In [1]:
import torch
import torch.nn as nn
import torch.optim as optim
from torchvision import datasets, transforms

In [7]:
# GPU 사용 가능한지 확인
device = torch.device("mps")

In [2]:
# Fast Gradient Sign Method (FGSM) 함수 정의
def fgsm_attack(image, epsilon, gradient):
    sign_gradient = gradient.sign()
    perturbed_image = image + epsilon * sign_gradient
    perturbed_image = torch.clamp(perturbed_image, 0, 1)
    return perturbed_image

# 적대적 예제 생성을 위한 그래디언트 계산 함수 정의
def get_adversarial_examples(model, images, labels, epsilon):
    images.requires_grad_(True)
    outputs = model(images)
    loss = nn.CrossEntropyLoss()(outputs, labels)

    model.zero_grad()
    loss.backward()

    gradients = images.grad.data
    adversarial_examples = fgsm_attack(images, epsilon, gradients)
    return adversarial_examples

In [3]:
# 데이터 로드 및 전처리
transform = transforms.Compose([transforms.ToTensor()])
train_data = datasets.MNIST(root='./data', train=True, download=True, transform=transform)
train_loader = torch.utils.data.DataLoader(train_data, batch_size=64, shuffle=True)

Downloading http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz
Downloading http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz to ./data/MNIST/raw/train-images-idx3-ubyte.gz


100.0%


Extracting ./data/MNIST/raw/train-images-idx3-ubyte.gz to ./data/MNIST/raw

Downloading http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz


100.0%

Downloading http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz to ./data/MNIST/raw/train-labels-idx1-ubyte.gz
Extracting ./data/MNIST/raw/train-labels-idx1-ubyte.gz to ./data/MNIST/raw

Downloading http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz
Downloading http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz to ./data/MNIST/raw/t10k-images-idx3-ubyte.gz



100.0%


Extracting ./data/MNIST/raw/t10k-images-idx3-ubyte.gz to ./data/MNIST/raw

Downloading http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz
Downloading http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz to ./data/MNIST/raw/t10k-labels-idx1-ubyte.gz


100.0%

Extracting ./data/MNIST/raw/t10k-labels-idx1-ubyte.gz to ./data/MNIST/raw






In [8]:
# 모델 정의
class Net(nn.Module):
    def __init__(self):
        super(Net, self).__init__()
        self.conv1 = nn.Conv2d(1, 32, 3, 1)
        self.conv2 = nn.Conv2d(32, 64, 3, 1)
        self.dropout1 = nn.Dropout2d(0.25)
        self.dropout2 = nn.Dropout2d(0.5)
        self.fc1 = nn.Linear(9216, 128)
        self.fc2 = nn.Linear(128, 10)

    def forward(self, x):
        x = self.conv1(x)
        x = nn.ReLU()(x)
        x = self.conv2(x)
        x = nn.ReLU()(x)
        x = nn.MaxPool2d(2)(x)
        x = self.dropout1(x)
        x = torch.flatten(x, 1)
        x = self.fc1(x)
        x = nn.ReLU()(x)
        x = self.dropout2(x)
        x = self.fc2(x)
        output = nn.LogSoftmax(dim=1)(x)
        return output

model = Net()
model.to(device)

Net(
  (conv1): Conv2d(1, 32, kernel_size=(3, 3), stride=(1, 1))
  (conv2): Conv2d(32, 64, kernel_size=(3, 3), stride=(1, 1))
  (dropout1): Dropout2d(p=0.25, inplace=False)
  (dropout2): Dropout2d(p=0.5, inplace=False)
  (fc1): Linear(in_features=9216, out_features=128, bias=True)
  (fc2): Linear(in_features=128, out_features=10, bias=True)
)

In [10]:
# 모델 컴파일
optimizer = optim.Adam(model.parameters())

# 하이퍼파라미터 설정
epsilon = 0.1
epochs = 5

# 적대적 훈련 시작
for epoch in range(epochs):
    print(f"Epoch {epoch+1}/{epochs}")
    for batch_idx, (data, target) in enumerate(train_loader):
        data, target = data.to(device), target.to(device)  # 데이터를 GPU로

