In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="1"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
from tensorflow.keras.utils import get_custom_objects
from tensorflow.keras.backend import sigmoid
from tensorflow.keras.models import Model
from tensorflow.keras.optimizers import Adam
from tensorflow.keras.callbacks import ModelCheckpoint, ReduceLROnPlateau
from tensorflow.keras.models import Sequential
from tensorflow.keras import layers
from tensorflow.keras.losses import MSE
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
import tensorflow_hub as hub

import get_dataset as kws_data
import kws_util
import argparse
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:21:00.0, compute capability: 8.6



In [2]:
Flags, unparsed = kws_util.parse_command()
Flags.window_size_ms=40.0
Flags.window_stride_ms=20.0
Flags.batch_size = 1
Flags.data_dir = '/home/nesl/209as_sec/audio_ks/data'
print('We will download data to {:}'.format(Flags.data_dir))
ds_train, ds_test, ds_val = kws_data.get_training_data(Flags)
print("Done getting data")
train_shuffle_buffer_size = 85511
val_shuffle_buffer_size = 10102
test_shuffle_buffer_size = 4890

ds_train = ds_train.shuffle(train_shuffle_buffer_size)
ds_val = ds_val.shuffle(val_shuffle_buffer_size)
ds_test = ds_test.shuffle(test_shuffle_buffer_size)

ds_train = ds_train.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_val = ds_val.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_test = ds_test.map(lambda x, y: (x, tf.one_hot(y, depth=12)))

We will download data to /home/nesl/209as_sec/audio_ks/data
Done getting data


In [3]:
model = load_model('/home/nesl/209as_sec/audio_ks/Big Models/CNN/cnn_large.h5')
model.summary()

Model: "model"
_________________________________________________________________
Layer (type)                 Output Shape              Param #   
input_1 (InputLayer)         [(None, 49, 10, 1)]       0         
_________________________________________________________________
conv2d (Conv2D)              (None, 30, 3, 64)         10304     
_________________________________________________________________
dropout (Dropout)            (None, 30, 3, 64)         0         
_________________________________________________________________
max_pooling2d (MaxPooling2D) (None, 15, 2, 64)         0         
_________________________________________________________________
conv2d_1 (Conv2D)            (None, 6, 1, 64)          81984     
_________________________________________________________________
dropout_1 (Dropout)          (None, 6, 1, 64)          0         
_________________________________________________________________
max_pooling2d_1 (MaxPooling2 (None, 3, 1, 64)          0     

In [4]:
def pgd_attack(model,iterations, image, label, alpha, eps):
    gen_img = tf.identity(image)
    gen_img = gen_img + tf.random.uniform(gen_img.get_shape().as_list(), minval=-eps, 
                                          maxval=eps, dtype=tf.dtypes.float32)
    x_temp = image
    for iter in range(iterations):
        imgv = tf.Variable(gen_img)
        with tf.GradientTape() as tape:
            tape.watch(imgv)
            predictions = model(imgv)
            loss = tf.keras.losses.CategoricalCrossentropy()(label, predictions)
            grads = tape.gradient(loss,imgv)
        signed_grads = tf.sign(grads)
        gen_img = gen_img + (alpha*signed_grads)
        gen_img = tf.clip_by_value(gen_img, image-eps, image+eps)
    return gen_img

In [5]:
eps = [0.1,0.3,0.5,0.7,0.9,1.0,2.0]
iterations = 5
alpha = [0.1,0.3,0.5,0.7,0.9,1.0]
take_size = 4890
accu_num = []
eps_list = []
alpha_list = []

for al in alpha:
    for item in eps:
        countadv = 0
        for image, label in tqdm(ds_test.take(take_size)):
            imageLabel = np.array(label).argmax()
            imagePred = model.predict(image)
            imagePred = imagePred.argmax()
            adversary = pgd_attack(model,iterations,image, label, alpha=al, eps=item)
            pred = model.predict(adversary)
            adversaryPred = pred[0].argmax()
            if imagePred == adversaryPred:
                countadv += 1
            
        print("Adversarial accuracy : ", countadv / take_size)
        accu_num.append(countadv / take_size)
        eps_list.append(item)
        alpha_list.append(al)

100%|███████████████████████████████████████| 4890/4890 [07:17<00:00, 11.18it/s]


Adversarial accuracy :  0.7797546012269939


100%|███████████████████████████████████████| 4890/4890 [07:42<00:00, 10.57it/s]


Adversarial accuracy :  0.36666666666666664


100%|███████████████████████████████████████| 4890/4890 [07:59<00:00, 10.20it/s]


Adversarial accuracy :  0.26952965235173826


100%|███████████████████████████████████████| 4890/4890 [07:55<00:00, 10.28it/s]


Adversarial accuracy :  0.2425357873210634


100%|███████████████████████████████████████| 4890/4890 [07:56<00:00, 10.26it/s]


Adversarial accuracy :  0.22515337423312884


100%|███████████████████████████████████████| 4890/4890 [07:59<00:00, 10.20it/s]


Adversarial accuracy :  0.220040899795501


100%|███████████████████████████████████████| 4890/4890 [07:57<00:00, 10.24it/s]


Adversarial accuracy :  0.16830265848670756


100%|███████████████████████████████████████| 4890/4890 [07:57<00:00, 10.23it/s]


Adversarial accuracy :  0.7860940695296523


100%|███████████████████████████████████████| 4890/4890 [07:58<00:00, 10.22it/s]


Adversarial accuracy :  0.32842535787321064


100%|███████████████████████████████████████| 4890/4890 [07:58<00:00, 10.22it/s]


