<a href="https://colab.research.google.com/github/lmolinario/ML_Sec_project/blob/main/MLSEC_FNM.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

#**Machine Learning Security Project - Project 1**
###**Student: Lello Molinario (70/90/00369)**

**Instructions**

Re-evaluate 5 RobustBench models with another attack algorithm (e.g. FMN) and identify samples for which one attack works and the other doesn't. Explain the results - i.e., provide some motivations on why one of the attacks did not work properly, while the other did.


**Execution**

In order to re-evaluate 5 RobustBench models I chose "FNM" as the attack algorithm.

# **Step 1: Installing libraries and resolving incompatibilities**

In [2]:
!pip install git+https://github.com/RobustBench/robustbench.git

Collecting git+https://github.com/RobustBench/robustbench.git
  Cloning https://github.com/RobustBench/robustbench.git to /tmp/pip-req-build-xswojd53
  Running command git clone --filter=blob:none --quiet https://github.com/RobustBench/robustbench.git /tmp/pip-req-build-xswojd53
  Resolved https://github.com/RobustBench/robustbench.git to commit 46a91f44524133b2cd8f721ec7e73ecb63f17fc8
  Preparing metadata (setup.py) ... [?25l[?25hdone
Collecting autoattack@ git+https://github.com/fra31/auto-attack.git@a39220048b3c9f2cca9a4d3a54604793c68eca7e#egg=autoattack (from robustbench==1.1)
  Using cached autoattack-0.1-py3-none-any.whl


In [3]:
!pip install secml foolbox

Collecting secml
  Downloading secml-0.13.post1-py2.py3-none-any.whl.metadata (12 kB)
Collecting matplotlib~=3.0.0 (from secml)
  Downloading matplotlib-3.0.3.tar.gz (36.6 MB)
[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m36.6/36.6 MB[0m [31m50.2 MB/s[0m eta [36m0:00:00[0m
[?25h  Preparing metadata (setup.py) ... [?25l[?25hdone
Downloading secml-0.13.post1-py2.py3-none-any.whl (430 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m431.0/431.0 kB[0m [31m20.9 MB/s[0m eta [36m0:00:00[0m
[?25hBuilding wheels for collected packages: matplotlib
  Building wheel for matplotlib (setup.py) ... [?25l[?25hdone
  Created wheel for matplotlib: filename=matplotlib-3.0.3-cp311-cp311-linux_x86_64.whl size=11723816 sha256=ac1e40c52fb37c0b3c91befee3e6132a3b55a98dae3000268534532bae42a995
  Stored in directory: /root/.cache/pip/wheels/e7/99/58/7ddb91918cb838a6f4099c834d5bf43c1262ab8cded5755817
Successfully built matplotlib
Installing collected packages: ma

In [4]:
import robustbench
import secml
import foolbox

print(f"RobustBench version: {robustbench.__name__}")
print(f"SecML version: {secml.__version__}")
print(f"Foolbox version: {foolbox.__version__}")

RobustBench version: robustbench
SecML version: 0.13.post1
Foolbox version: 3.3.4


In [3]:
import secml
import foolbox as fb
import robustbench


import os
import gc
import torch
import numpy as np

import matplotlib.pyplot as plt

from secml.array import CArray
from secml.ml import CClassifierPyTorch
from secml.ml.peval.metrics import CMetricAccuracy
#from secml.adv.attacks.evasion import CAttackEvasionFoolbox
from secml.data.loader import CDataLoaderCIFAR10
from secml.ml.features.normalization import CNormalizerMinMax
from secml.figure import CFigure
from secml.explanation import \
    CExplainerGradient, CExplainerGradientInput, CExplainerIntegratedGradients
from secml.utils import fm
from secml import settings
from secml.ml.classifiers.loss import CSoftmax

from robustbench.utils import load_model

from torch import nn

## Global Variables
Contains definition of global variables

In [15]:
input_shape    = (3, 32, 32)
model_names    = [
    "Ding2020MMA",
    "Wong2020Fast",
    "Andriushchenko2020Understanding",
    "Sitawarin2020Improving",
    "Bartoldson2024Adversarial_WRN-94-16"
]
n_samples      = 64
dataset_labels = [
    'airplane', 'automobile', 'bird', 'cat', 'deer',
    'dog', 'frog', 'horse', 'ship', 'truck'
]

## Loading models

Loads five models from robustbench. We have chosen the following models:
*   1 - Ding2020MMA
*   2 - Wong2020Fast
*   3 - Andriushchenko2020Understanding
*   4 - Sitawarin2020Improving
*   5 - Bartoldson2024Adversarial_WRN-94-16

In [16]:
def load_model(model_name):
    """
    Load a single model from Robustbench and
    wrap it into a CClassifier
    """
    model = robustbench.utils.load_model(
        model_name=model_name,
        dataset='cifar10',
        threat_model='Linf',
    )

    clf  = CClassifierPyTorch(
        model,
        input_shape=input_shape,
        pretrained=True,
        pretrained_classes=CArray(list(range(10))),
        preprocess=None
    )

    return clf



models = []
for name in model_names:
    try:
        model = load_model(name)
        models.append(model)
    except Exception as e:
        print(f"Error loading model {name}: {e}")

## Loading  CIFAR-10

Loads 64 samples from CIFAR-10 dataset with shape (3, 32, 32)

In [17]:
tr, ts      = CDataLoaderCIFAR10().load()
normalizer  = CNormalizerMinMax().fit(tr.X)

ts          = ts[:n_samples, :]

# Normalize test samples
ts.X = normalizer.transform(ts.X)

## Fast-Minimum-Norm (FMN) attack

Computes the accuracy of the models, just to confirm that it is working properly.

In [None]:
# Calcolo delle predizioni e accuratezza dei modelli
metric = CMetricAccuracy()
models_preds = [clf.predict(ts.X) for clf in models]
accuracies = [metric.performance_score(y_true=ts.Y, y_pred=y_pred) for y_pred in models_preds]

print("-" * 90)
# Stampa delle accuratezze
for idx in range(len(model_names)):
    print(f"Model name: {model_names[idx]:<40} - Clean model accuracy: {(accuracies[idx] * 100):.2f} %")
print("-" * 90)