In [None]:
%load_ext autoreload
%autoreload 2

# guidelines

TODO : import whenever needed, not centralized

states https://pytorch.org/tutorials/beginner/saving_loading_models.html

# Introduction 

## Aim

## Data

In [None]:
from google.colab import drive
drive.mount('/content/drive')

In [None]:
#%cd /content/drive/MyDrive/Colab\ Notebooks/
#%cd CS439/optml_project/
!ls

First load the dataset:

In [1]:
from data_utils import get_mnist

train_dataset, test_dataset = get_mnist(normalize=True)

In [2]:
import numpy as np
#import random
import torch
import matplotlib.pyplot as plt
import pandas as pd
import seaborn as sns

## Setup

Below one can find flags that will setup the notebook:

In [3]:
# Whether to tune the hyperparameters in this notebook
# Note that this might take a long time (especially for Adam)
hyperparameter_tune = False
prot_hyperparameter_tune = True

In [4]:
# Whether to use the GPU, if it's not available, this will be ignored
use_cuda = True
device = torch.device('cuda' if use_cuda and torch.cuda.is_available() else 'cpu')
print("Device chosen is {}".format(device))

Device chosen is cuda


We setup the training parameters that we will use all along the notebook, in order to improve readability in downstream code:

In [5]:
from training import accuracy

training_config = {
    # Loss function
    'loss_fun': torch.nn.CrossEntropyLoss(),
    # Performance evaluation function
    'metric_fun': accuracy,
    # The device to train on
    'device': device,
    # Number of epochs
    'epochs': 10,
}

test_config = training_config.copy()
test_config.pop('epochs');

Note that we will use a model with a 10-dimensional output, where each output is passed through softmax. When receiving an output 

$$Z = \begin{bmatrix} \mathbf z_1 & \dots & \mathbf z_B \end{bmatrix}^\top \in \mathbb R^{B \times 10}$$

with $B$ the batch size, we first retrieve the maximal component of each $\mathbf z_i$:

$$\hat y_i = \text{argmax}_{k = 1, \ldots, 10} \; z_{ik}, \quad i = 1, \ldots, B$$

and then compute the accuracy:

$$\text{acc} = \frac 1 B \sum_{i=1}^B I\left\{ \hat y_i = y_i \right\} $$

with $I$ the indicator function and $y_i \in \{1, \ldots, 10\}$ the true target. 

In [None]:
# View the source code
??accuracy

# Model

We use a simple standard model for the MNIST dataset (can be found [here](https://github.com/floydhub/mnist/blob/master/ConvNet.py)).

In [16]:
from net import Net

??Net

[0;31mInit signature:[0m [0mNet[0m[0;34m([0m[0;34m)[0m[0;34m[0m[0;34m[0m[0m
[0;31mSource:[0m        
[0;32mclass[0m [0mNet[0m[0;34m([0m[0mnn[0m[0;34m.[0m[0mModule[0m[0;34m)[0m[0;34m:[0m[0;34m[0m
[0;34m[0m    [0;34m"""ConvNet -> Max_Pool -> RELU -> ConvNet -> Max_Pool -> RELU -> FC -> RELU -> FC -> SOFTMAX"""[0m[0;34m[0m
[0;34m[0m    [0;32mdef[0m [0m__init__[0m[0;34m([0m[0mself[0m[0;34m)[0m[0;34m:[0m[0;34m[0m
[0;34m[0m        [0msuper[0m[0;34m([0m[0mNet[0m[0;34m,[0m [0mself[0m[0;34m)[0m[0;34m.[0m[0m__init__[0m[0;34m([0m[0;34m)[0m[0;34m[0m
[0;34m[0m        [0mself[0m[0;34m.[0m[0mconv1[0m [0;34m=[0m [0mnn[0m[0;34m.[0m[0mConv2d[0m[0;34m([0m[0;36m1[0m[0;34m,[0m [0;36m20[0m[0;34m,[0m [0;36m5[0m[0;34m,[0m [0;36m1[0m[0;34m)[0m[0;34m[0m
[0;34m[0m        [0mself[0m[0;34m.[0m[0mconv2[0m [0;34m=[0m [0mnn[0m[0;34m.[0m[0mConv2d[0m[0;34m([0m[0;36m20[0m[0;34m,[0m [0

# Hyperparameter tuning

In [6]:
from torch.optim import Optimizer
from training import tune_optimizer
from optimizer import AdamOptimizer, NesterovOptimizer, MiniBatchOptimizer
from data_utils import get_best_hyperparams

If the `hyperparameter_tune` flag was set to `True` above, the following code will run hyperparameter tuning on all optimizers. Note that one can either run KFold cross validation (by providing `n_folds`) or use a simple train/test split (by providing `train_ratio`).

