In [1]:
from online_attacks.utils.logger import Logger, LoggerParams
from online_attacks.classifiers.mnist import load_mnist_dataset, load_mnist_classifier
from online_attacks.datastream import datastream
from online_attacks.attacks import create_attacker, compute_attack_success_rate
from online_attacks.online_algorithms import AgorithmType
from omegaconf import OmegaConf
import numpy as np
import torch

import sys
sys.path.append("../scripts/")
from online_attacks_sweep import Params

In [7]:
def eval_fool_rate(path, model_name):
    list_records = Logger.list_all_records(path)
    device = "cuda" if torch.cuda.is_available() else "cpu"
    dataset = load_mnist_dataset(train=False)
    for logger in list_records:
        params = logger.load_hparams()
        record = logger.load_record()
        conf = OmegaConf.structured(Params)
        params = OmegaConf.merge(conf, params)
        target_classifier = load_mnist_classifier(params.model_type, name=model_name, model_dir=params.model_dir, device=device, eval=True)
        source_classifier = load_mnist_classifier(params.model_type, name=params.model_name, model_dir=params.model_dir, device=device, eval=True)
        attacker = create_attacker(source_classifier, params.attacker_type, params.attacker_params)
        transform = datastream.Compose([datastream.ToDevice(device), datastream.AttackerTransform(attacker),
                                        datastream.ClassifierTransform(target_classifier)])
        fool_rate = []
        for run in record["runs"]:
            permutation = run["permutation"]
            indices = [x[1] for x in run["indices"]]
            target_stream = datastream.BatchDataStream(dataset, batch_size=1000, transform=transform, permutation=permutation)
            stream = target_stream.subset(indices)
            fool_rate.append(compute_attack_success_rate(stream)*100)

        mean_fool_rate = np.mean(fool_rate)
        std_fool_rate = np.std(fool_rate)
        print("Fool rate for %s (K=%i): %.2f +/- %.2f"%(params.online_params.online_type.name, params.online_params.K, mean_fool_rate, std_fool_rate))

In [11]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results", "1")

Fool rate for OFFLINE (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for RANDOM (K=10): 78.00 +/- 19.39
Fool rate for OFFLINE (K=100): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=100): 99.39 +/- 0.75
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 99.60 +/- 0.80
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 99.40 +/- 0.49
Fool rate for RANDOM (K=100): 74.60 +/- 3.44
Fool rate for OFFLINE (K=1000): 99.60 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 98.92 +/- 0.38
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 99.01 +/- 0.36
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 99.00 +/- 0.29
Fool rate for RANDOM (K=1000): 73.02 +/- 1.40


In [12]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results", "PGD_ATTACK_train_0")

Fool rate for OFFLINE (K=10): 40.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=10): 35.00 +/- 33.40
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 36.00 +/- 34.41
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 38.89 +/- 30.74
Fool rate for RANDOM (K=10): 4.00 +/- 4.90
Fool rate for OFFLINE (K=100): 24.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=100): 22.24 +/- 5.83
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 26.22 +/- 2.68
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 25.03 +/- 2.68
Fool rate for RANDOM (K=100): 4.20 +/- 1.33
Fool rate for OFFLINE (K=1000): 15.76 +/- 0.05
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 13.82 +/- 0.60
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 15.59 +/- 0.41
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 14.00 +/- 0.44
Fool rate for RANDOM (K=1000): 4.26 +/- 0.29


In [13]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results_robust", "0")

Fool rate for OFFLINE (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=10): 96.00 +/- 8.00
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 97.78 +/- 4.44
Fool rate for RANDOM (K=10): 20.00 +/- 8.94
Fool rate for OFFLINE (K=100): 79.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=100): 80.20 +/- 1.04
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 83.49 +/- 3.09
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 80.20 +/- 2.40
Fool rate for RANDOM (K=100): 23.40 +/- 3.72
Fool rate for OFFLINE (K=1000): 64.20 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 53.93 +/- 1.43
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 59.61 +/- 1.13
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 55.05 +/- 0.74
Fool rate for RANDOM (K=1000): 21.80 +/- 0.99


In [14]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results_robust", "PGD_ATTACK_train_1")

Fool rate for OFFLINE (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for RANDOM (K=10): 6.00 +/- 4.90
Fool rate for OFFLINE (K=100): 91.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=100): 79.02 +/- 4.06
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 83.79 +/- 4.03
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 80.60 +/- 0.49
Fool rate for RANDOM (K=100): 3.80 +/- 1.94
Fool rate for OFFLINE (K=1000): 36.70 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 21.46 +/- 2.42
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 34.21 +/- 1.84
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 23.20 +/- 1.35
Fool rate for RANDOM (K=1000): 3.94 +/- 0.41


In [19]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results_pgd", "PGD_ATTACK_train_1")

Fool rate for OFFLINE (K=10): 92.00 +/- 7.48
Fool rate for STOCHASTIC_VIRTUAL (K=10): 77.29 +/- 22.19
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 90.00 +/- 12.25
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 90.00 +/- 12.65
Fool rate for RANDOM (K=10): 4.00 +/- 4.90
Fool rate for OFFLINE (K=100): 52.40 +/- 3.44
Fool rate for STOCHASTIC_VIRTUAL (K=100): 40.07 +/- 5.57
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 51.97 +/- 6.56
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 41.16 +/- 2.87
Fool rate for RANDOM (K=100): 1.80 +/- 1.60
Fool rate for OFFLINE (K=1000): 11.76 +/- 0.42
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 6.26 +/- 1.03
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 13.40 +/- 1.63
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 7.25 +/- 0.78
Fool rate for RANDOM (K=1000): 1.22 +/- 0.10


