In [7]:
%load_ext autoreload
%autoreload 2
import torch

import os
import sys
module_path = os.path.abspath(os.path.join('../../../src/'))
if module_path not in sys.path:
    sys.path.append(module_path)
    
device = 'cuda' if torch.cuda.is_available() else 'cpu'

The autoreload extension is already loaded. To reload it, use:
  %reload_ext autoreload


# Load models

In [8]:
# from classification.models.crnn.model import AudioCRNNPLModule
from classification.models.SpectrogramCNN import SpectrogramCNNPLModule
from classification.models.DeepRecursiveCNN import DeepRecursiveCNNPLModule
from classification.models.M5 import M5PLModule

models = {}

In [9]:
state_dict_path = '/nfs/students/summer-term-2020/project-4/data/models/SpectrogramBasedCNN.pt'

hparams = {
    "batch_size": 5,
    "learning_rate": 3e-4,
    "weight_decay": 0.001,
    "lr_decay": 0.95
}

model = SpectrogramCNNPLModule(hparams)
model.model.load_state_dict(torch.load(state_dict_path))
model = model.cuda()
model = model.eval()

models[model.__class__.__name__] = model

In [14]:
model_state_dict_path = "/nfs/students/summer-term-2020/project-4/yan/models/best_model_state_dict.pt"

hparams = {
    "batch_size": 2,
    "learning_rate": 0.001,
    "weight_decay": 0,
    "lr_decay": 1
}

model = DeepRecursiveCNNPLModule(hparams)
model.model.load_state_dict(torch.load(model_state_dict_path))
model = model.eval()

models[model.__class__.__name__] = model

In [15]:
model.save("/nfs/students/summer-term-2020/project-4/SAVED_MODELS/DeepRecursiveCNN/vanilla.p")

Saved model to "/nfs/students/summer-term-2020/project-4/SAVED_MODELS/DeepRecursiveCNN/vanilla.p"


In [6]:
res_path = '/nfs/students/summer-term-2020/project-4/data/models/crnn.pth'
checkpoint = torch.load(res_path)
model = AudioCRNN(checkpoint['classes'], checkpoint['config'])
model.load_state_dict(checkpoint['state_dict'])
model = model.eval().cuda()

models[model.__class__.__name__] = model

In [5]:
loaded_dict = torch.load("/nfs/homedirs/herrmanp/project-4/experiments/notebooks/pascal/adv_totaly_hig_50epochs.pt")
model = M5(loaded_dict["hparams"])
model.load_state_dict(loaded_dict["state_dict"])
model = model.eval().cuda()

models[model.__class__.__name__] = model

In [45]:
fast_model = {'SpectrogramCNNPLModule': models['SpectrogramCNNPLModule']}

# Load Data

In [61]:
from datasets.datasethandler import DatasetHandler
datasetHandler = DatasetHandler()

In [62]:
for model_name in models:
    #datasetHandler.load(models[model_name], 'training')
    datasetHandler.load(models[model_name], 'validation')

Load: /nfs/students/summer-term-2020/project-4/data/dataset1/dataset_resampled/validation.p


# Attacks

## Functional Attacks

In [125]:
from attacks.functionalVolume import FunctionalVolumeAttack

attack_parameters = {'epsilonVolume': 0.1, 'epsilonPGD': 0.001, 'num_iter': 10}
attacks = {}

for model_name in models:
    valid_loader = models[model_name].val_dataloader()
    fva = FunctionalVolumeAttack(model, valid_loader, attack_parameters, save_samples=True)
    fva.attack()
    attacks[model_name] = fva
    
for model_name in attacks:
    print(model_name)
    attacks[model_name].report()
    print()

100%|██████████| 338/338 [01:46<00:00,  3.16it/s]

SpectrogramCNNPLModule
Attack-Parameters:	{'epsilonVolume': 0.1, 'epsilonPGD': 0.001, 'num_iter': 10}
Early stopping: 	False (-1)

Successfully attacked:	503
Total attacked: 	1483
Total processed:	1687

Success-Rate: 		0.34
Perturbed Accurracy: 	0.58






## FGSM

In [93]:
from attacks.pgd import ProjectedGradientDescent

attack_parameters = {'epsilon': 0.01, 'num_iter': 1}
attacks = {}

for model_name in models:
    valid_loader = models[model_name].val_dataloader()
    fgsm = ProjectedGradientDescent(model, valid_loader, attack_parameters, save_samples=True)
    fgsm.attack()
    attacks[model_name] = fgsm
    
for model_name in attacks:
    print(model_name)
    print(attacks[model_name].report())
    print()

100%|██████████| 338/338 [00:14<00:00, 22.72it/s]

SpectrogramCNNPLModule
Attack-Parameters:	{'epsilon': 0.01, 'num_iter': 1}
Early stopping: 	False (-1)

Successfully attacked:	164
Total attacked: 	1483
Total processed:	1687

Success-Rate: 		0.11
Perturbed Accurracy: 	0.78
{'success_rate': 0.11058664868509778, 'acc': 0.7818612922347362}






