In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="1"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
from tensorflow.keras.utils import get_custom_objects
from tensorflow.keras.backend import sigmoid
from tensorflow.keras.models import Model
from tensorflow.keras.optimizers import Adam
from tensorflow.keras.callbacks import ModelCheckpoint, ReduceLROnPlateau
from tensorflow.keras.models import Sequential
from tensorflow.keras import layers
from tensorflow.keras.losses import MSE
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
import tensorflow_hub as hub

import get_dataset as kws_data
import kws_util
import argparse
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:21:00.0, compute capability: 8.6



In [2]:
Flags, unparsed = kws_util.parse_command()
Flags.window_size_ms=40.0
Flags.window_stride_ms=20.0
Flags.batch_size = 1
Flags.data_dir = '/home/nesl/209as_sec/audio_ks/data'
print('We will download data to {:}'.format(Flags.data_dir))
ds_train, ds_test, ds_val = kws_data.get_training_data(Flags)
print("Done getting data")
train_shuffle_buffer_size = 85511
val_shuffle_buffer_size = 10102
test_shuffle_buffer_size = 4890

ds_train = ds_train.shuffle(train_shuffle_buffer_size)
ds_val = ds_val.shuffle(val_shuffle_buffer_size)
ds_test = ds_test.shuffle(test_shuffle_buffer_size)

ds_train = ds_train.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_val = ds_val.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_test = ds_test.map(lambda x, y: (x, tf.one_hot(y, depth=12)))

We will download data to /home/nesl/209as_sec/audio_ks/data
Done getting data


In [3]:
model = load_model('/home/nesl/209as_sec/audio_ks/Big Models/GRU/gru_large.h5')
model.summary()

Model: "model"
_________________________________________________________________
Layer (type)                 Output Shape              Param #   
input_1 (InputLayer)         [(None, 49, 10, 1)]       0         
_________________________________________________________________
reshape (Reshape)            (None, 49, 10)            0         
_________________________________________________________________
gru (GRU)                    (None, 400)               494400    
_________________________________________________________________
pred (Dense)                 (None, 12)                4812      
Total params: 499,212
Trainable params: 499,212
Non-trainable params: 0
_________________________________________________________________


In [4]:
def fgsm_attack(model, image, label, eps):
    image = tf.cast(image, tf.float32)
    with tf.GradientTape() as tape:
        tape.watch(image)
        pred = model(image)
        loss = MSE(label, pred)
        gradient = tape.gradient(loss, image)
        signedGrad = tf.sign(gradient)
        adversary = (image + (signedGrad * eps)).numpy()
        return adversary

In [5]:
eps = [0.05,0.1,0.2,0.3,0.4,0.5,0.6,0.7,0.8,0.9,1.0,1.5,2.0,5.0,10.0,15.0,20.0,30.0,40.0,50.0]
accu_num = []
for item in eps:
    countadv = 0
    for audio, label in tqdm(ds_test):
        audioLabel = np.array(label).argmax()
        audioPred = model.predict(audio)
        audioPred = audioPred.argmax()
        adversary = fgsm_attack(model,audio, label, eps=item)
        pred = model.predict(adversary)
        adversaryPred = pred[0].argmax()
        if audioPred == adversaryPred:
            countadv += 1

    print("Adversarial accuracy : ", countadv / len(ds_test))
    accu_num.append(countadv / len(ds_test))

100%|███████████████████████████████████████| 4890/4890 [04:38<00:00, 17.57it/s]


Adversarial accuracy :  0.9558282208588957


100%|███████████████████████████████████████| 4890/4890 [04:39<00:00, 17.47it/s]


Adversarial accuracy :  0.8885480572597138


100%|███████████████████████████████████████| 4890/4890 [04:44<00:00, 17.21it/s]


Adversarial accuracy :  0.7366053169734151


100%|███████████████████████████████████████| 4890/4890 [04:56<00:00, 16.51it/s]


Adversarial accuracy :  0.5973415132924336


100%|███████████████████████████████████████| 4890/4890 [05:45<00:00, 14.16it/s]


Adversarial accuracy :  0.4775051124744376


100%|███████████████████████████████████████| 4890/4890 [05:46<00:00, 14.13it/s]


Adversarial accuracy :  0.38404907975460123


100%|███████████████████████████████████████| 4890/4890 [05:48<00:00, 14.02it/s]


Adversarial accuracy :  0.3083844580777096


100%|███████████████████████████████████████| 4890/4890 [05:50<00:00, 13.96it/s]


Adversarial accuracy :  0.2560327198364008


100%|███████████████████████████████████████| 4890/4890 [05:52<00:00, 13.86it/s]


Adversarial accuracy :  0.21574642126789367


100%|███████████████████████████████████████| 4890/4890 [05:55<00:00, 13.75it/s]


Adversarial accuracy :  0.18916155419222905


100%|███████████████████████████████████████| 4890/4890 [05:54<00:00, 13.81it/s]


Adversarial accuracy :  0.16646216768916156


100%|███████████████████████████████████████| 4890/4890 [05:58<00:00, 13.64it/s]


Adversarial accuracy :  0.12269938650306748


100%|███████████████████████████████████████| 4890/4890 [05:59<00:00, 13.59it/s]


Adversarial accuracy :  0.10858895705521472


100%|███████████████████████████████████████| 4890/4890 [06:00<00:00, 13.57it/s]


Adversarial accuracy :  0.10552147239263804


100%|███████████████████████████████████████| 4890/4890 [06:01<00:00, 13.53it/s]


Adversarial accuracy :  0.10368098159509202


100%|███████████████████████████████████████| 4890/4890 [06:03<00:00, 13.45it/s]


Adversarial accuracy :  0.09427402862985686


100%|███████████████████████████████████████| 4890/4890 [06:03<00:00, 13.43it/s]


Adversarial accuracy :  0.08732106339468303


100%|███████████████████████████████████████| 4890/4890 [06:03<00:00, 13.45it/s]


Adversarial accuracy :  0.08098159509202454


100%|███████████████████████████████████████| 4890/4890 [06:00<00:00, 13.56it/s]


Adversarial accuracy :  0.07832310838445808


100%|███████████████████████████████████████| 4890/4890 [05:58<00:00, 13.66it/s]

Adversarial accuracy :  0.07791411042944785





In [6]:
accu_num

[0.9558282208588957,
 0.8885480572597138,
 0.7366053169734151,
 0.5973415132924336,
 0.4775051124744376,
 0.38404907975460123,
 0.3083844580777096,
 0.2560327198364008,
 0.21574642126789367,
 0.18916155419222905,
 0.16646216768916156,
 0.12269938650306748,
 0.10858895705521472,
 0.10552147239263804,
 0.10368098159509202,
 0.09427402862985686,
 0.08732106339468303,
 0.08098159509202454,
 0.07832310838445808,
 0.07791411042944785]