In [1]:
import os
import warnings
warnings.filterwarnings('ignore')
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID"
os.environ["CUDA_VISIBLE_DEVICES"]="1"
import pandas as pd
import numpy as np
from gtda.time_series import SlidingWindow
import matplotlib.pyplot as plt
import tensorflow as tf
from tensorflow.python.keras.backend import set_session
config = tf.compat.v1.ConfigProto() 
config.gpu_options.allow_growth = True  
config.log_device_placement = True  
sess2 = tf.compat.v1.Session(config=config)
set_session(sess2) 
from tensorflow.keras.utils import get_custom_objects
from tensorflow.keras.backend import sigmoid
from tensorflow.keras.models import Model
from tensorflow.keras.optimizers import Adam
from tensorflow.keras.callbacks import ModelCheckpoint, ReduceLROnPlateau
from tensorflow.keras.models import Sequential
from tensorflow.keras import layers
from tensorflow.keras.losses import MSE
import tensorflow_datasets as tfds
from tensorflow.keras.models import load_model
import tensorflow_hub as hub

import get_dataset as kws_data
import kws_util
import argparse
from tqdm import tqdm

Device mapping:
/job:localhost/replica:0/task:0/device:GPU:0 -> device: 0, name: NVIDIA GeForce RTX 3090, pci bus id: 0000:21:00.0, compute capability: 8.6



In [2]:
Flags, unparsed = kws_util.parse_command()
Flags.window_size_ms=40.0
Flags.window_stride_ms=20.0
Flags.batch_size = 1
Flags.data_dir = '/home/nesl/209as_sec/audio_ks/data'
print('We will download data to {:}'.format(Flags.data_dir))
ds_train, ds_test, ds_val = kws_data.get_training_data(Flags)
print("Done getting data")
train_shuffle_buffer_size = 85511
val_shuffle_buffer_size = 10102
test_shuffle_buffer_size = 4890

ds_train = ds_train.shuffle(train_shuffle_buffer_size)
ds_val = ds_val.shuffle(val_shuffle_buffer_size)
ds_test = ds_test.shuffle(test_shuffle_buffer_size)

ds_train = ds_train.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_val = ds_val.map(lambda x, y: (x, tf.one_hot(y, depth=12)))
ds_test = ds_test.map(lambda x, y: (x, tf.one_hot(y, depth=12)))

We will download data to /home/nesl/209as_sec/audio_ks/data
Done getting data


In [3]:
model = load_model('/home/nesl/209as_sec/audio_ks/Big Models/LSTM/lstm_large.h5')
model.summary()

Model: "model"
_________________________________________________________________
Layer (type)                 Output Shape              Param #   
input_1 (InputLayer)         [(None, 49, 10, 1)]       0         
_________________________________________________________________
reshape (Reshape)            (None, 49, 10)            0         
_________________________________________________________________
lstm (LSTM)                  (None, 500)               1022000   
_________________________________________________________________
pred (Dense)                 (None, 12)                6012      
Total params: 1,028,012
Trainable params: 1,028,012
Non-trainable params: 0
_________________________________________________________________


In [4]:
def pgd_attack(model,iterations, image, label, alpha, eps):
    gen_img = tf.identity(image)
    gen_img = gen_img + tf.random.uniform(gen_img.get_shape().as_list(), minval=-eps, 
                                          maxval=eps, dtype=tf.dtypes.float32)
    x_temp = image
    for iter in range(iterations):
        imgv = tf.Variable(gen_img)
        with tf.GradientTape() as tape:
            tape.watch(imgv)
            predictions = model(imgv)
            loss = tf.keras.losses.CategoricalCrossentropy()(label, predictions)
            grads = tape.gradient(loss,imgv)
        signed_grads = tf.sign(grads)
        gen_img = gen_img + (alpha*signed_grads)
        gen_img = tf.clip_by_value(gen_img, image-eps, image+eps)
    return gen_img

