In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="1"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
from tensorflow.keras.losses import MSE
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:21:00.0, compute capability: 8.6



## Import Dataset

In [2]:
dataset_name = "cifar10"
(ds_train, ds_test), ds_info = tfds.load(
    dataset_name, split=["train", "test"], with_info=True, as_supervised=True
)
NUM_CLASSES = ds_info.features["label"].num_classes

IMG_SIZE = 224
batch_size = 1
size = (IMG_SIZE, IMG_SIZE)
ds_train = ds_train.map(lambda image, label: (tf.image.resize(image, size), label))
ds_test = ds_test.map(lambda image, label: (tf.image.resize(image, size), label))

def input_preprocess(image, label):
    label = tf.one_hot(label, NUM_CLASSES)
    return image, label


ds_train = ds_train.map(
    input_preprocess, num_parallel_calls=tf.data.AUTOTUNE
)
ds_train = ds_train.batch(batch_size=batch_size, drop_remainder=True)
ds_train = ds_train.prefetch(tf.data.AUTOTUNE)

ds_test = ds_test.map(input_preprocess)
ds_test = ds_test.batch(batch_size=batch_size, drop_remainder=True)

## Load Model

In [3]:
model = load_model('/home/nesl/209as_sec/cifar10/Large Models/EfficientNetB0/enet_b0_cifar10.h5')
model.summary()

Model: "model"
__________________________________________________________________________________________________
Layer (type)                    Output Shape         Param #     Connected to                     
input_1 (InputLayer)            [(None, 224, 224, 3) 0                                            
__________________________________________________________________________________________________
rescaling (Rescaling)           (None, 224, 224, 3)  0           input_1[0][0]                    
__________________________________________________________________________________________________
normalization (Normalization)   (None, 224, 224, 3)  7           rescaling[0][0]                  
__________________________________________________________________________________________________
stem_conv_pad (ZeroPadding2D)   (None, 225, 225, 3)  0           normalization[0][0]              
______________________________________________________________________________________________

## Attack

In [4]:
def pgd_attack(model,iterations, image, label, alpha, eps):
    gen_img = tf.identity(image)
    gen_img = gen_img + tf.random.uniform(gen_img.get_shape().as_list(), minval=-eps, 
                                          maxval=eps, dtype=tf.dtypes.float32)
    x_temp = image
    for iter in range(iterations):
        imgv = tf.Variable(gen_img)
        with tf.GradientTape() as tape:
            tape.watch(imgv)
            predictions = model(imgv)
            loss = tf.keras.losses.CategoricalCrossentropy()(label, predictions)
            grads = tape.gradient(loss,imgv)
        signed_grads = tf.sign(grads)
        gen_img = gen_img + (alpha*signed_grads)
        gen_img = tf.clip_by_value(gen_img, image-eps, image+eps)
    return gen_img

In [5]:
eps = [0.1,0.3,0.5,0.7,0.9,1.0,2.0]
iterations = 5
alpha = [0.1,0.3,0.5,0.7,0.9,1.0]
take_size = 1000
accu_num = []
eps_list = []
alpha_list = []

for al in alpha:
    for item in eps:
        countadv = 0
        for image, label in tqdm(ds_test.take(take_size)):
            imageLabel = np.array(label).argmax()
            imagePred = model.predict(image)
            imagePred = imagePred.argmax()
            adversary = pgd_attack(model,iterations,image, label, alpha=al, eps=item)
            pred = model.predict(adversary)
            adversaryPred = pred[0].argmax()
            if imagePred == adversaryPred:
                countadv += 1
            
        print("Adversarial accuracy : ", countadv / take_size)
        accu_num.append(countadv / take_size)
        eps_list.append(item)
        alpha_list.append(al)

100%|███████████████████████████████████████| 1000/1000 [09:42<00:00,  1.72it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [10:06<00:00,  1.65it/s]


Adversarial accuracy :  0.718


100%|███████████████████████████████████████| 1000/1000 [10:21<00:00,  1.61it/s]


Adversarial accuracy :  0.605


100%|███████████████████████████████████████| 1000/1000 [10:24<00:00,  1.60it/s]


Adversarial accuracy :  0.55


100%|███████████████████████████████████████| 1000/1000 [10:21<00:00,  1.61it/s]


Adversarial accuracy :  0.507


100%|███████████████████████████████████████| 1000/1000 [09:57<00:00,  1.67it/s]


Adversarial accuracy :  0.49


100%|███████████████████████████████████████| 1000/1000 [09:55<00:00,  1.68it/s]


Adversarial accuracy :  0.353


100%|███████████████████████████████████████| 1000/1000 [09:55<00:00,  1.68it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [09:57<00:00,  1.67it/s]


Adversarial accuracy :  0.692


100%|███████████████████████████████████████| 1000/1000 [09:55<00:00,  1.68it/s]


