56v1  untargeted-adv_experts  0.9096  0.9097  0.9078  0.9123   
3  ResNet56v2  untargeted-adv_experts  0.9102  0.9128  0.9112  0.9118   

     acc_av  
0  0.901575  
1  0.906775  
2  0.909850  
3  0.911500  


In [21]:
folder = 'CIFAR10models/more_tunned/'
pattern = os.path.join(folder, '*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}
print(loaded_models.keys())

dict_keys(['ResNet20v1_more_specialized_0.keras', 'ResNet20v1_more_specialized_1.keras', 'ResNet20v1_more_specialized_2.keras', 'ResNet20v1_more_specialized_3.keras', 'ResNet20v1_more_specialized_4.keras', 'ResNet20v1_more_specialized_5.keras', 'ResNet20v1_more_specialized_6.keras', 'ResNet20v1_more_specialized_7.keras', 'ResNet20v2_more_specialized_0.keras', 'ResNet20v2_more_specialized_1.keras', 'ResNet20v2_more_specialized_2.keras', 'ResNet20v2_more_specialized_3.keras', 'ResNet56v1_more_specialized_0.keras', 'ResNet56v1_more_specialized_1.keras', 'ResNet56v1_more_specialized_2.keras', 'ResNet56v1_more_specialized_3.keras', 'ResNet56v2_more_specialized_0.keras', 'ResNet56v2_more_specialized_1.keras', 'ResNet56v2_more_specialized_2.keras', 'ResNet56v2_more_specialized_3.keras'])


In [30]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'ResNet20v1_more_specialized_0.keras'
    # Extract family and index
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = parts[0]  # ResNet20v1, etc.
    attack_type = 'fine_tunned'  
    idx = int(parts[-1].split('-')[-1])  # last digit after -adv_

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key][f'acc_{idx}'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(len(acc_dict))]
    accs.sort(reverse = True)
    acc_av = np.nanmean(accs)
    
    row = [f'{structure}']+[f'{attack_type}'] + accs[:4] + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model','attack_type', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

print(df)


        model  attack_type   acc_0   acc_1   acc_2   acc_3    acc_av
0  ResNet20v1  fine_tunned  0.9093  0.9070  0.9059  0.9052  0.904837
1  ResNet20v2  fine_tunned  0.9101  0.9095  0.9068  0.9061  0.908125
2  ResNet56v1  fine_tunned  0.9128  0.9113  0.9096  0.9069  0.910150
3  ResNet56v2  fine_tunned  0.9203  0.9174  0.9158  0.9109  0.916100


In [31]:
folder = 'CIFAR10models/ResNet/'
pattern = os.path.join(folder, '*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}
print(loaded_models.keys())

dict_keys(['n_3_v1_cifar10.keras', 'n_3_v1_cifar10_1.keras', 'n_3_v1_cifar10_2.keras', 'n_3_v1_cifar10_3.keras', 'n_3_v1_cifar10_4.keras', 'n_3_v1_cifar10_5.keras', 'n_3_v1_cifar10_6.keras', 'n_3_v1_cifar10_7.keras', 'n_3_v2_cifar10.keras', 'n_3_v2_cifar10_1.keras', 'n_3_v2_cifar10_2.keras', 'n_3_v2_cifar10_3.keras', 'n_9_v1_cifar10.keras', 'n_9_v1_cifar10_1.keras', 'n_9_v1_cifar10_2.keras', 'n_9_v1_cifar10_3.keras', 'n_9_v2_cifar10.keras', 'n_9_v2_cifar10_1.keras', 'n_9_v2_cifar10_2.keras', 'n_9_v2_cifar10_3.keras'])


In [35]:
filename = list(loaded_models.keys())[0]
base = filename.replace('.keras','')
parts = base.split('_')
structure = label_dict[int(parts[1]),int(parts[2][-1])]
structure

'ResNet20v1'

In [40]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'ResNet20v1_more_specialized_0.keras'
    # Extract family and index
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = label_dict[int(parts[1]),int(parts[2][-1])]  # ResNet20v1, etc.
    attack_type = 'Base'  
    idx = int(parts[-1][-1])  

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key][f'acc_{idx}'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(len(acc_dict))]
    accs.sort(reverse = True)
    accs = accs[:4]
    acc_av = np.nanmean(accs)
    
    row = [f'{structure}']+[f'{attack_type}'] + accs + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model','attack_type', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

print(df)


        model attack_type   acc_0   acc_1   acc_2   acc_3    acc_av
0  ResNet20v1        Base  0.8600  0.8592  0.8533  0.8520  0.856125
1  ResNet20v2        Base  0.8208  0.8167  0.8126  0.8017  0.812950
2  ResNet56v1        Base  0.8785  0.8575  0.8486  0.8445  0.857275
3  ResNet56v2        Base  0.8355  0.8241  0.8218  0.8065  0.821975


In [20]:
import os

# Top directory and subdirectories

# Dummy test data: replace these with your actual test data
results = {}  # structure: {(structure, attack_type): {acc_0:..., acc_1:..., etc.}}

def get_models(load:bool = False, predict:bool = False):
    root_dir = 'adversarial_models'
    subdirs = ['full_and_fine', 'naive_method', 'specialized_from_full_and_fine']

    for sub in subdirs:
        path = os.path.join(root_dir, sub)
        filenames = [f for f in os.listdir(path) if f.endswith('.keras') and not f.startswith('.ipynb_checkpoints')]
        for filename in filenames:
            full_path = os.path.join(path, filename)
            if load:
                try:
                    model = keras.models.load_model(full_path)
                except Exception as e:
                    print(f"Failed to load {filename}: {e}")
                    continue

            base = filename.replace('.keras', '')
            parts = base.split('_')