If the flag is set to `False`, the cell below will simply set up the hyperparameters that we carefully cross-validated:

In [7]:
optimizers = {
    AdamOptimizer: get_best_hyperparams('./res/adam_tuning_round3.json'),
    NesterovOptimizer: get_best_hyperparams('./res/nesterov_tuning_round2.json'),
    MiniBatchOptimizer: get_best_hyperparams('./res/minibatch_tuning_round2.json')
}

## Adam

In [8]:
search_grid_adam = {
        'lr': np.linspace(0.001, 0.01, 3),
        'beta1':  np.linspace(0.1, 0.9, 2),
        'beta2': np.linspace(0.5, 0.999, 2),
        'batch_size': [32, 64, 128],
        'weight_decay': np.linspace(0.001, 0.1, 2),
        'epsilon': np.linspace(1e-10, 1e-8, 2),
    }

if hyperparameter_tune:
    results_adam = tune_optimizer(
        model=Net().to(device),
        optim_fun=AdamOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_adam,
        nfolds=3,
        **training_config)

else:
    results_adam = optimizers[AdamOptimizer]

## Nesterov

In [9]:
search_grid_nesterov = {
    'lr': np.logspace(0, 1),
    'batch_size': [32, 64, 128]
}

if hyperparameter_tune:
    results_nesterov = tune_optimizer(
        model=Net().to(device),
        optim_fun=NesterovOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_nesterov,
        nfolds=3,
        **training_config
    )

else:
    results_nesterov = optimizers[NesterovOptimizer]

## Minibatch

In [10]:
search_grid_mini  = {
    'lr': np.linspace(0.00001, 0.01, 5),
    'batch_size': [32, 64, 128],
    'decreasing_lr': [0, 1],
}
if hyperparameter_tune:
    results_mini = tune_optimizer(
        model=Net().to(device),
        optim_fun=MiniBatchOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_mini,
        nfolds=3,
        **training_config
    )

else:
    results_mini = optimizers[MiniBatchOptimizer]

In [11]:
print("ADAM: Highest Test Accuracy {:.4f} with standart deviation of {:.4f}".format(results_adam["metric_test"], results_adam["metric_test_std"]))
print("Hyperparameter set: Learning rate =  {:.4f}, Beta1 = {:.1f}, Beta2 = {:.3f}, Weight decay = {:.2f}, Epsilon = {:.8f},  Batch Size = {:.0f}\n".format(results_adam["lr"], results_adam["beta1"], results_adam["beta2"], results_adam["weight_decay"], results_adam["epsilon"], results_adam['batch_size']))
print("NESTEROV: Highest Test Accuracy {:.4f} with standart deviation of {:.4f}".format(results_nesterov["metric_test"], results_nesterov["metric_test_std"]))
print("Hyperparameter set: Learning rate =  {:.4f}, Batch Size = {:.0f}\n".format(results_nesterov["lr"], results_nesterov["batch_size"]))
print("MINIBATCH: Highest Test Accuracy {:.4f} with standart deviation of {:.4f}".format(results_mini["metric_test"], results_mini["metric_test_std"]))
print("Hyperparameter set: Learning rate =  {:.4f}, Decreasing Learning rate {:.1f}, Batch Size = {:.0f}\n".format(results_mini["lr"], results_mini["decreasing_lr"], results_mini["batch_size"]))


ADAM: Highest Test Accuracy 0.9868 with standart deviation of 0.0007
Hyperparameter set: Learning rate =  0.0001, Beta1 = 0.9, Beta2 = 0.999, Weight decay = 0.01, Epsilon = 0.00000001,  Batch Size = 32

NESTEROV: Highest Test Accuracy 0.9876 with standart deviation of 0.0010
Hyperparameter set: Learning rate =  0.0001, Batch Size = 64

MINIBATCH: Highest Test Accuracy 0.9886 with standart deviation of 0.0002
Hyperparameter set: Learning rate =  0.2639, Decreasing Learning rate 0.0, Batch Size = 128



# Attack on naive model



In [12]:
from data_utils import build_data_loaders
from training import training, testing
from adversary import attack, projected_attack