In [5]:
eps = [0.1,0.3,0.5,0.7,0.9,1.0,2.0]
iterations = 5
alpha = [0.1,0.3,0.5,0.7,0.9,1.0]
take_size = 4890
accu_num = []
eps_list = []
alpha_list = []

for al in alpha:
    for item in eps:
        countadv = 0
        for image, label in tqdm(ds_test.take(take_size)):
            imageLabel = np.array(label).argmax()
            imagePred = model.predict(image)
            imagePred = imagePred.argmax()
            adversary = pgd_attack(model,iterations,image, label, alpha=al, eps=item)
            pred = model.predict(adversary)
            adversaryPred = pred[0].argmax()
            if imagePred == adversaryPred:
                countadv += 1
            
        print("Adversarial accuracy : ", countadv / take_size)
        accu_num.append(countadv / take_size)
        eps_list.append(item)
        alpha_list.append(al)

100%|███████████████████████████████████████| 4890/4890 [09:07<00:00,  8.93it/s]


Adversarial accuracy :  0.8805725971370143


100%|███████████████████████████████████████| 4890/4890 [10:04<00:00,  8.08it/s]


Adversarial accuracy :  0.5766871165644172


100%|███████████████████████████████████████| 4890/4890 [10:13<00:00,  7.97it/s]


Adversarial accuracy :  0.47730061349693254


100%|███████████████████████████████████████| 4890/4890 [10:23<00:00,  7.84it/s]


Adversarial accuracy :  0.4372188139059305


100%|███████████████████████████████████████| 4890/4890 [10:28<00:00,  7.79it/s]


Adversarial accuracy :  0.3983640081799591


100%|███████████████████████████████████████| 4890/4890 [10:28<00:00,  7.78it/s]


Adversarial accuracy :  0.38425357873210636


100%|███████████████████████████████████████| 4890/4890 [10:33<00:00,  7.72it/s]


Adversarial accuracy :  0.3016359918200409


100%|███████████████████████████████████████| 4890/4890 [10:38<00:00,  7.66it/s]


Adversarial accuracy :  0.8852760736196319


100%|███████████████████████████████████████| 4890/4890 [10:51<00:00,  7.51it/s]


Adversarial accuracy :  0.5157464212678936


100%|███████████████████████████████████████| 4890/4890 [10:52<00:00,  7.50it/s]


Adversarial accuracy :  0.2640081799591002


100%|███████████████████████████████████████| 4890/4890 [10:54<00:00,  7.47it/s]


Adversarial accuracy :  0.1652351738241309


100%|███████████████████████████████████████| 4890/4890 [10:54<00:00,  7.48it/s]


Adversarial accuracy :  0.1276073619631902


100%|███████████████████████████████████████| 4890/4890 [10:55<00:00,  7.46it/s]


Adversarial accuracy :  0.11554192229038855


100%|███████████████████████████████████████| 4890/4890 [10:51<00:00,  7.51it/s]


Adversarial accuracy :  0.08261758691206544


100%|███████████████████████████████████████| 4890/4890 [10:55<00:00,  7.46it/s]


Adversarial accuracy :  0.8858895705521472


100%|███████████████████████████████████████| 4890/4890 [10:55<00:00,  7.46it/s]


Adversarial accuracy :  0.5511247443762781


100%|███████████████████████████████████████| 4890/4890 [10:39<00:00,  7.64it/s]


Adversarial accuracy :  0.2607361963190184


100%|███████████████████████████████████████| 4890/4890 [10:29<00:00,  7.77it/s]


Adversarial accuracy :  0.1359918200408998


100%|███████████████████████████████████████| 4890/4890 [10:30<00:00,  7.76it/s]


Adversarial accuracy :  0.09795501022494887


100%|███████████████████████████████████████| 4890/4890 [10:30<00:00,  7.76it/s]


Adversarial accuracy :  0.0850715746421268


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.74it/s]


Adversarial accuracy :  0.06196319018404908


100%|███████████████████████████████████████| 4890/4890 [10:27<00:00,  7.79it/s]


Adversarial accuracy :  0.8856850715746422


100%|███████████████████████████████████████| 4890/4890 [10:32<00:00,  7.73it/s]