## PGD 

In [73]:
from attacks.pgd import ProjectedGradientDescent

attack_parameters = {'epsilon': 0.0005, 'num_iter': 10}
attacks = {}

for model_name in models:
    valid_loader = models[model_name].val_dataloader()
    fgsm = ProjectedGradientDescent(model, valid_loader, attack_parameters, save_samples=True)
    fgsm.attack()
    attacks[model_name] = fgsm
    
for model_name in attacks:
    print(model_name)
    attacks[model_name].report()
    print()

100%|██████████| 338/338 [04:25<00:00,  1.27it/s]


SpectrogramCNNPLModule
Attack-Parameters:	{'epsilon': 0.0005, 'num_iter': 10}
Early stopping: 	False (-1)

Successfully attacked:	229
Total attacked: 	1483
Total processed:	1687

Success-Rate: 		0.15
Perturbed Accurracy: 	0.74



In [74]:
# attacks['SpectrogramCNNPLModule'].showAdversarialExample(target_class=1)

## Volume attacks

In [116]:
from attacks.volume import VolumeAttack

attack_parameters = {'epsilon': 0.1, 'num_iter': 10}
attacks = {}

for model_name in models:
    valid_loader = models[model_name].val_dataloader()
    attack = VolumeAttack(model, valid_loader, attack_parameters, save_samples=False)
    attack.attack()
    attacks[model_name] = attack
    
for model_name in attacks:
    print(model_name)
    attacks[model_name].report()
    print()

100%|██████████| 338/338 [01:43<00:00,  3.25it/s]

SpectrogramCNNPLModule
Attack-Parameters:	{'epsilon': 0.1, 'num_iter': 10}
Early stopping: 	False (-1)

Successfully attacked:	5
Total attacked: 	1483
Total processed:	1687

Success-Rate: 		0.0
Perturbed Accurracy: 	0.88






## Interpolation attack

In [60]:
from attacks.interpolation import InterpolationAttack

attacks = {}

for model_name in fast_model:
    valid_loader = models[model_name].getDataLoader('validation', batch_size=20)
    test_sound = 0.2*next(iter(valid_loader))['audio'][0]
    attack_parameters = {'epsilon': 0.2, 'num_iter': 10, 'overlay_sound': test_sound}
    attack = InterpolationAttack(model, valid_loader, attack_parameters, save_samples=False)
    attack.attack()
    attacks[model_name] = attack

100%|██████████| 85/85 [00:21<00:00,  3.90it/s]


In [59]:
for model_name in attacks:
    print(model_name)
    attacks[model_name].report()
    print()

M5
Attack-Parameters:	{'epsilon': 0.2, 'num_iter': 10, 'overlay_sound': tensor([-0.0449, -0.0255, -0.0231,  ..., -0.0050,  0.0054, -0.0017])}
Early stopping: 	False (-1)

Successfully attacked:	7
Total attacked: 	1356
Total processed:	1687

Success-Rate: 		0.01
Perturbed Accurracy: 	0.8



## Time stretching attack 

In [61]:
from attacks.speed import TimeStretchAttack

attack_parameters = {'num_iter': 30, 'lower': 0.5, 'upper': 1.5}
attacks = {}

for model_name in fast_model:
    valid_loader = models[model_name].getDataLoader('validation', batch_size=30)
    attack = TimeStretchAttack(model, valid_loader, attack_parameters, early_stopping=10)
    attack.attack()
    attacks[model_name] = attack

100%|██████████| 57/57 [00:42<00:00,  1.35it/s]


In [65]:
# attacks['M5'].showAdversarialExample(target_class=1)

In [66]:
#tsa.showAdversarialExample(target_class=0)
for model_name in attacks:
    print(model_name)
    attacks[model_name].report()
    print()

M5
Attack-Parameters:	{'num_iter': 30, 'lower': 0.5, 'upper': 1.5}
Early stopping: 	False (-1)

Successfully attacked:	108
Total attacked: 	1356
Total processed:	1687

Success-Rate: 		0.08
Perturbed Accurracy: 	0.74



## Pitch attack

In [55]:
from attacks.pitch import PitchAttack

attack_parameters = {'num_iter': 5, 'lower': -1, 'upper': 5}
attacks = {}

for model_name in fast_model:
    valid_loader = models[model_name].getDataLoader('validation', batch_size=30)
    attack = PitchAttack(model, valid_loader, attack_parameters, early_stopping=10)
    attack.attack()
    attacks[model_name] = attack

  5%|▌         | 3/57 [00:19<05:52,  6.53s/it]

Early stopping





In [58]:
#attacks['M5'].showAdversarialExample(target_class=1)

In [57]:
attacks['M5'].report()

Attack-Parameters:	{'num_iter': 5, 'lower': -1, 'upper': 5}
Early stopping: 	True (10)

Successfully attacked:	14
Total attacked: 	95
Total processed:	120

Success-Rate: 		0.15
Perturbed Accurracy: 	0.68


{'success_rate': 0.14736842105263157, 'acc': 0.675}