Using Bayesian Deep Learning Approximations to Detect Adversaries in Computer Vision and Reinforcement Learning Tasks
This code repository corresponds to my masters thesis which attempts to detect the presence of adversaries in common AI/ML taks using Bayesian CNNs. Bayesian CNNs are produced based upon the work of Gal and Ghahramani who prove that by incorporating dropout layers, the neural network converges to a deep Gaussian process. Adversaries are created using the Fast Gradient Sign Method (FGSM), with varying values of being tested.
Results are collected by establishing baselines and then crafting adversarial examples and observing the performance decrease. Using a BCNN, we then utilise the ability to extract uncertainty measures and test whether an increase in uncertainty can be used to detect the presence of an adversary.
Full Documentation can be found here.
A baseline in any vision experiment, we test the classifiers performance and resilience to adversaries when classifying digits from the MNIST database.
A more real world challenge would be to test for the presence of pneumonia in an individual based upon a chest x-ray image - data here.
We also train an agent using the DQN of Mnih et. al. to play flappybird, replacing the original CNN with a BCNN. Once trained, we inflict adversarial attacks on the agent while playing flappybird.
Note: This work has only been tested on a Linux (Ubuntu 16.04 LTS) machine, code may not work as required on other operating systems.
- Clone repository
git clone https://github.com/thomaspinder/bayesian_uncertainty
cd bayesian_uncertainty
- Create virtual environment
pip install virtualenv
virtualenv env -p python3
source env/bin/activate
- Install requirements
pip install -r requirements.txt
Takes approximately 15minutes on an Nvidia 1050ti GPU.
python src.experiments 'vision' -m 0
Note, on an Nvidia 1050ti GPU this process took 2.5 days to complete.
python -m src.experiments 'rl'
- Comparing CNNs against Bayesian CNNs in the absence of adversaries
python -m src.experiments 'vision' -m 1
- Calculating uncertainty values as MNIST digits are rotated through 180 degrees
python -m src.experiments 'vision' -m 0
- Test the accuracy of a CNN or BCNN on adversarially perturbed images
python -m src.experiments 'vision' -m 3 -f <EPSILON-VALUE> --model <CNN-OR-BCNN>
replacing <EPSILON-VALUE>
with the value of to be used in FGSM.
Alternatively, you may find it convenient to use the shell command sh fgsm_loop.sh
to test all values of epsilon between 0.01 and 2 for both a CNN and BCNN with one simple command.
- To test the performance of a BCNN on the real world x-ray dataset for unperturbed images and images perturbed by FGSM for values of epsilon between 0.01 and 0.9 run
sh fgsm_xray.sh
Alternatively, to test specific configuration of epsilon run
python -m src.vision.mc_dropout_keras -m 0 -a True -e 0.1
where -m
denotes if monte carlo dropout should be used, 0 indicates no test, 1 for standard cnn and 2 for bcnn based monte carlo dropout.
-a
is a bool operator for if adversaries should be induces
-e
is the value of epsilon to be used in FGSM
-t
is a bool operator denoting if the network should be trained from scratch. Default is false, indicating that weights will be loaded.
Experiments will typically generate one .csv
file per run. When testing multiple parameter configurations this can be cumbersome so the following command will collect results together and merge into a single .csv
.
python -m src.utils.plotting_helpers -f True -d <FOLDER-CONTAINING-RESULTS> -o <FOLDER-TO-SAVE-TO/FILENAME.csv>
An example for the FGSM experiments with varying values of is:
python -m src.utils.plotting_helpers -f True -d 'results/experiment3/cnn' -o 'results/cnn_exp3_all.csv'