In [1]:
%load_ext autoreload
%autoreload 2
import torch

import os
import sys
module_path = os.path.abspath(os.path.join('../../../src/'))
if module_path not in sys.path:
    sys.path.append(module_path)
    
device = 'cuda' if torch.cuda.is_available() else 'cpu'

# Load models

In [12]:
from classification.models.crnn.model import AudioCRNN
from classification.models.SpectrogramCNN import SpectrogramCNN
from classification.models.DeepRecursiveCNN import DeepRecursiveCNN
from classification.models.M5 import M5

In [13]:
models = {}

In [14]:
state_dict_path = '/nfs/students/summer-term-2020/project-4/data/models/SpectrogramBasedCNN.pt'

model = SpectrogramCNN()
model.load_state_dict(torch.load(state_dict_path))
model = model.cuda()
model = model.eval()

models[model.__class__.__name__] = model

In [15]:
model_state_dict_path = "/nfs/students/summer-term-2020/project-4/yan/models/best_model_state_dict.pt"
model = DeepRecursiveCNN()
model.load_state_dict(torch.load(model_state_dict_path))
model = model.eval()

models[model.__class__.__name__] = model

In [16]:
res_path = '/nfs/students/summer-term-2020/project-4/data/models/crnn.pth'
checkpoint = torch.load(res_path)
model = AudioCRNN(checkpoint['classes'], checkpoint['config'])
model.load_state_dict(checkpoint['state_dict'])
model = model.eval().cuda()

models[model.__class__.__name__] = model

In [17]:
loaded_dict = torch.load("/nfs/homedirs/herrmanp/project-4/experiments/notebooks/pascal/adv_totaly_hig_50epochs.pt")
model = M5(loaded_dict["hparams"])
model.load_state_dict(loaded_dict["state_dict"])
model = model.eval().cuda()

models[model.__class__.__name__] = model

# Load Data

In [18]:
from datasets.datahandler import DatasetHandler
datasetHandler = DatasetHandler()

In [19]:
for model_name in models:
    #datasetHandler.load(models[model_name], 'training')
    datasetHandler.load(models[model_name], 'validation')

Loading cached val data from /nfs/students/summer-term-2020/project-4/data/data_8k


## FGSM

In [20]:
from attacks.pgd import ProjectedGradientDescent

attack_parameters = {'epsilon': 0.001, 'num_iter': 1}
attacks = {}

for model_name in models:
    valid_loader = models[model_name].getDataLoader('validation', batch_size=3)
    fgsm = ProjectedGradientDescent(model, valid_loader, attack_parameters, save_samples=False)
    fgsm.attack()
    attacks[model_name] = fgsm
    
for model_name in attacks:
    print(model_name)
    print(attacks[model_name].report())
    print()

100%|██████████| 563/563 [00:18<00:00, 30.99it/s]
100%|██████████| 563/563 [00:17<00:00, 32.65it/s]
100%|██████████| 563/563 [00:17<00:00, 32.55it/s]
100%|██████████| 563/563 [00:05<00:00, 102.02it/s]


In [21]:
for model_name in attacks:
    print(model_name)
    print(attacks[model_name].report())
    print()

SpectrogramCNN
Attack-Parameters:	{'epsilon': 0.001, 'num_iter': 1}
Early stopping: 	False (-1)

Successfully attacked:	23
Total attacked: 	823
Total processed:	1687

Success-Rate: 		0.03
Perturbed Accurracy: 	0.47
None

DeepRecursiveCNN
Attack-Parameters:	{'epsilon': 0.001, 'num_iter': 1}
Early stopping: 	False (-1)

Successfully attacked:	23
Total attacked: 	823
Total processed:	1687

Success-Rate: 		0.03
Perturbed Accurracy: 	0.47
None

AudioCRNN
Attack-Parameters:	{'epsilon': 0.001, 'num_iter': 1}
Early stopping: 	False (-1)

Successfully attacked:	23
Total attacked: 	823
Total processed:	1687

Success-Rate: 		0.03
Perturbed Accurracy: 	0.47
None

M5
Attack-Parameters:	{'epsilon': 0.001, 'num_iter': 1}
Early stopping: 	False (-1)

