In [1]:
import torch
import torch.nn as nn
import numpy as np
import sys
import os
import random
import matplotlib.pyplot as plt

In [2]:
# check if GPU is available and set the device
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
print('Using device:', device)

Using device: cuda


### Model + Helper Functions

In [3]:
os.chdir("src")
print("Current working directory set to:", os.getcwd())

Current working directory set to: /projects/bcnx/sroy6/One_pixel/one-pixel-attack-pytorch/src


In [4]:
# Please put the src directory in the path
src_path = os.path.abspath(os.path.join(os.getcwd(), 'src'))
if src_path not in sys.path:
    sys.path.append(src_path)

from utils import MIMONetDataset, ChannelScaler
from mimonet import MIMONet

stty: 'standard input': Inappropriate ioctl for device


In [5]:
# set working directory
working_dir = "/projects/bcnx/kazumak2/MIMONet/HeatExchanger"
data_dir = os.path.join(working_dir, "data")

### Load datasets

In [6]:
# trunk dataset
trunk_input = np.load(os.path.join(data_dir, "share/trunk.npz"))['trunk']

# min-max scaling [-1, 1]
trunk_input[:, 0] = 2 * (trunk_input[:, 0] - np.min(trunk_input[:, 0])) / (np.max(trunk_input[:, 0]) - np.min(trunk_input[:, 0])) - 1
trunk_input[:, 1] = 2 * (trunk_input[:, 1] - np.min(trunk_input[:, 1])) / (np.max(trunk_input[:, 1]) - np.min(trunk_input[:, 1])) - 1

In [7]:
# branch input dataset
branch = np.load(os.path.join(data_dir, "branch.npz"))

branch1 = branch['branch1']
branch2 = branch['branch2']

print("Branch1 shape:", branch1.shape)
print("Branch2 shape:", branch2.shape)

# split the dataset into training and testing sets
train_size = int(0.8 * len(branch1))
test_size = len(branch1) - train_size
train_branch1, test_branch1 = branch1[:train_size], branch1[train_size:]
train_branch2, test_branch2 = branch2[:train_size], branch2[train_size:]

Branch1 shape: (1546, 2)
Branch2 shape: (1546, 100)


In [8]:
# create a dictionary for the output channel names
# 0: turb-kinetic-energy
# 1: pressure
# 2: temperature
# 3: z-velocity
# 4: y-velocity
# 5: x-velocity
# 6: velocity-magnitude

dict_channel = {
    0: 'turb-kinetic-energy',
    1: 'pressure',
    2: 'temperature',
    3: 'z-velocity',
    4: 'y-velocity',
    5: 'x-velocity',
    6: 'velocity-magnitude'
}

# select the output channel
target_channel = [1, 3, 4, 5, 6]

# print the selected output channel names
# target_label is used to store the names of the selected output channels for further processing (e.g., plotting)
print("Selected output channels:")
target_label = []
for channel in target_channel:
    print(dict_channel[channel])
    target_label.append(dict_channel[channel])    

Selected output channels:
pressure
z-velocity
y-velocity
x-velocity
velocity-magnitude


In [9]:
# target dataset
target = np.load(os.path.join(data_dir, "target.npy"))

# extract the output channels
target = target[:, :, target_channel ]  # select the first 7 channels
print("Target dataset shape before split:", target.shape)


# split the target dataset into training and testing sets
train_target = target[:train_size]
test_target = target[train_size:]

print("Train target shape:", train_target.shape)
print("Test target shape:", test_target.shape)

Target dataset shape before split: (1546, 3977, 5)
Train target shape: (1236, 3977, 5)
Test target shape: (310, 3977, 5)


In [10]:
# get the mean and standard deviation of each channel
mean_branch1 = np.mean(train_branch1, axis=0)
std_branch1 = np.std(train_branch1, axis=0)

print("Mean of branch1:", mean_branch1)
print("Std of branch1:", std_branch1)

# (# train samples, 100)
mean_branch2 = np.mean(train_branch2)
std_branch2 = np.std(train_branch2)

print("Mean of branch2:", mean_branch2)
print("Std of branch2:", std_branch2)

