In [2]:
import torchvision.models as models
import eagerpy as ep
from foolbox import PyTorchModel, accuracy, samples
import foolbox.attacks as fa

from models.VGG16 import *

if __name__ == "__main__":
    # instantiate a model
    model = VGG16().to(device)
        
    state = torch.load('./models/model_150_89.pth')
    model.load_state_dict(state['model'])    
    model.eval()
    
    preprocessing = dict(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225], axis=-3)
    fmodel = PyTorchModel(model, bounds=(-2.117, 2.64), preprocessing=preprocessing)


    # get data and test the model
    # wrapping the tensors with ep.astensors is optional, but it allows
    # us to work with EagerPy tensors in the following
    images, labels = ep.astensors(*samples(fmodel, dataset="cifar10", batchsize=1000, shape=(32, 32), bounds=(-1, 1)))
    print(accuracy(fmodel, images, labels))

    # apply the attack
    attack = fa.boundary_attack.BoundaryAttack(
    steps=25,
    )
    
    epsilons = [0.0, 0.03, 0.1, 0.3]
    advs, _, success = attack(fmodel, images, labels, epsilons=epsilons)

    # calculate and report the robust accuracy
    robust_accuracy = 1 - success.float32().mean(axis=-1)
    for eps, acc in zip(epsilons, robust_accuracy):
        print(eps, acc.item())

0.9000000357627869


KeyboardInterrupt: 