Adversarial accuracy :  0.17280163599182005


100%|███████████████████████████████████████| 4890/4890 [08:05<00:00, 10.08it/s]


Adversarial accuracy :  0.14130879345603273


100%|███████████████████████████████████████| 4890/4890 [08:15<00:00,  9.88it/s]


Adversarial accuracy :  0.13169734151329243


100%|███████████████████████████████████████| 4890/4890 [08:12<00:00,  9.93it/s]


Adversarial accuracy :  0.12658486707566463


100%|███████████████████████████████████████| 4890/4890 [08:08<00:00, 10.01it/s]


Adversarial accuracy :  0.10756646216768916


100%|███████████████████████████████████████| 4890/4890 [08:05<00:00, 10.07it/s]


Adversarial accuracy :  0.7830265848670757


100%|███████████████████████████████████████| 4890/4890 [08:09<00:00, 10.00it/s]


Adversarial accuracy :  0.3507157464212679


100%|███████████████████████████████████████| 4890/4890 [08:07<00:00, 10.03it/s]


Adversarial accuracy :  0.17280163599182005


100%|███████████████████████████████████████| 4890/4890 [08:07<00:00, 10.03it/s]


Adversarial accuracy :  0.132719836400818


100%|███████████████████████████████████████| 4890/4890 [08:07<00:00, 10.02it/s]


Adversarial accuracy :  0.12249488752556237


100%|███████████████████████████████████████| 4890/4890 [08:08<00:00, 10.01it/s]


Adversarial accuracy :  0.11574642126789365


100%|███████████████████████████████████████| 4890/4890 [08:10<00:00,  9.96it/s]


Adversarial accuracy :  0.09591002044989776


100%|███████████████████████████████████████| 4890/4890 [08:03<00:00, 10.11it/s]


Adversarial accuracy :  0.7858895705521473


100%|███████████████████████████████████████| 4890/4890 [07:46<00:00, 10.48it/s]


Adversarial accuracy :  0.36257668711656443


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.51it/s]


Adversarial accuracy :  0.18220858895705522


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.49it/s]


Adversarial accuracy :  0.13660531697341513


100%|███████████████████████████████████████| 4890/4890 [07:47<00:00, 10.45it/s]


Adversarial accuracy :  0.1149284253578732


100%|███████████████████████████████████████| 4890/4890 [07:46<00:00, 10.49it/s]


Adversarial accuracy :  0.11104294478527607


100%|███████████████████████████████████████| 4890/4890 [07:42<00:00, 10.57it/s]


Adversarial accuracy :  0.09406952965235174


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.51it/s]


Adversarial accuracy :  0.7860940695296523


100%|███████████████████████████████████████| 4890/4890 [07:44<00:00, 10.53it/s]


Adversarial accuracy :  0.36257668711656443


100%|███████████████████████████████████████| 4890/4890 [07:44<00:00, 10.52it/s]


Adversarial accuracy :  0.19263803680981595


100%|███████████████████████████████████████| 4890/4890 [07:43<00:00, 10.55it/s]


Adversarial accuracy :  0.13865030674846626


100%|███████████████████████████████████████| 4890/4890 [07:44<00:00, 10.53it/s]


Adversarial accuracy :  0.11860940695296524


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.50it/s]


Adversarial accuracy :  0.11022494887525562


100%|███████████████████████████████████████| 4890/4890 [07:43<00:00, 10.56it/s]


Adversarial accuracy :  0.08773006134969324


100%|███████████████████████████████████████| 4890/4890 [07:46<00:00, 10.47it/s]


Adversarial accuracy :  0.7860940695296523


100%|███████████████████████████████████████| 4890/4890 [07:44<00:00, 10.53it/s]


Adversarial accuracy :  0.36257668711656443


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.51it/s]


Adversarial accuracy :  0.20245398773006135


100%|███████████████████████████████████████| 4890/4890 [07:43<00:00, 10.56it/s]


Adversarial accuracy :  0.1390593047034765


100%|███████████████████████████████████████| 4890/4890 [07:43<00:00, 10.55it/s]


Adversarial accuracy :  0.11820040899795502


100%|███████████████████████████████████████| 4890/4890 [07:44<00:00, 10.52it/s]


Adversarial accuracy :  0.1100204498977505


100%|███████████████████████████████████████| 4890/4890 [07:45<00:00, 10.51it/s]

Adversarial accuracy :  0.08650306748466258





In [6]:
accu_num

[0.7797546012269939,
 0.36666666666666664,
 0.26952965235173826,
 0.2425357873210634,
 0.22515337423312884,
 0.220040899795501,
 0.16830265848670756,
 0.7860940695296523,
 0.32842535787321064,
 0.17280163599182005,
 0.14130879345603273,
 0.13169734151329243,
 0.12658486707566463,
 0.10756646216768916,
 0.7830265848670757,
 0.3507157464212679,
 0.17280163599182005,
 0.132719836400818,
 0.12249488752556237,
 0.11574642126789365,
 0.09591002044989776,
 0.7858895705521473,
 0.36257668711656443,
 0.18220858895705522,
 0.13660531697341513,
 0.1149284253578732,
 0.11104294478527607,
 0.09406952965235174,
 0.7860940695296523,
 0.36257668711656443,
 0.19263803680981595,
 0.13865030674846626,
 0.11860940695296524,
 0.11022494887525562,
 0.08773006134969324,
 0.7860940695296523,
 0.36257668711656443,
 0.20245398773006135,
 0.1390593047034765,
 0.11820040899795502,
 0.1100204498977505,
 0.08650306748466258]

In [7]:
eps_list

[0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0]

In [8]:
alpha_list

[0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0]