Epoch 1/5
Epoch 2/5
Epoch 3/5
Epoch 4/5
Epoch 5/5


In [19]:
import torch.nn.functional as F

def adversarial_train(model, device, train_loader, optimizer, epoch, epsilon):
    model.train()  # 학습 모드로 전환
    for batch_idx, (data, target) in enumerate(train_loader):
        data, target = data.to(device), target.to(device)
        
        # 적대적 예제 생성
        adversarial_data = get_adversarial_examples(model, data, target, epsilon)

        # 일반 데이터 및 적대적 예제를 사용하여 모델 학습
        optimizer.zero_grad()
        output = model(adversarial_data)
        loss = F.cross_entropy(output, target)
        loss.backward()
        optimizer.step()

        if batch_idx % log_interval == 0:
            print(f"Train Epoch: {epoch} [{batch_idx * len(data)}/{len(train_loader.dataset)} ({100. * batch_idx / len(train_loader):.0f}%)]\tLoss: {loss.item():.6f}")

log_interval = 10  # 원하는 로그 출력 빈도 설정 (예: 10번의 배치마다 로그 출력)
# 적대적 훈련 실행
for epoch in range(1, epochs + 1):
    adversarial_train(model, device, train_loader, optimizer, epoch, epsilon)
    test(model, device, test_loader)

Test Accuracy: 98.23%


Test Accuracy: 98.62%
Test Accuracy: 98.88%


Test Accuracy: 98.86%
Test Accuracy: 98.93%


In [22]:
# 적대적 예제 생성을 위한 그래디언트 계산 함수 정의 (기존과 동일)
def get_adversarial_examples(model, images, labels, epsilon, requires_grad=True):
    if requires_grad:
        images.requires_grad_(True)
    
    outputs = model(images)
    loss = nn.CrossEntropyLoss()(outputs, labels)

    if requires_grad:
        model.zero_grad()
        loss.backward()
        gradients = images.grad.data
        adversarial_examples = fgsm_attack(images, epsilon, gradients)
    else:
        with torch.no_grad():
            gradients = torch.zeros_like(images)
            adversarial_examples = fgsm_attack(images, epsilon, gradients)
            
    return adversarial_examples

# 평가를 위한 함수 정의 (적대적 예제를 생성하여 평가)
def test_adversarial(model, device, test_loader, epsilon):
    model.eval()  # 평가 모드로 전환
    correct = 0
    total = 0

    with torch.no_grad():
        for data, target in test_loader:
            data, target = data.to(device), target.to(device)  # 데이터를 GPU로 옮김
            
            # 적대적 예제 생성 (requires_grad=False로 설정)
            adversarial_data = get_adversarial_examples(model, data, target, epsilon, requires_grad=False)
            
            # 적대적 예제에 대한 예측 수행
            output = model(adversarial_data)
            _, predicted = torch.max(output.data, 1)
            total += target.size(0)
            correct += (predicted == target).sum().item()

    accuracy = 100 * correct / total
    print(f"Adversarial Test Accuracy: {accuracy}%")

# 적대적 예제에 대한 테스트 실행
test_adversarial(model, device, test_loader, epsilon)


Adversarial Test Accuracy: 99.26%


In [21]:
def adversarial_train_v2(model, device, train_loader, optimizer, epoch, epsilon):
    model.train()
    for batch_idx, (data, target) in enumerate(train_loader):
        data, target = data.to(device), target.to(device)
        
        # 적대적 예제 생성
        adversarial_data = get_adversarial_examples(model, data, target, epsilon)
        
        # 원본 데이터와 적대적 예제를 함께 사용하여 모델 학습
        mixed_data = torch.cat((data, adversarial_data), 0)
        mixed_target = torch.cat((target, target), 0)
        
        optimizer.zero_grad()
        output = model(mixed_data)
        loss = F.cross_entropy(output, mixed_target)
        loss.backward()
        optimizer.step()

        if batch_idx % log_interval == 0:
            print(f"Train Epoch: {epoch} [{batch_idx * len(data)}/{len(train_loader.dataset)} ({100. * batch_idx / len(train_loader):.0f}%)]\tLoss: {loss.item():.6f}")

# 적대적 훈련 실행
for epoch in range(1, epochs + 1):
    adversarial_train_v2(model, device, train_loader, optimizer, epoch, epsilon)
    test(model, device, test_loader)


Test Accuracy: 99.05%


Test Accuracy: 99.16%
Test Accuracy: 99.2%


Test Accuracy: 99.15%
Test Accuracy: 99.26%