Mean of branch1: [  4.51454429 292.42944177]
Std of branch1: [ 0.2615285  17.03323994]
Mean of branch2: 12587.66968713018
Std of branch2: 6302.709013835411


In [11]:
# normalize the branch data using the mean and std
train_branch_1 = (train_branch1 - mean_branch1) / std_branch1
test_branch_1 = (test_branch1 - mean_branch1) / std_branch1
train_branch_2 = (train_branch2 - mean_branch2) / std_branch2
test_branch_2 = (test_branch2 - mean_branch2) / std_branch2

# print the shapes of the normalized data
print("Shape of normalized train_branch1:", train_branch_1.shape)
print("Shape of normalized test_branch1:", test_branch_1.shape)
print("Shape of normalized train_branch2:", train_branch_2.shape)
print("Shape of normalized test_branch2:", test_branch_2.shape)

Shape of normalized train_branch1: (1236, 2)
Shape of normalized test_branch1: (310, 2)
Shape of normalized train_branch2: (1236, 100)
Shape of normalized test_branch2: (310, 100)


### Scaling the target data

In [12]:
import numpy as np
# scaling the target data
'''  
note: reverse the scaling for the target data
train_target = scaler.inverse_transform(train_target_scaled)
test_target = scaler.inverse_transform(test_target_scaled)
'''
scaler = ChannelScaler(method='minmax', feature_range=(-1, 1))
scaler.fit(train_target)
train_target_scaled = scaler.transform(train_target)
test_target_scaled = scaler.transform(test_target)

print("Shape of scaled train_target:", train_target_scaled.shape)
print("Shape of scaled test_target:", test_target_scaled.shape)

Shape of scaled train_target: (1236, 3977, 5)
Shape of scaled test_target: (310, 3977, 5)


In [13]:
# test dataset and dataloader
test_dataset = MIMONetDataset(
    [test_branch_1, test_branch_2],  # branch_data_list
    trunk_input,                     # trunk_data
    test_target_scaled               # target_data
)

test_loader = torch.utils.data.DataLoader(
    test_dataset,
    batch_size=1,  # set to 1 for testing
    shuffle=False,
    num_workers=0
)

In [14]:
# test dataset and dataloader
train_dataset = MIMONetDataset(
    [train_branch_1, train_branch_2],  # branch_data_list
    trunk_input,                     # trunk_data
    train_target_scaled               # target_data
)

train_loader = torch.utils.data.DataLoader(
    train_dataset,
    batch_size=1,  # set to 1 for testing
    shuffle=False,
    num_workers=0
)

## Model Instance & Load Parameters

In [15]:
# Architecture parameters
dim = 256
branch_input_dim1 = 2
branch_input_dim2 = 100
trunk_input_dim = 2

# Define the model arguments for orig_MIMONet
model_args = {
    'branch_arch_list': [
        [branch_input_dim1, 512, 512, 512, dim],
        [branch_input_dim2, 512, 512, 512, dim]
    ],
    'trunk_arch': [trunk_input_dim, 256, 256, 256, dim],
    'num_outputs': target.shape[-1] -1,  # number of output channels
    'activation_fn': nn.ReLU,
    'merge_type': 'mul',
}

In [16]:
trunk_input_dim

2

### Load

In [17]:
model = MIMONet(**model_args).to(device)
# Load the trained model
model_path = os.path.join(working_dir, "checkpoints/custom_best_model_lambda_1E-4.pt")

if os.path.exists(model_path):
    model.load_state_dict(torch.load(model_path, map_location=device))
    print("Model loaded successfully from", model_path)
else:
    print("Model file not found at", model_path)
    sys.exit(1)
    
# Evaluate the model on the test set
model.eval()

# print the number of parameters in the model
num_params = sum(p.numel() for p in model.parameters() if p.requires_grad)
print(f"Number of trainable parameters in the model: {num_params}")