Adversarial accuracy :  0.398


100%|███████████████████████████████████████| 1000/1000 [09:48<00:00,  1.70it/s]


Adversarial accuracy :  0.2


100%|███████████████████████████████████████| 1000/1000 [09:40<00:00,  1.72it/s]


Adversarial accuracy :  0.124


100%|███████████████████████████████████████| 1000/1000 [09:39<00:00,  1.73it/s]


Adversarial accuracy :  0.111


100%|███████████████████████████████████████| 1000/1000 [09:45<00:00,  1.71it/s]


Adversarial accuracy :  0.07


100%|███████████████████████████████████████| 1000/1000 [09:44<00:00,  1.71it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [09:41<00:00,  1.72it/s]


Adversarial accuracy :  0.697


100%|███████████████████████████████████████| 1000/1000 [09:43<00:00,  1.71it/s]


Adversarial accuracy :  0.387


100%|███████████████████████████████████████| 1000/1000 [09:43<00:00,  1.71it/s]


Adversarial accuracy :  0.165


100%|███████████████████████████████████████| 1000/1000 [09:42<00:00,  1.72it/s]


Adversarial accuracy :  0.102


100%|███████████████████████████████████████| 1000/1000 [09:37<00:00,  1.73it/s]


Adversarial accuracy :  0.083


100%|███████████████████████████████████████| 1000/1000 [09:39<00:00,  1.73it/s]


Adversarial accuracy :  0.058


100%|███████████████████████████████████████| 1000/1000 [09:22<00:00,  1.78it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [09:18<00:00,  1.79it/s]


Adversarial accuracy :  0.711


100%|███████████████████████████████████████| 1000/1000 [09:09<00:00,  1.82it/s]


Adversarial accuracy :  0.411


100%|███████████████████████████████████████| 1000/1000 [09:17<00:00,  1.79it/s]


Adversarial accuracy :  0.167


100%|███████████████████████████████████████| 1000/1000 [09:15<00:00,  1.80it/s]


Adversarial accuracy :  0.096


100%|███████████████████████████████████████| 1000/1000 [09:15<00:00,  1.80it/s]


Adversarial accuracy :  0.081


100%|███████████████████████████████████████| 1000/1000 [09:14<00:00,  1.80it/s]


Adversarial accuracy :  0.055


100%|███████████████████████████████████████| 1000/1000 [09:13<00:00,  1.81it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [09:17<00:00,  1.79it/s]


Adversarial accuracy :  0.709


100%|███████████████████████████████████████| 1000/1000 [09:14<00:00,  1.80it/s]


Adversarial accuracy :  0.456


100%|███████████████████████████████████████| 1000/1000 [09:22<00:00,  1.78it/s]


Adversarial accuracy :  0.191


100%|███████████████████████████████████████| 1000/1000 [09:16<00:00,  1.80it/s]


Adversarial accuracy :  0.104


100%|███████████████████████████████████████| 1000/1000 [09:18<00:00,  1.79it/s]


Adversarial accuracy :  0.09


100%|███████████████████████████████████████| 1000/1000 [09:14<00:00,  1.80it/s]


Adversarial accuracy :  0.056


100%|███████████████████████████████████████| 1000/1000 [09:12<00:00,  1.81it/s]


Adversarial accuracy :  0.934


100%|███████████████████████████████████████| 1000/1000 [09:14<00:00,  1.80it/s]


Adversarial accuracy :  0.71


100%|███████████████████████████████████████| 1000/1000 [09:16<00:00,  1.80it/s]


Adversarial accuracy :  0.479


100%|███████████████████████████████████████| 1000/1000 [09:12<00:00,  1.81it/s]


Adversarial accuracy :  0.207


100%|███████████████████████████████████████| 1000/1000 [09:14<00:00,  1.80it/s]


Adversarial accuracy :  0.106


100%|███████████████████████████████████████| 1000/1000 [09:15<00:00,  1.80it/s]


Adversarial accuracy :  0.093


100%|███████████████████████████████████████| 1000/1000 [09:10<00:00,  1.82it/s]

Adversarial accuracy :  0.056





In [6]:
accu_num

[0.934,
 0.718,
 0.605,
 0.55,
 0.507,
 0.49,
 0.353,
 0.934,
 0.692,
 0.398,
 0.2,
 0.124,
 0.111,
 0.07,
 0.934,
 0.697,
 0.387,
 0.165,
 0.102,
 0.083,
 0.058,
 0.934,
 0.711,
 0.411,
 0.167,
 0.096,
 0.081,
 0.055,
 0.934,
 0.709,
 0.456,
 0.191,
 0.104,
 0.09,
 0.056,
 0.934,
 0.71,
 0.479,
 0.207,
 0.106,
 0.093,
 0.056]

In [7]:
eps_list

[0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0]

In [8]:
alpha_list

[0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0]