mindojune
diff --git a/‎cifar10ex.py
+149 b/‎cifar10ex.py
+149
diff --git a/‎fast_gradient_sign_targeted.py
+102 b/‎fast_gradient_sign_targeted.py
+102
diff --git a/‎fast_gradient_sign_untargeted.py
+111 b/‎fast_gradient_sign_untargeted.py
+111
@@ -0,0 +1,149 @@
+"""CIFAR10 example for cnn_finetune.
+Based on:
+- https://github.com/pytorch/tutorials/blob/master/beginner_source/blitz/cifar10_tutorial.py
+- https://github.com/pytorch/examples/blob/master/mnist/main.py
+"""
+
+import argparse
+
+import torch
+import torchvision
+import torchvision.transforms as transforms
+from torch.autograd import Variable
+import torch.nn as nn
+import torch.optim as optim
+
+from cnn_finetune import make_model
+
+
+parser = argparse.ArgumentParser(description='cnn_finetune cifar 10 example')
+parser.add_argument('--batch-size', type=int, default=32, metavar='N',
+                    help='input batch size for training (default: 32)')
+parser.add_argument('--test-batch-size', type=int, default=64, metavar='N',
+                    help='input batch size for testing (default: 64)')
+parser.add_argument('--epochs', type=int, default=100, metavar='N',
+                    help='number of epochs to train (default: 100)')
+parser.add_argument('--lr', type=float, default=0.01, metavar='LR',
+                    help='learning rate (default: 0.01)')
+parser.add_argument('--momentum', type=float, default=0.9, metavar='M',
+                    help='SGD momentum (default: 0.9)')
+parser.add_argument('--no-cuda', action='store_true', default=False,
+                    help='disables CUDA training')
+parser.add_argument('--seed', type=int, default=1, metavar='S',
+                    help='random seed (default: 1)')
+parser.add_argument('--log-interval', type=int, default=100, metavar='N',
+                    help='how many batches to wait before logging training status')
+parser.add_argument('--model-name', type=str, default='resnet50', metavar='M',
+                    help='model name (default: resnet50)')
+parser.add_argument('--dropout-p', type=float, default=0.2, metavar='D',
+                    help='Dropout probability (default: 0.2)')
+
+
+args = parser.parse_args()
+use_cuda = not args.no_cuda and torch.cuda.is_available()
+device = torch.device('cuda' if use_cuda else 'cpu')
+model_name = args.model_name
+
+
+if model_name == 'alexnet':
+    raise ValueError('The input size of the CIFAR-10 data set (32x32) is too small for AlexNet')
+
+classes = (
+    'plane', 'car', 'bird', 'cat', 'deer',
+    'dog', 'frog', 'horse', 'ship', 'truck'
+)
+
+
+model = make_model(
+    model_name,
+    pretrained=False,#True,
+    num_classes=len(classes),
+    dropout_p=args.dropout_p,
+    input_size=(32, 32) if model_name.startswith(('vgg', 'squeezenet')) else None,
+)
+model = model.to(device)
+
+
+transform = transforms.Compose([
+    transforms.ToTensor(),
+    transforms.Normalize(
+        # Need to recompute the mean std with the perturbed dataset
+        mean= torch.tensor([0.4914, 0.4822, 0.4465])
+,#model.original_model_info.mean,
+        std=  torch.tensor([0.2470, 0.2435, 0.2616])),#model.original_model_info.std),
+])
+
+train_set = torchvision.datasets.CIFAR10(
+    root='./data', train=True, download=True, transform=transform
+)
+train_loader = torch.utils.data.DataLoader(
+    train_set, batch_size=args.batch_size, shuffle=True, num_workers=2
+)
+test_set = torchvision.datasets.CIFAR10(
+    root='./data', train=False, download=True, transform=transform
+)
+test_loader = torch.utils.data.DataLoader(
+    test_set, args.test_batch_size, shuffle=False, num_workers=2
+)
+
+criterion = nn.CrossEntropyLoss()
+optimizer = optim.SGD(model.parameters(), lr=args.lr, momentum=args.momentum)
+
+
+def train(epoch):
+    total_loss = 0
+    total_size = 0
+    model.train()
+    for batch_idx, (data, target) in enumerate(train_loader):
+        data, target = data.to(device), target.to(device)
+        optimizer.zero_grad()
+        output = model(data)
+        loss = criterion(output, target)
+        total_loss += loss.item()
+        total_size += data.size(0)