Model loaded successfully from /projects/bcnx/kazumak2/MIMONet/HeatExchanger/checkpoints/custom_best_model_lambda_1E-4.pt
Number of trainable parameters in the model: 1762052


  model.load_state_dict(torch.load(model_path, map_location=device))


## How to predict?

In [18]:
# feed the test loader to the model (and save predictions and targets)
predictions = []
targets = []
with torch.no_grad():
    for batch in test_loader:
        branch_data, trunk_data, target_data = batch
        print(branch_data)
        print(trunk_data.shape, target_data.shape)
        branch_data = [b.to(device) for b in branch_data]
        trunk_data = trunk_data.to(device)
        target_data = target_data.to(device)

        output = model(branch_data, trunk_data)
        predictions.append(output.cpu().numpy())
        targets.append(target_data.cpu().numpy())
        
# Convert predictions and targets to numpy arrays
predictions = np.concatenate(predictions, axis=0)
targets = np.concatenate(targets, axis=0)

# Reverse the scaling for the target data
predictions = scaler.inverse_transform(predictions)
targets = scaler.inverse_transform(targets)

[tensor([[-0.4136,  0.8982]]), tensor([[-1.9972, -1.8984, -1.7997, -1.7011, -1.6029, -1.5051, -1.4078, -1.3111,
         -1.2150, -1.1198, -1.0254, -0.9320, -0.8397, -0.7485, -0.6586, -0.5701,
         -0.4830, -0.3974, -0.3134, -0.2311, -0.1506, -0.0720,  0.0047,  0.0794,
          0.1520,  0.2224,  0.2906,  0.3565,  0.4200,  0.4811,  0.5397,  0.5958,
          0.6492,  0.7000,  0.7480,  0.7933,  0.8358,  0.8754,  0.9121,  0.9459,
          0.9768,  1.0046,  1.0294,  1.0512,  1.0699,  1.0855,  1.0980,  1.1074,
          1.1137,  1.1168,  1.1168,  1.1137,  1.1074,  1.0980,  1.0855,  1.0699,
          1.0512,  1.0294,  1.0046,  0.9768,  0.9459,  0.9121,  0.8754,  0.8358,
          0.7933,  0.7480,  0.7000,  0.6492,  0.5958,  0.5397,  0.4811,  0.4200,
          0.3565,  0.2906,  0.2224,  0.1520,  0.0794,  0.0047, -0.0720, -0.1506,
         -0.2311, -0.3134, -0.3974, -0.4830, -0.5701, -0.6586, -0.7485, -0.8397,
         -0.9320, -1.0254, -1.1198, -1.2150, -1.3111, -1.4078, -1.5051, -1.602

(Evaluate)

In [19]:
predictions[0].shape

(3977, 4)

In [20]:
# Compute L2 norm over grid points for each sample and channel
l2_pred = np.linalg.norm(predictions, axis=1)  # shape: (samples, channels)
l2_gt = np.linalg.norm(targets[..., :4], axis=1)  # shape: (samples, channels)

print("L2 norm of predictions shape:", l2_pred.shape)
print("L2 norm of targets shape:", l2_gt.shape)


# Compute L2 error over grid points for each sample and channel
l2_err = np.linalg.norm(predictions - targets[..., :4], axis=1)  # shape: (samples, channels)

# Compute relative error (avoid division by zero)
rel_err = l2_err / (l2_gt + 1e-8)  # shape: (samples, channels)

# Mean over samples for each channel
mean_rel_err_per_channel = np.mean(rel_err, axis=0)  # shape: (channels,)

print("Mean relative L2 error per channel:", mean_rel_err_per_channel * 100, "%")

# standard deviation of relative error per channel
std_rel_err_per_channel = np.std(rel_err, axis=0)  # shape: (channels,)

print("Standard deviation of relative L2 error per channel:", std_rel_err_per_channel)

L2 norm of predictions shape: (310, 4)
L2 norm of targets shape: (310, 4)
Mean relative L2 error per channel: [0.7996377 1.4521604 1.0151619 0.5177918] %
Standard deviation of relative L2 error per channel: [0.00014584 0.0002911  0.0002742  0.00038389]