In [18]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/results_pgd", "0")

Fool rate for OFFLINE (K=10): 82.00 +/- 13.27
Fool rate for STOCHASTIC_VIRTUAL (K=10): 69.62 +/- 16.81
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 73.00 +/- 28.21
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 81.78 +/- 7.26
Fool rate for RANDOM (K=10): 6.00 +/- 4.90
Fool rate for OFFLINE (K=100): 58.40 +/- 2.80
Fool rate for STOCHASTIC_VIRTUAL (K=100): 52.18 +/- 3.21
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 61.53 +/- 4.58
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 55.23 +/- 3.23
Fool rate for RANDOM (K=100): 6.80 +/- 0.75
Fool rate for OFFLINE (K=1000): 31.68 +/- 0.69
Fool rate for STOCHASTIC_VIRTUAL (K=1000): 21.45 +/- 1.30
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): 28.88 +/- 1.67
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): 23.66 +/- 1.01
Fool rate for RANDOM (K=1000): 6.36 +/- 0.75


# New Results

In [1]:
from online_attacks.utils.logger import Logger
from online_attacks.classifiers.mnist import load_mnist_dataset, load_mnist_classifier
from online_attacks.datastream import datastream
from online_attacks.attacks import create_attacker, compute_attack_success_rate
from online_attacks.online_algorithms import AlgorithmType, create_algorithm, compute_indices
from omegaconf import OmegaConf
import numpy as np
import torch
from torch.nn import CrossEntropyLoss
from collections import defaultdict

import sys
sys.path.append("../scripts/")
from online_attacks_sweep import Params

In [2]:
import os
os.environ["CUDA_VISIBLE_DEVICES"]="1"

In [19]:
def eval_fool_rate(path, model_name):
    list_records = Logger.list_all_records(path)
    device = "cuda" if torch.cuda.is_available() else "cpu"
    dataset = load_mnist_dataset(train=False)
    for logger in list_records:
        params = logger.load_hparams()
        record = logger.load_record()
        conf = OmegaConf.structured(Params)
        params = OmegaConf.merge(conf, params)
        target_classifier = load_mnist_classifier(params.model_type, name=model_name, model_dir=params.model_dir, device=device, eval=True)
        source_classifier = load_mnist_classifier(params.model_type, name=params.model_name, model_dir=params.model_dir, device=device, eval=True)    
        attacker = create_attacker(source_classifier, params.attacker_type, params.attacker_params)
        
        transform = datastream.Compose([datastream.ToDevice(device), datastream.AttackerTransform(attacker),
                                        datastream.ClassifierTransform(target_classifier)])
        
        target_transform = datastream.Compose([datastream.ToDevice(device), datastream.AttackerTransform(attacker),
                                    datastream.ClassifierTransform(target_classifier), datastream.LossTransform(CrossEntropyLoss(reduction="none"))])
        algorithm = create_algorithm(AlgorithmType.OFFLINE, params.online_params)
        target_stream = datastream.BatchDataStream(dataset, batch_size=1000, transform=target_transform) 
        offline_indices = compute_indices(target_stream, algorithm, pbar_flag=False)[algorithm[0].name]
        
        
        indices = [x[1] for x in offline_indices]
        target_stream = datastream.BatchDataStream(dataset, batch_size=1000, transform=transform)
        stream = target_stream.subset(indices)
        offline_fool_rate = compute_attack_success_rate(stream)
        
        fool_rate_dict = defaultdict(list)
        for run in record["runs"]:
            permutation = run["permutation"]
            for name, indices in run["indices"].items():
                indices = [x[1] for x in indices]
                target_stream = datastream.BatchDataStream(dataset, batch_size=1000, transform=transform, permutation=permutation)
                stream = target_stream.subset(indices)
                fool_rate_dict[name].append(compute_attack_success_rate(stream))#/offline_fool_rate*100)

        for name, fool_rate in fool_rate_dict.items():
            mean_fool_rate = np.mean(fool_rate)
            std_fool_rate = np.std(fool_rate)
            print("Fool rate for %s (K=%i): %.2f +/- %.2f"%(name, params.online_params.K, mean_fool_rate, std_fool_rate))
            
            

In [20]:
eval_fool_rate("/checkpoint/hberard/OnlineAttack/new_results/fgsm_not_robust/", "1")

Fool rate for OFFLINE (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_OPTIMISTIC (K=10): 100.00 +/- 0.00
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=10): 100.00 +/- 0.00
Fool rate for RANDOM (K=10): -300.00 +/- 109.54
Fool rate for OFFLINE (K=100): 100.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=100): 60.00 +/- 48.99
Fool rate for STOCHASTIC_OPTIMISTIC (K=100): 100.00 +/- 0.00
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=100): 60.00 +/- 48.99
Fool rate for RANDOM (K=100): -2600.00 +/- 282.84
Fool rate for OFFLINE (K=1000): -300.00 +/- 0.00
Fool rate for STOCHASTIC_VIRTUAL (K=1000): -560.00 +/- 174.36
Fool rate for STOCHASTIC_OPTIMISTIC (K=1000): -240.00 +/- 185.47
Fool rate for STOCHASTIC_MODIFIED_VIRTUAL (K=1000): -920.00 +/- 97.98
Fool rate for RANDOM (K=1000): -26080.00 +/- 793.47
