In [1]:
import numpy as onp
import tensorflow as tf
import matplotlib.pyplot as plt

from utils import *

In [2]:
gpus = tf.config.experimental.list_physical_devices('GPU')
if gpus:
  # Restrict TensorFlow to only use the first GPU
    try:
        tf.config.experimental.set_visible_devices(gpus[0], 'GPU')
        logical_gpus = tf.config.experimental.list_logical_devices('GPU')
        print(len(gpus), "Physical GPUs,", len(logical_gpus), "Logical GPU")
    except RuntimeError as e:
    # Visible devices must be set before GPUs have been initialized
        print(e)

1 Physical GPUs, 1 Logical GPU


# hyperparameters

In [3]:
#data
DATASET = 'cifar10'
class_num   = 10
test_size   = None
train_size  = 45000
image_shape = None

if DATASET =='mnist':
    image_shape = (28, 28, 1)
elif DATASET == 'cifar10':
    image_shape = (32, 32, 3)

#training
batch_size = 256
epochs = 200

In [4]:
x_train_all, y_train_all, x_test_all, y_test_all = tuple(onp.array(x) for x in get_dataset(DATASET, None, None, 
                                                                                  do_flatten_and_normalize=False))

In [5]:
# shuffle
seed = 0
x_train_all, y_train_all = shaffle(x_train_all, y_train_all, seed)

In [6]:
# down sample
x_train = x_train_all[:train_size]
y_train = y_train_all[:train_size]

x_valid = x_train_all[train_size:]
y_valid = y_train_all[train_size:]

x_test = x_test_all[:test_size]
y_test = y_test_all[:test_size]

In [7]:
x_train, x_valid, x_test = x_train.reshape((-1, *image_shape)), x_valid.reshape((-1, *image_shape)), x_test.reshape((-1, *image_shape))

In [8]:
train_ds = tf.data.Dataset.from_tensor_slices((x_train, y_train))
train_ds = train_ds.shuffle(
    100000
).batch(
    batch_size
).prefetch(10)

In [9]:
valid_ds = tf.data.Dataset.from_tensor_slices((x_valid, y_valid)).batch(batch_size)

In [10]:
layers = tf.keras.layers

In [11]:
class BasicBlock(tf.keras.layers.Layer):

    def __init__(self, filter_num, stride=1):
        super(BasicBlock, self).__init__()
        self.conv1 = tf.keras.layers.Conv2D(filters=filter_num,
                                            kernel_size=(3, 3),
                                            strides=stride,
                                            padding="same")
        self.bn1 = tf.keras.layers.BatchNormalization()
        self.conv2 = tf.keras.layers.Conv2D(filters=filter_num,
                                            kernel_size=(3, 3),
                                            strides=1,
                                            padding="same")
        self.bn2 = tf.keras.layers.BatchNormalization()
        if stride != 1:
            self.downsample = tf.keras.Sequential()
            self.downsample.add(tf.keras.layers.Conv2D(filters=filter_num,
                                                       kernel_size=(1, 1),
                                                       strides=stride))
            self.downsample.add(tf.keras.layers.BatchNormalization())
        else:
            self.downsample = lambda x: x

    def call(self, inputs, training=None, **kwargs):
        residual = self.downsample(inputs)

        x = self.conv1(inputs)
        x = self.bn1(x, training=training)
        x = tf.nn.relu(x)
        x = self.conv2(x)
        x = self.bn2(x, training=training)

        output = tf.nn.relu(tf.keras.layers.add([residual, x]))

        return output

def make_basic_block_layer(filter_num, blocks, stride=1):
    res_block = tf.keras.Sequential()
    res_block.add(BasicBlock(filter_num, stride=stride))

    for _ in range(1, blocks):
        res_block.add(BasicBlock(filter_num, stride=1))

    return res_block

In [12]:
class ResNetTypeI(tf.keras.Model):
    def __init__(self, layer_params):
        super(ResNetTypeI, self).__init__()

        self.conv1 = tf.keras.layers.Conv2D(filters=16,
                                            kernel_size=(3, 3),
                                            padding="same")
        self.bn1 = tf.keras.layers.BatchNormalization()

