In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="0"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
from tensorflow.keras.losses import MSE
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:01:00.0, compute capability: 8.6



## Import Dataset

In [2]:
dataset_name = "cifar10"
(ds_train, ds_test), ds_info = tfds.load(
    dataset_name, split=["train", "test"], with_info=True, as_supervised=True
)
NUM_CLASSES = ds_info.features["label"].num_classes

IMG_SIZE = 176
batch_size = 1
size = (IMG_SIZE, IMG_SIZE)
ds_train = ds_train.map(lambda image, label: (tf.image.resize(image, size), label))
ds_test = ds_test.map(lambda image, label: (tf.image.resize(image, size), label))

def input_preprocess(image, label):
    label = tf.one_hot(label, NUM_CLASSES)
    return image, label


ds_train = ds_train.map(
    input_preprocess, num_parallel_calls=tf.data.AUTOTUNE
)
ds_train = ds_train.batch(batch_size=batch_size, drop_remainder=True)
ds_train = ds_train.prefetch(tf.data.AUTOTUNE)

ds_test = ds_test.map(input_preprocess)
ds_test = ds_test.batch(batch_size=batch_size, drop_remainder=True)

## Load Model

In [3]:
model = load_model('./TinyML Models/mcunet/mcunet_320_1.h5')
model.summary()

Model: "model_1"
__________________________________________________________________________________________________
Layer (type)                    Output Shape         Param #     Connected to                     
input_0 (InputLayer)            [(None, 176, 176, 3) 0                                            
__________________________________________________________________________________________________
485_pad (ZeroPadding2D)         (None, 178, 178, 3)  0           input_0[0][0]                    
__________________________________________________________________________________________________
485 (Conv2D)                    (None, 88, 88, 16)   448         485_pad[0][0]                    
__________________________________________________________________________________________________
329 (ReLU)                      (None, 88, 88, 16)   0           485[0][0]                        
____________________________________________________________________________________________

## Attack

In [4]:
def fgsm_attack(model, image, label, eps):
    image = tf.cast(image, tf.float32)
    with tf.GradientTape() as tape:
        tape.watch(image)
        pred = model(image)
        loss = MSE(label, pred)
        gradient = tape.gradient(loss, image)
        signedGrad = tf.sign(gradient)
        adversary = (image + (signedGrad * eps)).numpy()
        return adversary

In [5]:
eps = [0.05,0.1,0.2,0.3,0.4,0.5,0.6,0.7,0.8,0.9,1.0,1.5,2.0,5.0,10.0,15.0,20.0,30.0,40.0,50.0]
accu_num = []
for item in eps:
    countadv = 0
    for image, label in tqdm(ds_test):
        imageLabel = np.array(label).argmax()
        imagePred = model.predict(image)
        imagePred = imagePred.argmax()
        adversary = fgsm_attack(model,image, label, eps=item)
        pred = model.predict(adversary)
        adversaryPred = pred[0].argmax()
        if imagePred == adversaryPred:
            countadv += 1

    print("Adversarial accuracy : ", countadv / len(ds_test))
    accu_num.append(countadv / len(ds_test))

100%|█████████████████████████████████████| 10000/10000 [14:36<00:00, 11.40it/s]


Adversarial accuracy :  0.3963


100%|█████████████████████████████████████| 10000/10000 [14:26<00:00, 11.54it/s]


Adversarial accuracy :  0.2941


100%|█████████████████████████████████████| 10000/10000 [14:31<00:00, 11.48it/s]


Adversarial accuracy :  0.2897


100%|█████████████████████████████████████| 10000/10000 [14:29<00:00, 11.50it/s]


Adversarial accuracy :  0.3329


100%|█████████████████████████████████████| 10000/10000 [14:32<00:00, 11.46it/s]


Adversarial accuracy :  0.3769


100%|█████████████████████████████████████| 10000/10000 [14:35<00:00, 11.42it/s]


Adversarial accuracy :  0.4153


100%|█████████████████████████████████████| 10000/10000 [14:34<00:00, 11.44it/s]


Adversarial accuracy :  0.4491


100%|█████████████████████████████████████| 10000/10000 [14:39<00:00, 11.37it/s]


Adversarial accuracy :  0.4742


100%|█████████████████████████████████████| 10000/10000 [14:36<00:00, 11.41it/s]


Adversarial accuracy :  0.4922


100%|█████████████████████████████████████| 10000/10000 [14:34<00:00, 11.44it/s]


Adversarial accuracy :  0.5046


100%|█████████████████████████████████████| 10000/10000 [14:35<00:00, 11.42it/s]


Adversarial accuracy :  0.5141


100%|█████████████████████████████████████| 10000/10000 [14:30<00:00, 11.49it/s]


Adversarial accuracy :  0.5197


100%|█████████████████████████████████████| 10000/10000 [14:11<00:00, 11.74it/s]


Adversarial accuracy :  0.5019


100%|█████████████████████████████████████| 10000/10000 [14:07<00:00, 11.80it/s]


Adversarial accuracy :  0.3752


100%|█████████████████████████████████████| 10000/10000 [14:05<00:00, 11.83it/s]


Adversarial accuracy :  0.28


100%|█████████████████████████████████████| 10000/10000 [14:09<00:00, 11.77it/s]


Adversarial accuracy :  0.2346


100%|█████████████████████████████████████| 10000/10000 [14:09<00:00, 11.77it/s]


Adversarial accuracy :  0.2105


100%|█████████████████████████████████████| 10000/10000 [14:09<00:00, 11.77it/s]


Adversarial accuracy :  0.186


100%|█████████████████████████████████████| 10000/10000 [13:59<00:00, 11.91it/s]


Adversarial accuracy :  0.1761


100%|█████████████████████████████████████| 10000/10000 [13:51<00:00, 12.03it/s]

Adversarial accuracy :  0.1693





In [6]:
accu_num

[0.3963,
 0.2941,
 0.2897,
 0.3329,
 0.3769,
 0.4153,
 0.4491,
 0.4742,
 0.4922,
 0.5046,
 0.5141,
 0.5197,
 0.5019,
 0.3752,
 0.28,
 0.2346,
 0.2105,
 0.186,
 0.1761,
 0.1693]