Adversarial accuracy :  0.5695296523517382


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.75it/s]


Adversarial accuracy :  0.2930470347648262


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.74it/s]


Adversarial accuracy :  0.14314928425357873


100%|███████████████████████████████████████| 4890/4890 [10:30<00:00,  7.75it/s]


Adversarial accuracy :  0.09775051124744376


100%|███████████████████████████████████████| 4890/4890 [10:30<00:00,  7.75it/s]


Adversarial accuracy :  0.08323108384458078


100%|███████████████████████████████████████| 4890/4890 [10:29<00:00,  7.77it/s]


Adversarial accuracy :  0.05991820040899796


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.75it/s]


Adversarial accuracy :  0.8856850715746422


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.74it/s]


Adversarial accuracy :  0.5711656441717792


100%|███████████████████████████████████████| 4890/4890 [10:31<00:00,  7.75it/s]


Adversarial accuracy :  0.32331288343558284


100%|███████████████████████████████████████| 4890/4890 [10:20<00:00,  7.87it/s]


Adversarial accuracy :  0.16155419222903886


100%|███████████████████████████████████████| 4890/4890 [10:19<00:00,  7.89it/s]


Adversarial accuracy :  0.10593047034764826


100%|███████████████████████████████████████| 4890/4890 [10:19<00:00,  7.89it/s]


Adversarial accuracy :  0.08854805725971371


100%|███████████████████████████████████████| 4890/4890 [10:19<00:00,  7.90it/s]


Adversarial accuracy :  0.05766871165644172


100%|███████████████████████████████████████| 4890/4890 [10:20<00:00,  7.88it/s]


Adversarial accuracy :  0.8852760736196319


100%|███████████████████████████████████████| 4890/4890 [10:18<00:00,  7.91it/s]


Adversarial accuracy :  0.5680981595092025


100%|███████████████████████████████████████| 4890/4890 [10:20<00:00,  7.88it/s]


Adversarial accuracy :  0.34478527607361964


100%|███████████████████████████████████████| 4890/4890 [10:16<00:00,  7.93it/s]


Adversarial accuracy :  0.17300613496932515


100%|███████████████████████████████████████| 4890/4890 [10:18<00:00,  7.91it/s]


Adversarial accuracy :  0.10715746421267894


100%|███████████████████████████████████████| 4890/4890 [10:14<00:00,  7.95it/s]


Adversarial accuracy :  0.09325153374233129


100%|███████████████████████████████████████| 4890/4890 [10:01<00:00,  8.13it/s]

Adversarial accuracy :  0.05644171779141104





In [6]:
accu_num

[0.8805725971370143,
 0.5766871165644172,
 0.47730061349693254,
 0.4372188139059305,
 0.3983640081799591,
 0.38425357873210636,
 0.3016359918200409,
 0.8852760736196319,
 0.5157464212678936,
 0.2640081799591002,
 0.1652351738241309,
 0.1276073619631902,
 0.11554192229038855,
 0.08261758691206544,
 0.8858895705521472,
 0.5511247443762781,
 0.2607361963190184,
 0.1359918200408998,
 0.09795501022494887,
 0.0850715746421268,
 0.06196319018404908,
 0.8856850715746422,
 0.5695296523517382,
 0.2930470347648262,
 0.14314928425357873,
 0.09775051124744376,
 0.08323108384458078,
 0.05991820040899796,
 0.8856850715746422,
 0.5711656441717792,
 0.32331288343558284,
 0.16155419222903886,
 0.10593047034764826,
 0.08854805725971371,
 0.05766871165644172,
 0.8852760736196319,
 0.5680981595092025,
 0.34478527607361964,
 0.17300613496932515,
 0.10715746421267894,
 0.09325153374233129,
 0.05644171779141104]

In [7]:
eps_list

[0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0,
 0.1,
 0.3,
 0.5,
 0.7,
 0.9,
 1.0,
 2.0]

In [8]:
alpha_list

[0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.1,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.3,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.5,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.7,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 0.9,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0,
 1.0]