In [13]:
optimizers = {
    AdamOptimizer: get_best_hyperparams('./res/adam_tuning_round3.json', get_performance=False),
    NesterovOptimizer: get_best_hyperparams('./res/nesterov_tuning_round2.json', get_performance=False),
    MiniBatchOptimizer: get_best_hyperparams('./res/minibatch_tuning_round2.json', get_performance=False)
}

In [None]:
optimizers

In [None]:
# Logging data structures
data_naive = list()
data_naive_attack = list()

# Training / attack config
n_try = 3
batch_log_interval = -1
epsilons = np.arange(0, 0.6, 0.05)

for optimizer, optimizer_params in optimizers.items():
    print(f'--- {optimizer.__name__}')
    # --------- SETUP OPTIMIZER
    optimizer_params = optimizer_params.copy()
    # Instantiate data loaders with selected batch size
    batch_size = int(optimizer_params.pop('batch_size'))
    train_loader, test_loader = build_data_loaders(train_dataset, test_dataset, batch_size)
    
    # --------- Train & Attack several times per optimizer
    for n in range(1, n_try + 1):
        net = Net().to(device)
        optimizer_instance = optimizer(net.parameters(), **optimizer_params)
        # --------- TRAIN MODEL
        loss_train, acc_train = training(
            model=net, 
            dataset=train_loader, 
            optim=optimizer_instance,
            batch_log_interval=batch_log_interval,
            **training_config
        )
        # --------- TEST MODEL
        loss_test, acc_test = testing(
            model=net,
            dataset=test_loader,
            **test_config
        )
        # Log
        data_naive.append({
            'optimizer': str(optimizer_instance),
            'n': n,
            'loss_train': loss_train,
            'acc_train': acc_train,
            'loss_test': loss_test,
            'acc_test': acc_test
        })

        # --------- ATTACK MODEL
        print(f'Launching attacks', end=' ')
        for eps in epsilons:
            print('', end='.')
            loss_attack, acc_attack = attack(
                model=net,
                test_loader=test_loader,
                epsilon=eps,
                verbose=False,
                **test_config
            )
            # Log
            data_naive_attack.append({
                'optimizer': str(optimizer_instance),
                'n': n,
                'epsilon': eps,
                'loss': loss_attack,
                'acc': acc_attack
            })

        print()

### Training curves

In [None]:
df_naive = pd.DataFrame(data_naive).sort_values(['optimizer', 'n'])
# Average training loss per epoch
df_naive.loss_train = df_naive.loss_train.apply(lambda s: np.mean(s, axis=1))

colors = {'AdamOptimizer': 'r', 'MiniBatchOptimizer': 'b', 'NesterovOptimizer': 'm'}
for _, row in df_naive.iterrows():
    plt.plot(range(1, training_config['epochs'] + 1), row.loss_train, '-o', label=row.optimizer, color=colors[row.optimizer])

plt.grid(alpha=.6)
plt.legend();
plt.yscale('log')
plt.xlabel('Epoch'); plt.ylabel('Training Loss')
plt.title('Training curves of naive models');

### Attack plots

In [None]:
df = pd.DataFrame(data_naive_attack).sort_values(['optimizer', 'epsilon'])
# Raw accuracy in function of attack stength
sns.lineplot(x='epsilon', y='acc', data=df, hue='optimizer', marker='o')
plt.grid(alpha=.6)
plt.ylabel('Accuracy');
plt.title('Attack on naive models');

In [None]:
df.T.to_json('res/log_attack_naive.json', indent=2)

# Attack on robust model

## Hyperparameter optimization on robust models

- If the `prot_hyperparameter_tune` flag was set to `True` above, the following code will run hyperparameter tuning on all optimizers for robust models. Note that one can either run KFold cross validation (by providing `n_folds`) or use a simple train/test split (by providing `train_ratio`).