Successfully attacked:	35
Total attacked: 	1356
Total processed:	1687

Success-Rate: 		0.03
Perturbed Accurracy: 	0.78
None



## PGD [TODO: Refactor from here on]

In [14]:
from attacks.pgd import ProjectedGradientDescent

#valid_loader = DataLoader(audio_set_val, batch_size=1)
valid_loader = DataLoader(emergency_set_val, batch_size=4)
attack_parameters = {'epsilon': 0.001, 'num_iter': 30, 'norm': 2}

pgd = ProjectedGradientDescent(model, valid_loader, attack_parameters, early_stopping=2)
pgd.attack()

 35%|███▍      | 146/422 [00:28<00:53,  5.11it/s]

Early stopping





In [None]:
# pgd.showAdversarialExample(sr=FIXED_SAMPLE_RATE, target_class=1)

In [15]:
pgd.report()

Attack-Parameters:	{'epsilon': 0.001, 'num_iter': 30, 'norm': 2}
Early stopping: 	True (2)

Successfully attacked:	2
Total attacked: 	487
Total processed:	588

Success-Rate: 		0.0
Perturbed Accurracy: 	0.82


## Volume attacks

In [None]:
from attacks.volume import VolumeAttack

valid_loader = DataLoader(audio_set_valA, batch_size=1)
#valid_loader = DataLoader(emergency_set_val, batch_size=1)
attack_parameters = {'epsilon': 0.1, 'num_iter': 10}

vol = VolumeAttack(model, valid_loader, attack_parameters, early_stopping=3)
vol.attack()

In [112]:
# vol.showAdversarialExample(target_class=1)

In [36]:
vol.report()

Attack-Parameters:	{'epsilon': 0.1, 'num_iter': 10}
Early stopping: 	True (3)

Successfully attacked:	0
Total attacked: 	1356
Total processed:	1687

Success-Rate: 		0.0
Perturbed Accurracy: 	0.8


## Interpolation attack

In [None]:
import librosa
path_tum_sound = '/nfs/students/summer-term-2020/project-4/yan/tum.wav'
tum_sound,sr = librosa.load(path_tum_sound, sr=48000)

max_length = len(audio_set_valA[0][0])
padding = int((max_length - len(tum_sound))/2)
zero_padded_data = torch.zeros(max_length)
zero_padded_data[padding:padding+tum_sound.shape[0]] = torch.from_numpy(tum_sound)
tum_sound = zero_padded_data

In [None]:
from attacks.interpolation import InterpolationAttack

valid_loader = DataLoader(audio_set_val, batch_size=1)
attack_parameters = {'epsilon': 0.2, 'num_iter': 30, 'overlay_sound': tum_sound}

ia = InterpolationAttack(model, valid_loader, attack_parameters, early_stopping=1)
ia.attack()

In [298]:
# ia.showAdversarialExample(sr=FIXED_SAMPLE_RATE, target_class=1)

In [297]:
ia.report()

Attack-Parameters:	{'epsilon': 0.2, 'num_iter': 30, 'overlay_sound': tensor([0., 0., 0.,  ..., 0., 0., 0.])}
Early stopping: 	True (1)

Successfully attacked:	1
Total attacked: 	67
Total processed:	75

Success-Rate: 		0.01
Perturbed Accurracy: 	0.88


## Time stretching attack

In [None]:
from attacks.speed import TimeStretchAttack

valid_loader = DataLoader(audio_set_val, batch_size=1)
attack_parameters = {'num_iter': 30, 'lower': 0.1, 'upper': 0.5}

tsa = TimeStretchAttack(model, valid_loader, attack_parameters, early_stopping=5)
tsa.attack()

In [None]:
tsa.showAdversarialExample(target_class=0)

In [170]:
tsa.report()

Attack-Parameters:	{'num_iter': 30, 'lower': 0.1, 'upper': 1}
Early stopping: 	True (20)

Successfully attacked:	16
Total attacked: 	1483
Total processed:	1687

Success-Rate: 		0.01
Perturbed Accurracy: 	0.87


## Pitch attack

In [None]:
from attacks.pitch import PitchAttack

valid_loader = DataLoader(audio_set_val, batch_size=1)
attack_parameters = {'num_iter': 5, 'lower': 0, 'upper': 10}

pa = PitchAttack(model, valid_loader, attack_parameters, early_stopping=10)
pa.attack()

In [6]:
#pa.showAdversarialExample(target_class=0)

In [9]:
pa.report()

Attack-Parameters:	{'num_iter': 5, 'lower': 0, 'upper': 10}
Early stopping: 	True (10)

Successfully attacked:	10
Total attacked: 	87
Total processed:	98

Success-Rate: 		0.11
Perturbed Accurracy: 	0.79