        self.layer1 = make_basic_block_layer(filter_num=16,
                                             blocks=layer_params[0])
        self.layer2 = make_basic_block_layer(filter_num=32,
                                             blocks=layer_params[1],
                                             stride=2)
        self.layer3 = make_basic_block_layer(filter_num=64,
                                             blocks=layer_params[2],
                                             stride=2)
        self.avgpool = tf.keras.layers.GlobalAveragePooling2D()
        self.fc = tf.keras.layers.Dense(10)

    def call(self, inputs, training=None, mask=None):
        x = self.conv1(inputs)
        x = self.bn1(x, training=training)
        x = tf.nn.relu(x)
        x = self.layer1(x, training=training)
        x = self.layer2(x, training=training)
        x = self.layer3(x, training=training)
        x = self.avgpool(x)
        output = self.fc(x)

        return output

In [13]:
model = ResNetTypeI([3, 3, 3])

In [14]:
model.build(input_shape=(batch_size,*image_shape))

In [15]:
def scheduler(epoch, lr):
    if epoch < 10:
        return 1e-3
    elif epoch < 90:
        return 1e-2
    elif epoch < 150:
        return 1e-3
    else:
        return 1e-4

In [16]:
model.compile(optimizer=tf.keras.optimizers.SGD(momentum=0.9),
              loss=tf.keras.losses.CategoricalCrossentropy(from_logits=True),
              metrics=['accuracy'])

In [17]:
callback = tf.keras.callbacks.LearningRateScheduler(scheduler)

In [18]:
# model.fit(x=train_ds, validation_data=valid_ds, epochs=epochs, callbacks=[callback])

In [19]:
# model.save_weights('./model_weights/resnet20_train_without_DA=all_ce.h5')

In [20]:
model.load_weights('./model_weights/resnet20_train_without_DA=all_ce.h5')

In [22]:
tmp = onp.load('./npy/cifar-untargeted-cifar-nn-grey-box-train=all-ce-without-momentum.npy')
model.evaluate(x=tmp[:512], y=y_test_all[:512], verbose=0)

[2.245407313108444, 0.6621094]

In [23]:
model.evaluate(x=x_test, y=y_test_all, verbose=0)

[1.336675858783722, 0.7674]

In [22]:
time = [1e3, 5e3, 1e4, 2e4, 4e4, 8e4, 16e4]
for i, t in enumerate(time):
    time[i] = str(int(t))
time.append('None')

csv_file_name = "resnet20"
table = onp.zeros((3, 8))

for i, t in enumerate(time):
    
    tmp = onp.load('./batch_NTK_simple_time=%s.npy'%(t))
    result = model.evaluate(tmp, y_test[:512], verbose=0)
    table[0][i] = result[1]
    
    tmp = onp.load('./batch_NTK_simple_no_dense_time=%s.npy'%(t))
    result = model.evaluate(tmp, y_test[:512], verbose=0)
    table[1][i] = result[1]
    
    tmp = onp.load('./batch_NTK_simple_stride_no_dense_time=%s.npy'%(t))
    result = model.evaluate(tmp, y_test[:512], verbose=0)
    table[2][i] = result[1]
    
onp.savetxt(csv_file_name+".csv", table, delimiter=",", fmt='%.3f')

In [22]:
# model.evaluate(x=x_test, y=y_test_all)

In [23]:
# with pooling, acc can reach 72.2%
# w.o. pooling, acc is at most 67%

In [24]:
tmp = onp.load('batch_NTK_simple_no_dense.npy')
model.evaluate(x=tmp, y=y_test_all[:2048], verbose=0)

[2.277487996034324, 0.6435547]

In [25]:
tmp = onp.load('batch_NTK_simple_stride_no_dense.npy')
model.evaluate(x=tmp, y=y_test_all[:2048], verbose=0)

[2.150093875825405, 0.6611328]