In [14]:
from adversary import protected_training

### Adam

In [17]:
search_grid_adam = {
        'lr': np.linspace(0.001, 0.01, 3),
        'beta1':  np.linspace(0.1, 0.9, 2),
        'beta2': np.linspace(0.5, 0.999, 2),
        'batch_size': [32, 64, 128],
        'weight_decay': np.linspace(0.001, 0.1, 2),
        'epsilon': np.linspace(1e-10, 1e-8, 2),
    }

if prot_hyperparameter_tune:
    results_adam_prot = tune_optimizer(
        model=Net().to(device),
        optim_fun=AdamOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_adam,
        nfolds=3,
        func=protected_training,
        **training_config)

else:
    results_adam_prot = optimizers[AdamOptimizer]

ss = 0.5739	avg epoch acc = 0.9309
epoch 1	avg epoch loss = 0.4455	avg epoch acc = 0.964
epoch 2	avg epoch loss = 0.5219	avg epoch acc = 0.9628
epoch 3	avg epoch loss = 0.4548	avg epoch acc = 0.9659
epoch 4	avg epoch loss = 0.4922	avg epoch acc = 0.9651
epoch 5	avg epoch loss = 0.4419	avg epoch acc = 0.9676
epoch 6	avg epoch loss = 0.4185	avg epoch acc = 0.9705
epoch 7	avg epoch loss = 0.3731	avg epoch acc = 0.9717
epoch 8	avg epoch loss = 0.3954	avg epoch acc = 0.9712
epoch 9	avg epoch loss = 0.4016	avg epoch acc = 0.9712
training took 62.22 s
Avg test loss = 0.125	Avg test acc = 0.965
{'lr': 0.01, 'beta1': 0.9, 'beta2': 0.999, 'batch_size': 32, 'weight_decay': 0.1, 'epsilon': 1e-10}
epoch 0	avg epoch loss = 0.5752	avg epoch acc = 0.9313
epoch 1	avg epoch loss = 0.4458	avg epoch acc = 0.9613
epoch 2	avg epoch loss = 0.4835	avg epoch acc = 0.9602
epoch 3	avg epoch loss = 0.4352	avg epoch acc = 0.9612
epoch 4	avg epoch loss = 0.4325	avg epoch acc = 0.9629
epoch 5	avg epoch loss = 0.4172

In [20]:
with open('./res/prot_res_adam_new1.json', 'w', encoding ='utf8') as json_file:
    json.dump(results_adam_prot, json_file, indent=2)

In [19]:
import json

### Nesterov

In [21]:
search_grid_nesterov = {
    'lr': np.logspace(0, 1, num=15),
    'batch_size': [32, 64, 128]
}

if prot_hyperparameter_tune:
    results_nesterov_prot = tune_optimizer(
        model=Net().to(device),
        optim_fun=NesterovOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_nesterov,
        nfolds=3,
        func=protected_training,
        **training_config
    )

else:
    results_nesterov_prot = optimizers[NesterovOptimizer]

avg epoch acc = 0.09903
epoch 7	avg epoch loss = nan	avg epoch acc = 0.09903
epoch 8	avg epoch loss = nan	avg epoch acc = 0.09903
epoch 9	avg epoch loss = nan	avg epoch acc = 0.09903
training took 35.77 s
Avg test loss = nan	Avg test acc = 0.0981
epoch 0	avg epoch loss = nan	avg epoch acc = 0.09947
epoch 1	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 2	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 3	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 4	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 5	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 6	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 7	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 8	avg epoch loss = nan	avg epoch acc = 0.09788
epoch 9	avg epoch loss = nan	avg epoch acc = 0.09788
training took 35.77 s
Avg test loss = nan	Avg test acc = 0.1
epoch 0	avg epoch loss = 2.968e+12	avg epoch acc = 0.09845
epoch 1	avg epoch loss = 2.44	avg epoch acc = 0.09835
epoch 2	avg epoch loss = 2.433	avg epoch acc = 0.

In [22]:
with open('./res/prot_res_nesterov_new1.json', 'w', encoding ='utf8') as json_file:
    json.dump(results_nesterov_prot, json_file, indent=2)

### Minibatch

In [25]:
search_grid_mini  = {
        'lr': np.logspace(-4,-1,num=10),
        'batch_size': [64, 128],
        'decreasing_lr': [0, 1],
    }
if prot_hyperparameter_tune:
    results_minibatch_prot = tune_optimizer(
        model=Net().to(device),
        optim_fun=MiniBatchOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_mini,
        nfolds=3,
        func=protected_training,
        **training_config
    )

else:
    results_minibatch_prot = optimizers[MiniBatchOptimizer]

