In [6]:
import os
import sys
import time
import pickle

%load_ext autoreload
%autoreload 1
%aimport DkNN,AISE,utils.utils

from collections import Counter

import matplotlib.pyplot   as plt
import numpy as np
from sklearn.neighbors import NearestNeighbors,KNeighborsClassifier

import torch
import torch.nn            as nn
import torch.nn.functional as F
import torch.optim         as optim
from torch.utils.data.dataset import random_split
from torchvision              import datasets 
from torchvision              import transforms

from DkNN import CKNN
import utilities
from mnist_model import CNN
from attack import PGD
from AISE import *

device = torch.device('cuda')
config = utilities.config_to_namedtuple(utilities.get_config('config_mnist.json'))

mnist_trainset = datasets.MNIST(root='./datasets', train=True, download=False, transform = transforms.Compose([
    transforms.ToTensor(),
    transforms.Normalize((0.,), (1,))
]))
mnist_testset = datasets.MNIST(root='./datasets', train=False, download=False, transform = transforms.Compose([
    transforms.ToTensor(),
    transforms.Normalize((0.,), (1,))
]))

train_loader = torch.utils.data.DataLoader(mnist_trainset,
    shuffle = True,
    batch_size = 64
)


test_loader = torch.utils.data.DataLoader(mnist_testset,
    shuffle = False,
    batch_size = 64
)

filename = 'models/mnistmodel.pt'
model = CNN().to(device)

if os.path.isfile(filename):
    print("=> loading checkpoint '{}'".format(filename))
    checkpoint = torch.load(filename,map_location=device)
    model.load_state_dict(checkpoint['state_dict'])
    print("=> loaded checkpoint '{}' (epoch {})"
              .format(filename, checkpoint['epoch']))
else:
    print("=> no checkpoint found at '{}'".format(filename))

The autoreload extension is already loaded. To reload it, use:
  %reload_ext autoreload
=> loading checkpoint 'models/mnistmodel.pt'
=> loaded checkpoint 'models/mnistmodel.pt' (epoch 55)


In [2]:
def feature_space(net, n_layers, inputs, labels, device, batch_size=128):

    conv_features = [[] for _ in range(n_layers)]
    targets       = []
    predictions   = []
    print('\tRunning predictions')
    net.eval()
    for ind in range(0,inputs.size(0),batch_size):
        X,y = inputs[ind:ind+batch_size],labels[ind:ind+batch_size]
        *out_convs, out = net(X.to(device))
        y_pred = torch.max(out,1)[1]
        for i, out_conv in enumerate(out_convs):
            conv_feat = out_conv.view(out_conv.size(0), -1).detach().cpu()
            conv_features[i].append(conv_feat)
        targets.append(y.numpy())
        predictions.append(y_pred.detach().cpu().numpy())
    print('\tConcatenating results')
    conv_features = [torch.cat(out_convs) for out_convs in conv_features]
    targets       = np.concatenate(targets)
    predictions   = np.concatenate(predictions)

    return conv_features, targets, predictions

model.eval()

CNN(
  (conv1): Conv2d(1, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
  (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
  (conv3): Conv2d(64, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
  (conv4): Conv2d(128, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
  (fc1): Linear(in_features=6272, out_features=256, bias=True)
  (fc2): Linear(in_features=256, out_features=256, bias=True)
  (fc3): Linear(in_features=256, out_features=10, bias=True)
)

In [3]:
np.random.seed(1234)
ind_full = np.arange(60000)
np.random.shuffle(ind_full)
ind_partial = ind_full[:1000]
X_train_partial = mnist_trainset.data[ind_partial].unsqueeze(1)/255.
y_train_partial = mnist_trainset.targets[ind_partial]
ind_eval = ind_full[1000:1100]
X_eval = mnist_trainset.data[ind_eval].unsqueeze(1)/255.
y_eval = mnist_trainset.targets[ind_eval]

In [4]:
X_adv = PGD(eps=40/255.,sigma=20/255.,nb_iter=20,DEVICE=device).attack_batch(model,X_eval.to(device),y_eval.to(device),batch_size=64)
*_,out = model(X_adv)
y_pred_adv = torch.max(out,1)[1]
print('The accuracy of plain cnn under PGD attacks is: {:f}'.format((y_eval.numpy()==y_pred_adv.detach().cpu().numpy()).mean())) 

The accuracy of plain cnn under PGD attacks is: 0.250000


In [13]:
from utils.utils import *
import itertools

In [16]:
aise = AISE(X_train_partial,y_train_partial,n_neighbors=100,n_class=0,model=model)
# grid search
param_dict = {
# 'mut_range':[.15,.3,.4],
'mut_range':list(zip(itertools.repeat(.1),[.15,.3,.4])),
'mut_prob':list(zip(itertools.repeat(.1),[.15,.3,.4])),
'combine_prob':[.3,.5,.7],
# 'layer_dims':[[],[0,],[1,]],
'max_generation':[10,20,30]
}
gs = GridSearch(aise,param_dict)

Building one single query object 1000 samples...done!
4 hyper-parameters found!
81 combinations to be searched


In [25]:
result_dict = gs.run(X_adv.cpu(),y_eval.numpy())

#1: mut_range=(0.1, 0.15),mut_prob=(0.1, 0.15),combine_prob=0.3,max_generation=10
Clonal expansion starts...
Searching 100 naive B cells for each of 100 antigens...done!
Affinity maturation process starts with population of 1000...
Memory & plasma B cells generated!
5000 plasma B cells and 20000 memory generated!
acc: 0.8
Total running time is 52.942774295806885

#2: mut_range=(0.1, 0.15),mut_prob=(0.1, 0.15),combine_prob=0.3,max_generation=20
Clonal expansion starts...
Searching 100 naive B cells for each of 100 antigens...done!
Affinity maturation process starts with population of 1000...
Memory & plasma B cells generated!
5000 plasma B cells and 20000 memory generated!
acc: 0.75
Total running time is 94.59124040603638

#3: mut_range=(0.1, 0.15),mut_prob=(0.1, 0.15),combine_prob=0.3,max_generation=30
Clonal expansion starts...
Searching 100 naive B cells for each of 100 antigens...done!
Affinity maturation process starts with population of 1000...
Memory & plasma B cells generated!
5

KeyboardInterrupt: 