In [24]:
csv_file_name = "resnet20_decrease"
table = onp.zeros((4, 8))
lambd = ["0.00", "0.25", "0.50", "0.75"]
for l in range(4):
    lamb = lambd[l]
    for idx, t in enumerate(np.load('time.npy')):
        file = './variance-and-time/decrease/batch_NTK_simple_decrease_variance_lambda=' + lamb + '_time=%d.npy'%(t)
        tmp = onp.load(file)
        # print('evaluating file: %s'%(file))
        result = model.evaluate(tmp, y_test[:512], verbose=0)
        table[l][idx] = result[1]
        # print(result)
onp.savetxt(csv_file_name+".csv", table, delimiter=",", fmt='%.3f')

In [25]:
csv_file_name = "resnet20_increase"
table = onp.zeros((4, 8))
lambd = ["0.00", "0.25", "0.50", "0.75"]
for l in range(4):
    lamb = lambd[l]
    for idx, t in enumerate(np.load('time.npy')):
        file = './variance-and-time/increase/batch_NTK_simple_increase_variance_lambda=' + lamb + '_time=%d.npy'%(t)
        tmp = onp.load(file)
        # print('evaluating file: %s'%(file))
        result = model.evaluate(tmp, y_test[:512], verbose=0)
        table[l][idx] = result[1]
        # print(result)
onp.savetxt(csv_file_name+".csv", table, delimiter=",", fmt='%.3f')

In [24]:
csv_file_name = "resnet20_decrease"
table = onp.zeros((8, 4))
for l in range(8):
    lamb = 10**l
    for idx, t in enumerate([1e5, 5e5, 1e6, 2.3e6]):
        file = './batch_NTK_simple_increase_variance_lambda=%d_time=%d.npy'%(lamb, t)
        tmp = onp.load(file)
        # print('evaluating file: %s'%(file))
        result = model.evaluate(tmp, y_test[:512], verbose=0)
        table[l][idx] = result[1]
        # print(result)
onp.savetxt(csv_file_name+".csv", table, delimiter=",", fmt='%.3f')

In [25]:
file_list = ['./variance-and-time/cifar-fgsm-eps-0.03-time-500000.npy',
             './variance-and-time/cifar-fgsm-eps-0.03-time-100000.npy',
             './variance-and-time/cifar-fgsm-eps-0.03-time-1000000.npy',
             './variance-and-time/cifar-fgsm-eps-0.03-time-2300000.npy',
             './npy/batch_NTK_simple.npy',
             './npy/cifar-untargeted-cifar-nn-grey-box-train=all-ce.npy',
             './npy/batch_NTK_cnn19.npy',
             './npy/cifar-untargeted-cifar-nn-grey-box-cnn19-train=all-ce.npy']

for f in file_list:
    tmp = onp.load(f)
    print('evaluating file: %s'%(f))
    result = model.evaluate(tmp[:512], y_test[:512], verbose=0)
    print(result)

evaluating file: ./variance-and-time/cifar-fgsm-eps-0.03-time-500000.npy
[1.959726344794035, 0.6875]
evaluating file: ./variance-and-time/cifar-fgsm-eps-0.03-time-100000.npy
[1.9627806320786476, 0.6875]
evaluating file: ./variance-and-time/cifar-fgsm-eps-0.03-time-1000000.npy
[1.959726344794035, 0.6875]
evaluating file: ./variance-and-time/cifar-fgsm-eps-0.03-time-2300000.npy
[1.959726344794035, 0.6875]
evaluating file: ./npy/batch_NTK_simple.npy
[1.959726344794035, 0.6875]
evaluating file: ./npy/cifar-untargeted-cifar-nn-grey-box-train=all-ce.npy
[2.445124965161085, 0.6152344]
evaluating file: ./npy/batch_NTK_cnn19.npy
[1.772544089704752, 0.7050781]
evaluating file: ./npy/cifar-untargeted-cifar-nn-grey-box-cnn19-train=all-ce.npy
[1.8797385208308697, 0.6777344]