In [21]:
!pip install torchvision



In [22]:
import os
import sys
import numpy as np
import argparse
import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F
import torch.backends.cudnn as cudnn

#import torchvision
#import torchvision.transforms as transforms
from torch.autograd import Variable

In [23]:
import argparse
import numpy as np
import torch
import torch.nn.functional as F
from torch.utils.data import DataLoader, Dataset

# Local file copied from the original repo – keep the path if needed.
from differential_evolution import differential_evolution  # noqa: E402




# ──────────────────────────────────────────────────────────────────────────────
# Utilities
# ──────────────────────────────────────────────────────────────────────────────

'''def perturb_vector(xs: np.ndarray, base_vec: torch.Tensor) -> torch.Tensor:
    """Apply a batch of perturbations *xs* to *base_vec*.

    Parameters
    ----------
    xs : ndarray, shape (n_pop, 2*k) or (2*k,)
        Genome(s) produced by DE: (idx₀, val₀, …).
    base_vec : Tensor, shape (input_dim,)
        Unperturbed input.

    Returns
    -------
    Tensor, shape (n_pop, input_dim)
        Batch of perturbed inputs ready for the model.
    """
    if xs.ndim == 1:
        xs = np.expand_dims(xs, 0)
    n_pop, genome_len = xs.shape
    k = genome_len // 2

    # Duplicate the base vector n_pop times – stays on CPU for now.
    vecs = base_vec.repeat(n_pop, 1)

    for row, genome in enumerate(xs):
        for j in range(k):
            idx = int(round(genome[2 * j]))  # ensure integer index
            val = genome[2 * j + 1]
            idx_clamped = max(0, min(idx, base_vec.numel() - 1))
            vecs[row, idx_clamped] = val
    return vecs'''
def perturb_vector(xs: np.ndarray, base_vec: torch.Tensor, order: str = "2,100"):
    """
    Apply k-feature perturbations and split the result into [branch1, branch2].

    Parameters
    ----------
    xs : ndarray, shape (pop, 2*k) or (2*k,)
        Genome(s): (idx₀, val₀, idx₁, val₁, ...).
    base_vec : Tensor, shape (102,)
        Original input.
    order : str
        "100,2"  → first 100 elements belong to branch **2**, last 2 to branch **1**.
        "2,100" → opposite.

    Returns
    -------
    list[Tensor] – [branch1, branch2]
        branch1: (pop, 2)   branch2: (pop, 100)
    """
    if xs.ndim == 1:
        xs = xs[None]

    pop, g_len = xs.shape
    k = g_len // 2

    # duplicate base
    vecs = base_vec.repeat(pop, 1)

    # overwrite selected indices
    for r, genome in enumerate(xs):
        for j in range(k):
            idx = int(round(genome[2 * j]))
            idx = max(0, min(idx, 101))
            vecs[r, idx] = genome[2 * j + 1]

    # split into branches
    first_len, second_len = map(int, order.split(","))
    first, second = vecs[:, :first_len], vecs[:, first_len:]

    if first_len == 100:
        branch2, branch1 = first, second
    else:
        branch1, branch2 = first, second

    return [branch1, branch2]


def relative_l2_error(pred: torch.Tensor, target: torch.Tensor) -> torch.Tensor:
    """Compute ‖pred ‑ target‖₂ / ‖target‖₂ along dim=1."""
    diff_norm = torch.norm(pred - target, dim=1)
    tgt_norm = torch.norm(target, dim=1).clamp_min(1e-12)
    return diff_norm / tgt_norm


