In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="0"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
from tensorflow.keras.losses import MSE
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:01:00.0, compute capability: 8.6



## Import Dataset

In [2]:
dataset_name = "cifar10"
(ds_train, ds_test), ds_info = tfds.load(
    dataset_name, split=["train", "test"], with_info=True, as_supervised=True
)
NUM_CLASSES = ds_info.features["label"].num_classes

IMG_SIZE = 224
batch_size = 1
size = (IMG_SIZE, IMG_SIZE)
ds_train = ds_train.map(lambda image, label: (tf.image.resize(image, size), label))
ds_test = ds_test.map(lambda image, label: (tf.image.resize(image, size), label))

def input_preprocess(image, label):
    label = tf.one_hot(label, NUM_CLASSES)
    return image, label


ds_train = ds_train.map(
    input_preprocess, num_parallel_calls=tf.data.AUTOTUNE
)
ds_train = ds_train.batch(batch_size=batch_size, drop_remainder=True)
ds_train = ds_train.prefetch(tf.data.AUTOTUNE)

ds_test = ds_test.map(input_preprocess)
ds_test = ds_test.batch(batch_size=batch_size, drop_remainder=True)

## Load Model

In [3]:
model = load_model('./Large Models/EfficientNetV2B0/enetv2b0')
model.summary()





Model: "sequential"
_________________________________________________________________
Layer (type)                 Output Shape              Param #   
keras_layer (KerasLayer)     (None, 1280)              5919312   
_________________________________________________________________
dropout (Dropout)            (None, 1280)              0         
_________________________________________________________________
dense (Dense)                (None, 10)                12810     
Total params: 5,932,122
Trainable params: 5,871,514
Non-trainable params: 60,608
_________________________________________________________________


## Attack

In [4]:
def fgsm_attack(model, image, label, eps):
    image = tf.cast(image, tf.float32)
    with tf.GradientTape() as tape:
        tape.watch(image)
        pred = model(image)
        loss = MSE(label, pred)
        gradient = tape.gradient(loss, image)
        signedGrad = tf.sign(gradient)
        adversary = (image + (signedGrad * eps)).numpy()
        return adversary

In [5]:
eps = [0.05,0.1,0.2,0.3,0.4,0.5,0.6,0.7,0.8,0.9,1.0,1.5,2.0,5.0,10.0,15.0,20.0,30.0,40.0,50.0]
accu_num = []
for item in eps:
    countadv = 0
    for image, label in tqdm(ds_test):
        imageLabel = np.array(label).argmax()
        imagePred = model.predict(image)
        imagePred = imagePred.argmax()
        adversary = fgsm_attack(model,image, label, eps=item)
        pred = model.predict(adversary)
        adversaryPred = pred[0].argmax()
        if imagePred == adversaryPred:
            countadv += 1

    print("Adversarial accuracy : ", countadv / len(ds_test))
    accu_num.append(countadv / len(ds_test))

100%|█████████████████████████████████████| 10000/10000 [18:58<00:00,  8.78it/s]


Adversarial accuracy :  0.8561


100%|█████████████████████████████████████| 10000/10000 [18:55<00:00,  8.81it/s]


Adversarial accuracy :  0.7831


100%|█████████████████████████████████████| 10000/10000 [19:00<00:00,  8.77it/s]


Adversarial accuracy :  0.7197


100%|█████████████████████████████████████| 10000/10000 [18:54<00:00,  8.81it/s]


Adversarial accuracy :  0.693


100%|█████████████████████████████████████| 10000/10000 [18:57<00:00,  8.79it/s]


Adversarial accuracy :  0.6776


100%|█████████████████████████████████████| 10000/10000 [18:54<00:00,  8.82it/s]


Adversarial accuracy :  0.671


100%|█████████████████████████████████████| 10000/10000 [18:55<00:00,  8.80it/s]


Adversarial accuracy :  0.6657


100%|█████████████████████████████████████| 10000/10000 [18:57<00:00,  8.79it/s]


Adversarial accuracy :  0.6632


100%|█████████████████████████████████████| 10000/10000 [18:53<00:00,  8.82it/s]


Adversarial accuracy :  0.6615


100%|█████████████████████████████████████| 10000/10000 [18:50<00:00,  8.85it/s]


Adversarial accuracy :  0.6616


100%|█████████████████████████████████████| 10000/10000 [18:48<00:00,  8.86it/s]


Adversarial accuracy :  0.6611


100%|█████████████████████████████████████| 10000/10000 [19:13<00:00,  8.67it/s]


Adversarial accuracy :  0.6625


100%|█████████████████████████████████████| 10000/10000 [19:17<00:00,  8.64it/s]


Adversarial accuracy :  0.6624


100%|█████████████████████████████████████| 10000/10000 [19:17<00:00,  8.64it/s]


Adversarial accuracy :  0.5464


100%|█████████████████████████████████████| 10000/10000 [19:14<00:00,  8.66it/s]


Adversarial accuracy :  0.2812


100%|█████████████████████████████████████| 10000/10000 [19:20<00:00,  8.62it/s]


Adversarial accuracy :  0.1633


100%|█████████████████████████████████████| 10000/10000 [19:20<00:00,  8.62it/s]


Adversarial accuracy :  0.1285


100%|█████████████████████████████████████| 10000/10000 [19:20<00:00,  8.61it/s]


Adversarial accuracy :  0.1149


100%|█████████████████████████████████████| 10000/10000 [19:19<00:00,  8.63it/s]


Adversarial accuracy :  0.0932


100%|█████████████████████████████████████| 10000/10000 [19:17<00:00,  8.64it/s]

Adversarial accuracy :  0.0888





In [6]:
accu_num

[0.8561,
 0.7831,
 0.7197,
 0.693,
 0.6776,
 0.671,
 0.6657,
 0.6632,
 0.6615,
 0.6616,
 0.6611,
 0.6625,
 0.6624,
 0.5464,
 0.2812,
 0.1633,
 0.1285,
 0.1149,
 0.0932,
 0.0888]