	avg epoch loss = 2.377	avg epoch acc = 0.1401
epoch 2	avg epoch loss = 2.375	avg epoch acc = 0.1507
epoch 3	avg epoch loss = 2.373	avg epoch acc = 0.1587
epoch 4	avg epoch loss = 2.372	avg epoch acc = 0.1644
epoch 5	avg epoch loss = 2.371	avg epoch acc = 0.1684
epoch 6	avg epoch loss = 2.37	avg epoch acc = 0.1729
epoch 7	avg epoch loss = 2.37	avg epoch acc = 0.1757
epoch 8	avg epoch loss = 2.369	avg epoch acc = 0.179
epoch 9	avg epoch loss = 2.369	avg epoch acc = 0.1817
training took 34.51 s
Avg test loss = 2.27	Avg test acc = 0.184
epoch 0	avg epoch loss = 2.384	avg epoch acc = 0.1435
epoch 1	avg epoch loss = 2.377	avg epoch acc = 0.1685
epoch 2	avg epoch loss = 2.374	avg epoch acc = 0.1777
epoch 3	avg epoch loss = 2.372	avg epoch acc = 0.1847
epoch 4	avg epoch loss = 2.371	avg epoch acc = 0.1904
epoch 5	avg epoch loss = 2.37	avg epoch acc = 0.1945
epoch 6	avg epoch loss = 2.37	avg epoch acc = 0.1978
epoch 7	avg epoch loss = 2.369	avg epoch acc = 0.2008
epoch 8	avg epoch loss = 2.368

In [26]:
with open('./res/prot_res_minibatch_new2.json', 'w', encoding ='utf8') as json_file:
    json.dump(results_minibatch_prot, json_file, indent=2)

In [27]:
search_grid_mini  = {
        'lr': np.logspace(-3,-0.3,num=15),
        'batch_size': [32, 64, 96, 128],
        'decreasing_lr': [0],
    }
if prot_hyperparameter_tune:
    results_minibatch_prot = tune_optimizer(
        model=Net().to(device),
        optim_fun=MiniBatchOptimizer,
        xtrain=train_dataset.data,
        ytrain=train_dataset.targets,
        search_grid=search_grid_mini,
        nfolds=3,
        func=protected_training,
        **training_config
    )

else:
    results_minibatch_prot = optimizers[MiniBatchOptimizer]

836
epoch 2	avg epoch loss = 0.1503	avg epoch acc = 0.9895
epoch 3	avg epoch loss = 0.1217	avg epoch acc = 0.9926
epoch 4	avg epoch loss = 0.09619	avg epoch acc = 0.9946
epoch 5	avg epoch loss = 0.07807	avg epoch acc = 0.9962
epoch 6	avg epoch loss = 0.07831	avg epoch acc = 0.9967
epoch 7	avg epoch loss = 0.06665	avg epoch acc = 0.9976
epoch 8	avg epoch loss = 0.06522	avg epoch acc = 0.9978
epoch 9	avg epoch loss = 0.07598	avg epoch acc = 0.9977
training took 34.54 s
Avg test loss = 0.0621	Avg test acc = 0.987
epoch 0	avg epoch loss = 0.5165	avg epoch acc = 0.9319
epoch 1	avg epoch loss = 0.2065	avg epoch acc = 0.9846
epoch 2	avg epoch loss = 0.1569	avg epoch acc = 0.9894
epoch 3	avg epoch loss = 0.12	avg epoch acc = 0.9927
epoch 4	avg epoch loss = 0.09895	avg epoch acc = 0.9947
epoch 5	avg epoch loss = 0.08195	avg epoch acc = 0.9957
epoch 6	avg epoch loss = 0.0751	avg epoch acc = 0.9967
epoch 7	avg epoch loss = 0.06954	avg epoch acc = 0.9973
epoch 8	avg epoch loss = 0.0766	avg epoch a

In [28]:
with open('./res/prot_res_minibatch_extensive.json', 'w', encoding ='utf8') as json_file:
    json.dump(results_minibatch_prot, json_file, indent=2)

## Train & Attack robust models

In [None]:
from adversary import protected_training

In [None]:
# Logging data structures
data_robust = list()
data_robust_attack = list()

# Training / attack config
n_try = 3
batch_log_interval = -1
epsilons = np.arange(0, 0.6, 0.05)

for optimizer, optimizer_params in optimizers.items():
    print(f'--- {optimizer.__name__}')
    # --------- SETUP OPTIMIZER
    optimizer_params = optimizer_params.copy()
    # Instantiate data loaders with selected batch size
    batch_size = int(optimizer_params.pop('batch_size'))
    train_loader, test_loader = build_data_loaders(train_dataset, test_dataset, batch_size)

