# **Problem 1: WhiteBox Attacks Using FoolBox**

Install Foolbox

In [None]:
!pip3 install foolbox



## Getting Model

In [None]:
import torch as t
import torchvision as tv
import foolbox as fb

model = tv.models.resnet18(pretrained = True)
prep = dict(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225], axis=-3)
bounds = (0,1)
fmodel = fb.PyTorchModel(model,bounds=bounds,preprocessing=prep)

  "The PyTorch model is in training mode and therefore might"


Data Set

In [None]:
images,labels = fb.utils.samples(fmodel,dataset='imagenet',batchsize=16)

Tools that will be used for Data Gathering

In [None]:
#stores the 4 data fields into lists
attackType = []
pnormdist = []
succrate = []
timecost = []

#function for appending all items at once
def appenditems(at,pd,sr,tc):
  attackType.append(at)
  pnormdist.append(pd)
  succrate.append(sr)
  timecost.append(tc)
  return

#function to convert seconds to minutes
import time
def convert(seconds): 
    min, sec = divmod(seconds, 60)
    return "%02d:%02d" % (min, sec)

## Attack Model

In [None]:
#accuracy
fb.utils.accuracy(fmodel, images, labels)

0.875

In [None]:
#attack function
import numpy as np
epsilons = np.linspace(0.0,0.005, num=5)

def flatlist(l):
    flatlist = []
    for e in l:
      flatlist.extend(e)
    return flatlist

def attk(at,pd,attack):
  ti = time.time()
  raw, clipped, is_adv = attack(fmodel,images,labels,epsilons=epsilons)
  tc = convert(time.time()-ti)
  fl = flatlist(is_adv.tolist())
  sr = fl.count(True)/len(fl)
  appenditems(at,pd,sr,tc)
  return

In [None]:
#Deep Fool Attacks
attk('Deep Fool','2',fb.attacks.L2DeepFoolAttack())
attk('Deep Fool','Inf',fb.attacks.LinfDeepFoolAttack())

In [None]:
#Basic Iterative Attacks
attk('Basic Iterative','1',fb.attacks.L1BasicIterativeAttack())
attk('Basic Iterative','2',fb.attacks.L2BasicIterativeAttack())
attk('Basic Iterative','Inf',fb.attacks.LinfBasicIterativeAttack())

In [None]:
#Fast Gradiant Attacks
attk('Fast Gradiant','1',fb.attacks.L1FastGradientAttack())
attk('Fast Gradiant','2',fb.attacks.L2FastGradientAttack())
attk('Fast Gradiant','Inf',fb.attacks.LinfFastGradientAttack())

In [None]:
#Projected Griadiant Descent Attacks
attk('Projected Gradiant Descent','1',fb.attacks.L1ProjectedGradientDescentAttack())
attk('Projected Gradiant Descent','2',fb.attacks.L2ProjectedGradientDescentAttack())
attk('Projected Gradiant Descent','Inf',fb.attacks.LinfProjectedGradientDescentAttack())

## Finalize Table

In [None]:
import pandas as pd
df = pd.DataFrame({'Attack Type' : attackType,
                   'P-norm Distance' : pnormdist,
                   'Success Rate' : succrate,
                   'Time Cost (minutes)' : timecost
})
df

Unnamed: 0,Attack Type,P-norm Distance,Success Rate,Time Cost (minutes)
0,Deep Fool,2.0,0.125,33:01
1,Deep Fool,inf,0.7125,20:49
2,Basic Iterative,1.0,0.125,03:53
3,Basic Iterative,2.0,0.125,03:48
4,Basic Iterative,inf,0.6375,03:48
5,Fast Gradiant,1.0,0.125,00:29
6,Fast Gradiant,2.0,0.125,00:29
7,Fast Gradiant,inf,0.5,00:28
8,Projected Gradiant Descent,1.0,0.125,18:33
9,Projected Gradiant Descent,2.0,0.125,18:24
