# Adversarial Attacks

This notebook relies on `openML_cc18_adversary.py` to generate results. Shows average statistics for the $l2$ and $l_{\infty}$ norms. Also computes the classification error on the attacked data points (lower is better).

This is still a work in progress. Need to investigate the attacks a bit more.

In [6]:
import os
import numpy as np
import pandas as pd

In [2]:
def highlight_err(row):
    """ If err_adv_kdf is greater than err_adv_rf, then highlight
    that value. Otherwise, highlight err_adv_rf"""
    ret = ["" for _ in row.index]
    if row['err_adv_kdf'] < row['err_adv_rf']:
        # return 'background-color: yellow'
        ret[row.index.get_loc("err_adv_kdf")] = 'background-color: green'
        return ret
    else:
        # return 'background-color: green'
        ret[row.index.get_loc("err_adv_rf")] = 'background-color: green'
        return ret

def plot_adversarial(res_folder):
    files = os.listdir(res_folder)
    fname = []
    l2_rf = []
    l2_kdf = []
    linf_rf = []
    linf_kdf = []
    err_adv_kdf = []
    err_adv_rf = []
    for file in files:
        # print(file, ': ')
        df = pd.read_csv(res_folder+'/'+file, index_col=0)

        l2_mean_rf = df['l2_rf'].mean()
        linf_mean_rf = df['linf_rf'].mean()

        l2_mean_kdf = df['l2_kdf'].mean()
        linf_mean_kdf = df['linf_kdf'].mean()

        err_adv_mean_kdf = df['err_adv_kdf'].mean()
        err_adv_mean_rf = df['err_adv_rf'].mean()

        err_mean_kdf = df['err_kdf'].mean()
        err_mean_rf = df['err_rf'].mean()

        # print("l2_rf = {:.2f} \t l2_kdf = {:.2f} \t err_kdf = {:.2f}".format(l2_mean_rf, l2_mean_kdf, err_adv_mean_kdf))
        # print("linf_rf = {:.2f} \t linf_kdf = {:.2f} \t err_rf = {:.2f}".format(linf_mean_rf, linf_mean_kdf, err_adv_mean_rf))

        fname.append(file)
        l2_rf.append(l2_mean_rf)
        l2_kdf.append(l2_mean_kdf)
        linf_rf.append(linf_mean_rf)
        linf_kdf.append(linf_mean_kdf)
        err_adv_kdf.append(err_adv_mean_kdf)
        err_adv_rf.append(err_adv_mean_rf)

    df = pd.DataFrame() 
    df['fname'] = fname
    df['l2_kdf'] = l2_kdf
    df['l2_rf'] = l2_rf
    df['linf_kdf'] = linf_kdf
    df['linf_rf'] = linf_rf
    df['err_adv_kdf'] = err_adv_kdf
    df['err_adv_rf'] = err_adv_rf
    return df

## ZOO Adversarial Attack
Original paper: https://arxiv.org/abs/1708.03999

In [3]:
res_folder = 'openml_res_adv_zoo'
df = plot_adversarial(res_folder)
df_disp = df[(df['l2_kdf'] != 0) & (df['l2_rf'] != 0)]  # Where machine ran out of memory
df_disp.style.apply(highlight_err, axis=1)

Unnamed: 0,fname,l2_kdf,l2_rf,linf_kdf,linf_rf,err_adv_kdf,err_adv_rf
1,openML_cc18_1063.csv,0.0005,0.001,0.0005,0.001,0.225,0.315
2,openML_cc18_1067.csv,0.015082,0.0025,0.015029,0.0025,0.39,0.27
6,openML_cc18_14.csv,0.065391,0.042931,0.064995,0.042499,0.31,0.365
7,openML_cc18_1462.csv,0.00413,0.0035,0.004012,0.0035,0.04,0.025
8,openML_cc18_1464.csv,0.003665,0.000212,0.003665,0.000212,0.315,0.33
11,openML_cc18_1489.csv,0.026389,0.035576,0.026069,0.035407,0.215,0.235
12,openML_cc18_1494.csv,0.011362,0.011022,0.011319,0.011,0.25,0.275
13,openML_cc18_1497.csv,0.014025,0.026141,0.014,0.025933,0.225,0.215
15,openML_cc18_1510.csv,0.053548,0.002,0.053165,0.002,0.245,0.085
16,openML_cc18_16.csv,0.001,0.0025,0.001,0.0025,0.035,0.125


## Hop Skip Jump Adversarial Attack

Original paper: https://arxiv.org/abs/1904.02144

In [5]:
res_folder = 'openml_res_adv_hsj'
df = plot_adversarial(res_folder)
# df_disp = df[(df['l2_kdf'] != 0) & (df['l2_rf'] != 0)]
df_disp.style.apply(highlight_err, axis=1)

Unnamed: 0,fname,l2_kdf,l2_rf,linf_kdf,linf_rf,err_adv_kdf,err_adv_rf
0,openML_cc18_11.csv,1.793804,1.832745,1.360962,1.388944,0.86,0.9
2,openML_cc18_14.csv,0.56645,1.161836,0.132857,0.268382,0.86,0.93
3,openML_cc18_16.csv,15.707117,27.658551,4.193023,7.443533,0.845,0.98
4,openML_cc18_18.csv,16.23703,1851.940894,10.238585,1108.7586,0.89,0.935
5,openML_cc18_22.csv,4.04399,397.889563,1.141597,113.586144,0.87,0.905
6,openML_cc18_37.csv,8.513861,114.51449,5.182362,75.247118,0.575,0.82
7,openML_cc18_54.csv,30.309491,362.601973,13.137599,156.353284,0.755,0.905
8,openML_cc18_6.csv,5.640984,7.108577,2.572299,3.725505,1.0,0.9