    # --------- Train & Attack several times per optimizer
    for n in range(1, n_try + 1):
        net = Net().to(device)
        optimizer_instance = optimizer(net.parameters(), **optimizer_params)
        # --------- TRAIN MODEL
        loss_train, acc_train = protected_training(
            model=net,
            dataset=train_loader,
            optim=optimizer_instance,
            batch_log_interval=batch_log_interval,
            **training_config
        )
        # --------- TEST MODEL
        loss_test, acc_test = testing(
            model=net,
            dataset=test_loader,
            **test_config
        )
        # Log
        data_robust.append({
            'optimizer': str(optimizer_instance),
            'n': n,
            'loss_train': loss_train,
            'acc_train': acc_train,
            'loss_test': loss_test,
            'acc_test': acc_test
        })

        # --------- ATTACK MODEL
        print(f'Launching attacks', end=' ')
        for eps in epsilons:
            print('', end='.')
            loss_attack, acc_attack = attack(
                model=net,
                test_loader=test_loader,
                epsilon=eps,
                verbose=False,
                **test_config
            )
            # Log
            data_robust_attack.append({
                'optimizer': str(optimizer_instance),
                'n': n,
                'epsilon': eps,
                'loss': loss_attack,
                'acc': acc_attack
            })

        print()

### Training curves

In [None]:
df_naive = pd.DataFrame(data_robust).sort_values(['optimizer', 'n'])
# Average training loss per epoch
df_naive.loss_train = df_naive.loss_train.apply(lambda s: np.mean(s, axis=1))

colors = {'AdamOptimizer': 'r', 'MiniBatchOptimizer': 'b', 'NesterovOptimizer': 'm'}
for _, row in df_naive.iterrows():
    plt.plot(range(1, training_config['epochs'] + 1), row.loss_train, '-o', label=row.optimizer, color=colors[row.optimizer])

plt.grid(alpha=.6)
plt.legend();
plt.yscale('log')
plt.xlabel('Epoch'); plt.ylabel('Training Loss')
plt.title('Training curves of naive models');

### Attack plots

In [None]:
df_robust = pd.DataFrame(data_robust_attack).sort_values(['optimizer', 'epsilon'])
# Raw accuracy in function of attack stength
sns.lineplot(x='epsilon', y='acc', data=df, hue='optimizer', marker='o')
plt.grid(alpha=.6)
plt.ylabel('Accuracy');
plt.title('Attack on robust models');

In [None]:
df_robust.T.to_json('res/log_attack_robust.json', indent=2)

# Comparative analysis

In [None]:
%%capture --no-stderr
# Whether to generate fancy plots for the report. Warning: this lengthens image rendering time
# This requires the `ipypublish` library
fancy_plots = True

if fancy_plots:
    from ipypublish import nb_setup
    plt = nb_setup.setup_matplotlib()
    # Override with seaborn defaults
    sns.set(style='whitegrid')

In [None]:
from pathlib import Path

fig_path = Path('fig')
if not fig_path.exists():
    fig_path.mkdir()

In [None]:
df_naive = pd.read_json('res/log_attack_naive.json').T.drop(columns=['loss', 'n'])
df_robust = pd.read_json('res/log_attack_robust.json').T
# For some reason this has to be done after parsing from json
df_naive.epsilon = df_naive.epsilon.astype(float)
df_naive.acc = df_naive.acc.astype(float)
df_robust.acc = df_robust.acc.astype(float)
df_robust.epsilon = df_robust.epsilon.astype(float)

In [None]:
_, ax = plt.subplots(1, 2, figsize=(10, 4), sharex=True)

plt.axes(ax[0])
sns.lineplot(x='epsilon', y='acc', data=df_naive, hue='optimizer', marker='o', ci='sd')
plt.yscale('log')
plt.ylabel('Accuracy');
plt.title('Attack on naive models');
plt.xlabel('Attack strength $\epsilon$')

plt.axes(ax[1])
sns.lineplot(x='epsilon', y='acc', data=df_robust, hue='optimizer', marker='o', ci='sd')
plt.grid(alpha=.6)
plt.ylabel('Accuracy');
plt.title('Attack on robust models')
plt.xlabel('Attack strength $\epsilon$')
plt.tight_layout();
sns.despine()
plt.savefig('fig/attacks.pdf', bbox_inches='tight')

In [None]:
df_naive[df_naive.epsilon==0]

In [None]:
df_robust[df_robust.epsilon == 0]

In [None]:
df_robust