In [21]:
# targted
targeted_clean_x = onp.load('./cifar-targeted-clean-x.npy')
targeted_clean_y = onp.load('./cifar-targeted-clean-y.npy')

file_list = ['./batch_NTK_simple-targeted-fgsm-x-t=100000.npy',
             './batch_NTK_simple-targeted-fgsm-x-t=500000.npy',
             './batch_NTK_simple-targeted-fgsm-x-t=1000000.npy',
             './batch_NTK_simple-targeted-fgsm-x-t=2300000.npy',
             './npy/cifar-targeted-simple-cnn-fgsm.npy'
            ]

for f in file_list:
    tmp = onp.load(f)
    print('evaluating file: %s'%(f))
    correct = onp.argmax(model(targeted_clean_x), axis=1) == onp.argmax(targeted_clean_y, axis=1)
    adv_example = onp.load(f)[:512]
    attack_targeted = onp.argmax(model(adv_example), axis=1) == 0
    success = correct & attack_targeted
    print(onp.mean(success))

evaluating file: ./batch_NTK_simple-targeted-fgsm-x-t=100000.npy


To change all layers to have dtype float64 by default, call `tf.keras.backend.set_floatx('float64')`. To change just this layer, pass dtype='float64' to the layer constructor. If you are the author of this layer, you can disable autocasting by passing autocast=False to the base Layer constructor.





To change all layers to have dtype float64 by default, call `tf.keras.backend.set_floatx('float64')`. To change just this layer, pass dtype='float64' to the layer constructor. If you are the author of this layer, you can disable autocasting by passing autocast=False to the base Layer constructor.



0.009765625
evaluating file: ./batch_NTK_simple-targeted-fgsm-x-t=500000.npy
0.009765625
evaluating file: ./batch_NTK_simple-targeted-fgsm-x-t=1000000.npy
0.009765625
evaluating file: ./batch_NTK_simple-targeted-fgsm-x-t=2300000.npy
0.009765625
evaluating file: ./npy/cifar-targeted-simple-cnn-fgsm.npy
0.029296875


In [38]:
file_list= ["./npy/batch_NTK_cnn19_decrease_variance.npy",
            "./npy/batch_NTK_cnn19_increase_variance.npy",
            "./npy/batch_NTK_simple_decrease_variance.npy",
            "./npy/batch_NTK_simple_increase_variance.npy"]

for f in file_list:
    tmp = onp.load(f)
    print('evaluating file: %s'%(f))
    result = model.evaluate(tmp, y_test[:2048], verbose=0)
    print(result)

evaluating file: ./npy/batch_NTK_cnn19_decrease_variance.npy
[1.913414136506617, 0.6821289]
evaluating file: ./npy/batch_NTK_cnn19_increase_variance.npy
[1.9139123363420367, 0.6850586]
evaluating file: ./npy/batch_NTK_simple_decrease_variance.npy
[2.141031106002629, 0.66259766]
evaluating file: ./npy/batch_NTK_simple_increase_variance.npy
[2.1489807683974504, 0.66064453]


In [None]:
tmp = onp.load('./npy/cifar-eps-time-any-npy/cifar-fgsm-eps-0.03-time-None.npy')
print("==========NTK============")
model.evaluate(tmp, y_test[:128], verbose=0)

In [None]:
tmp = onp.load('./npy/cifar-untargeted-cifar-nn-grey-box-train=4096-ce.npy')
print("==========CE============")
model.evaluate(tmp, y_test[:2048], verbose=0)

In [None]:
tmp = onp.load('./npy/cifar-untargeted-cifar-nn-grey-box-train=4096-mse.npy')
print("==========MSE============")
model.evaluate(tmp, y_test[:2048], verbose=0)

In [None]:
tmp = onp.load('./npy/cifar-fgsm-eps-0.03-time-None-nngp.npy')
model.evaluate(tmp, y_test[:128], verbose=0)

In [None]:
tmp = onp.load('./batch_NTK_cnn_19.npy')
model.evaluate(tmp, y_test[:2048], verbose=0)

In [None]:
tmp = onp.load('./batch_NTK_simple.npy')
model.evaluate(tmp, y_test[:2048], verbose=0)

In [None]:
tmp = onp.load('./npy/cifar-untargeted-cifar-nn-grey-box-train=all-ce.npy')
print("==========small============")
model.evaluate(tmp, y_test[:2048], verbose=0)

In [None]:
tmp = onp.load('./npy/cifar-untargeted-cifar-nn-grey-box-cnn19-train=all-ce.npy')
model.evaluate(tmp, y_test[:2048], verbose=0)