            # --- Parse filename differently depending on subdirectory ---
            if sub == 'specialized_from_full_and_fine':
                # e.g., classifying_original_from_ResNet20v1_ff_untargeted-adv_0.keras
                structure = parts[3]
                attack_base = parts[5].split('-')[0]  # untargeted, targeted, cw.
                attack_type = f'specialized_{attack_base}'
                idx = int(parts[-1])
            elif sub == 'full_and_fine':
                # e.g., ResNet20v1_ff_untargeted-adv_0.keras
                structure = parts[0]
                attack_base = parts[2].split('-')[0]
                attack_type = f'ff_{attack_base}'
                idx = int(parts[-1])
            elif sub == 'naive_method':
                # e.g., ResNet56v2_naive_targeted_fine.keras or ResNet56v2_naive_targeted.keras
                structure = parts[0]
                attack_base = parts[2]
                if 'fine' in parts:
                    attack_type = f'naive_{attack_base}_tunned'
                else:
                    attack_type = f'naive_{attack_base}'
                idx = 0  # naive models don't have multiple indices
            else:
                continue

            key = (structure, attack_type)
            if key not in results:
                results[key] = {}
            results[key].update({f'acc_{idx}' : 0.})
            
            if load and predict:
                # Predict & compute accuracy
                prediction = model.predict(x_test, verbose=0)
                acc = np.sum(np.argmax(prediction, axis=-1) == y_test.reshape(-1)) / len(x_test)
                results[key][f'acc_{idx}'] = acc

    return results

In [None]:

# --- Build dataframe ---
rows = []
for (sub, structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(4)]
    acc_av = np.nanmean(accs)
    model_label = f'{sub}, {structure}, {attack_type}'
    row = [model_label] + accs + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

# Display
print(df)

# Optionally save
# df.to_csv('all_models_acc.csv', index=False)

In [19]:
folder = 'adversarial_models/specialized_from_full_and_fine/'
pattern = os.path.join(folder, '*untargeted*.keras')
file_list = sorted(glob.glob(pattern))
loaded_models= {os.path.basename(f): load_model(f) for f in file_list}

dict_keys(['classifying_original_from_ResNet20v1_ff_untargeted-adv_0.keras', 'classifying_original_from_ResNet20v1_ff_untargeted-adv_1.keras', 'classifying_original_from_ResNet20v1_ff_untargeted-adv_2.keras', 'classifying_original_from_ResNet20v1_ff_untargeted-adv_3.keras', 'classifying_original_from_ResNet20v2_ff_untargeted-adv_0.keras', 'classifying_original_from_ResNet20v2_ff_untargeted-adv_1.keras', 'classifying_original_from_ResNet20v2_ff_untargeted-adv_2.keras', 'classifying_original_from_ResNet20v2_ff_untargeted-adv_3.keras', 'classifying_original_from_ResNet56v1_ff_untargeted-adv_0.keras', 'classifying_original_from_ResNet56v1_ff_untargeted-adv_1.keras', 'classifying_original_from_ResNet56v1_ff_untargeted-adv_2.keras', 'classifying_original_from_ResNet56v1_ff_untargeted-adv_3.keras', 'classifying_original_from_ResNet56v2_ff_untargeted-adv_0.keras'])


In [20]:
results = {}  # structure: {(structure, attack type): [acc_0, acc_1, acc_2, acc_3]}

for filename, model in loaded_models.items():
    # Example filename: 'classifying_original_from_ResNet20v1_ff_untargeted-adv_0.keras'
    # Extract family and index
    base = filename.replace('.keras','')
    parts = base.split('_')
    structure = parts[3]  # ResNet20v1, etc.
    attack_type = parts[5] + '_original_pgd'  # untargeted
    idx = int(parts[-1].split('-')[-1])  # last digit after -adv_

    key = (structure, attack_type)
    prediction = model.predict(x_test, verbose = 0)
    acc = np.sum(np.argmax(prediction,axis=-1) == y_test.reshape(-1)) / len(x_test)

    if key not in results:
        results[key] = {}
    results[key][f'acc_{idx}'] = acc


rows = []
for (structure, attack_type), acc_dict in results.items():
    accs = [acc_dict.get(f'acc_{i}', np.nan) for i in range(4)]
    acc_av = np.nanmean(accs)
    row = [f'{structure}, {attack_type}'] + accs + [acc_av]
    rows.append(row)

df = pd.DataFrame(rows, columns=['model', 'acc_0', 'acc_1', 'acc_2', 'acc_3', 'acc_av'])

print(df)


                            model   acc_0   acc_1   acc_2   acc_3    acc_av
0  ResNet20v1, untargeted-adv_pgd  0.9029  0.8992  0.9010  0.9033  0.901600
1  ResNet20v2, untargeted-adv_pgd  0.9101  0.9060  0.9058  0.9052  0.906775
2  ResNet56v1, untargeted-adv_pgd  0.9095  0.9097  0.9079  0.9123  0.909850
3  ResNet56v2, untargeted-adv_pgd  0.9102     NaN     NaN     NaN  0.910200