# ──────────────────────────────────────────────────────────────────────────────
# Attack core
# ──────────────────────────────────────────────────────────────────────────────

def de_objective(xs: np.ndarray, trunk : torch.Tensor ,base_x: torch.Tensor, y_true: torch.Tensor, model: torch.nn.Module,
                 device: torch.device, maximize: bool = True) -> np.ndarray:
    """Vectorised objective for DE.  Returns *negative* error (to minimise)."""
    print(perturb_vector(xs, base_x))
    perturbed = perturb_vector(xs, base_x)
    print(trunk.shape)
    N = perturbed[0].shape[0]
    M = trunk.shape[1]
    trunk_repeated = np.repeat(trunk.unsqueeze(0), N, axis=0)  # shape: (N, M)
    print("trunk_repeated shape:", trunk_repeated.shape)
    branch_data = [b.to(device) for b in perturbed]
    trunk_data = trunk_repeated.to(device)
    with torch.no_grad():
        y_pred = model(branch_data,trunk_data)
    err = relative_l2_error(y_pred, y_true.to(device)).cpu().numpy()  # shape (n_pop,)
    return -err if maximize else err

In [24]:
def attack_single(base_x: torch.Tensor, trunk : torch.Tensor,y_true: torch.Tensor, model: torch.nn.Module,
                  features: int, error_thr: float, val_min: float, val_max: float,
                  maxiter: int, popsize: int, device: torch.device, verbose: bool = False):
    """Run DE attack on a single (x, y) pair.  Returns (success, best_genome)."""
    input_dim = base_x.numel()
    bounds = []
    for _ in range(features):
        bounds.append((0, input_dim - 1))      # index
        bounds.append((val_min, val_max))      # new value

    # Pop‑multiplier like original code (total pop = popsize * n_params)
    popmul = max(1, popsize)

    predict_fn = lambda xs: de_objective(xs, trunk ,base_x, y_true, model, device, True)

    def callback_fn(genome, convergence):
        # Early stop if success achieved
        print(perturb_vector(genome, base_x))
        perturbed = perturb_vector(genome, base_x)
        N = perturbed[0].shape[0]
        M = trunk.shape[1]
        trunk_repeated = np.repeat(trunk.unsqueeze(0), N, axis=0)
        print(trunk.shape)
        print("trunk_repeated shape:", trunk_repeated.shape)
        branch_data = [b.to(device) for b in perturbed]
        trunk_data = trunk_repeated.to(device)
        with torch.no_grad():
            err = relative_l2_error(model(branch_data,trunk_data), y_true.to(device))[0].item()
        if verbose:
            print(f"  Current best error = {err:.3f}")
        return err > error_thr

    # Optional initial population: random indices + gaussian values
    n_params = 2 * features
    inits = np.zeros((popmul * n_params, n_params))
    for row in inits:
        for f in range(features):
            row[2 * f] = np.random.randint(0, input_dim)
            row[2 * f + 1] = np.random.uniform(val_min, val_max)

    result = differential_evolution(
        predict_fn,
        bounds,
        maxiter=maxiter,
        popsize=popmul,
        recombination=1.0,
        atol=-1,
        init=inits,
        polish=False,
        callback=callback_fn,
        disp=False,
    )

    # Evaluate final error
    final_vec = perturb_vector(result.x, base_x).to(device)
    with torch.no_grad():
        final_err = relative_l2_error(model(final_vec,trunk), y_true.to(device))[0].item()
    success = final_err > error_thr
    return success, result.x, final_err

In [25]:
# Create a torch tensor of size 2 and another of size 100
a = torch.randn(2)
b = torch.randn(100)

print(a)
print(b)
# Concatenate them into a single tensor of size 102
c = torch.cat([a, b])
print(c)
print("Concatenated shape:", c.shape)   
# Separate them back into the original shapes
a_recovered = c[:2]
b_recovered = c[2:]

print("Recovered tensors:")
print("a:", a_recovered)
print("b:", b_recovered)
print("a shape:", a_recovered.shape)
print("b shape:", b_recovered.shape)

tensor([ 1.5713, -0.4214])
tensor([ 0.3869,  0.9004,  0.6951, -1.0617,  0.2864,  0.8346, -0.8849,  1.5420,
         0.5585, -0.6927,  0.5367, -1.1838,  0.9509,  1.6882,  1.6623, -1.7703,
        -0.4680,  1.1497,  0.9642, -1.2298,  0.0395,  2.0123, -0.9931, -0.6991,
        -0.7798,  0.2083, -1.5978, -0.7253,  0.2587, -0.0726,  1.5314, -0.8891,
        -0.2905,  0.2100, -1.2550,  1.5394, -2.1318,  0.1422, -1.4931,  1.8170,
        -0.0234,  1.2686, -0.1696, -0.2976, -1.2163, -0.3612,  0.2828, -0.4568,
         1.8696,  0.1908, -0.0823,  0.0506,  0.6102, -1.4699, -1.3367, -1.2521,
         0.5299, -1.1294, -1.6651, -0.6889,  0.8169, -0.0259,  2.3885, -1.8823,
        -1.2936, -0.0295, -1.6279,  0.2301,  1.7445,  0.3030,  0.9177,  0.4754,
        -1.3933,  0.9233,  0.5363,  1.3134,  1.0690,  0.0531,  1.5450, -0.5768,
        -0.7320,  0.7200,  0.1091, -1.1766,  1.5506, -0.6951,  1.7026, -0.1280,
        -1.3611,  0.7334, -0.4984, -1.1574, -0.6038,  0.0389,  0.6593,  2.1453,
        -1.96

In [26]:
torch.manual_seed(0)

<torch._C.Generator at 0x7f7f5fc936b0>

In [27]:
branch_order = (2, 100)   # (len_first, len_second)  (100→branch2 first)
features   = 2         # k — how many components attacker may change
error_thr  = 0.30        # success threshold (relative ℓ₂ error)
val_min    = -1.0        # allowed range for perturbed value
val_max    =  1.0
samples    = 20          # how many dataset rows to attack
maxiter    = 150
popsize    = 400

seed       = 0
device     = "cuda" if torch.cuda.is_available() else "cpu"
verbose    = False

np.random.seed(seed)

device = torch.device(device)

# Load model – works for either full pickled model or state_dict
model_obj = model
model = model_obj if isinstance(model_obj, torch.nn.Module) else None
if model is None:
    raise ValueError("Provide a saved *model object*, not just a state_dict – ease of use.")
model.eval()

# TODO: replace RegressionDataset with your own data loader
#dataset = RegressionDataset(n_samples=args.samples, seed=args.seed)
loader = train_loader

successes = 0
total = 0

for batch in train_loader:
    branch_data, trunk_data, target_data = batch
    b1 = branch_data[0].squeeze(0)
    b2 = branch_data[1].squeeze(0)
    x = torch.cat([b1,b2])  # assuming branch_data is a list of tensors
    trunk_data = trunk_data.squeeze(0)
    y = target_data
    success, genome, err = attack_single(
        x.cpu(),trunk_data.cpu(), y.cpu(),model,
        features=5,
        error_thr=error_thr,
        val_min=val_min,
        val_max=val_max,
        maxiter=maxiter,
        popsize=popsize,
        device=device,
        verbose=verbose,
    )

    total += 1
    successes += int(success)

    status = "✔" if success else "✘"
    print(f"[{i+1:03d}] {status}  final error = {err:.3f}  success‑rate = {successes / total:.3%}")

print(f"\nFinal success rate over {total} samples: {successes / total:.2%}")




[tensor([[0.2700, 0.6351],
        [0.2700, 0.6351],
        [0.2700, 0.6351],
        ...,
        [0.2700, 0.6351],
        [0.2700, 0.6351],
        [0.2700, 0.6351]]), tensor([[-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -1.9972],
        [-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -1.9972],
        [-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -1.9972],
        ...,
        [-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -1.9972],
        [-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -1.9972],
        [-1.9972, -1.8958, -1.7946,  ..., -1.7946, -1.8958, -0.4319]])]
torch.Size([3977, 2])
trunk_repeated shape: torch.Size([4000, 3977, 2])


RuntimeError: The size of tensor a (4) must match the size of tensor b (5) at non-singleton dimension 2

In [None]:
def expand_to_1_n_m(tensor):
    """
    Expand a tensor of shape (N, M) to (1, N, M).
    """
    return tensor.unsqueeze(0)