+        loss.backward()
+        optimizer.step()
+        if batch_idx % args.log_interval == 0:
+            print('Train Epoch: {} [{}/{} ({:.0f}%)]\tAverage loss: {:.6f}'.format(
+                epoch, batch_idx * len(data), len(train_loader.dataset),
+                100. * batch_idx / len(train_loader), total_loss / total_size))
+
+
+def test():
+    model.eval()
+    test_loss = 0
+    correct = 0
+    with torch.no_grad():
+        for data, target in test_loader:
+            data, target = data.to(device), target.to(device)
+            output = model(data)
+            test_loss += criterion(output, target).item()
+            pred = output.data.max(1, keepdim=True)[1]
+            correct += pred.eq(target.data.view_as(pred)).long().cpu().sum().item()
+
+    test_loss /= len(test_loader.dataset)
+    print('\nTest set: Average loss: {:.4f}, Accuracy: {}/{} ({:.0f}%)\n'.format(
+        test_loss, correct, len(test_loader.dataset),
+        100. * correct / len(test_loader.dataset)))
+
+def compute_mean_std(dataset):
+    """compute the mean and std of dataset
+    Args:
+        dataset or test dataset
+        witch derived from class torch.utils.data
+    
+    Returns:
+        a tuple contains mean, std value of entire dataset
+    """
+
+    data_r = numpy.dstack([dataset[i][1][:, :, 0] for i in range(len(dataset))])
+    data_g = numpy.dstack([dataset[i][1][:, :, 1] for i in range(len(dataset))])
+    data_b = numpy.dstack([dataset[i][1][:, :, 2] for i in range(len(dataset))])
+    mean = numpy.mean(data_r), numpy.mean(data_g), numpy.mean(data_b)
+    std = numpy.std(data_r), numpy.std(data_g), numpy.std(data_b)
+
+    return mean, std
+
+for epoch in range(1, args.epochs + 1):
+    train(epoch)
+    test()
@@ -0,0 +1,102 @@
+"""
+Created on Fri Dec 16 01:24:11 2017
+
+@author: Utku Ozbulak - github.com/utkuozbulak
+"""
+import os
+import numpy as np
+import cv2
+
+import torch
+from torch import nn
+from torch.autograd import Variable
+# from torch.autograd.gradcheck import zero_gradients  # See processed_image.grad = None
+
+from misc_functions import preprocess_image, recreate_image, get_params
+
+
+class FastGradientSignTargeted():
+    """
+        Fast gradient sign untargeted adversarial attack, maximizes the target class activation
+        with iterative grad sign updates
+    """
+    def __init__(self, model, alpha):
+        self.model = model
+        self.model.eval()
+        # Movement multiplier per iteration
+        self.alpha = alpha
+        # Create the folder to export images if not exists
+        if not os.path.exists('../generated'):
+            os.makedirs('../generated')
+
+    def generate(self, original_image, org_class, target_class):
+        # I honestly dont know a better way to create a variable with specific value
+        # Targeting the specific class
+        im_label_as_var = Variable(torch.from_numpy(np.asarray([target_class])))
+        # Define loss functions
+        ce_loss = nn.CrossEntropyLoss()
+        # Process image
+        processed_image = preprocess_image(original_image)
+        # Start iteration
+        for i in range(10):
+            print('Iteration:', str(i))
+            # zero_gradients(x)
+            # Zero out previous gradients
+            # Can also use zero_gradients(x)
+            processed_image.grad = None
+            # Forward pass
+            out = self.model(processed_image)
+            # Calculate CE loss
+            pred_loss = ce_loss(out, im_label_as_var)
+            # Do backward pass
+            pred_loss.backward()
+            # Create Noise
+            # Here, processed_image.grad.data is also the same thing is the backward gradient from
+            # the first layer, can use that with hooks as well
+            adv_noise = self.alpha * torch.sign(processed_image.grad.data)
+            # Add noise to processed image
+            processed_image.data = processed_image.data - adv_noise
+
+            # Confirming if the image is indeed adversarial with added noise
+            # This is necessary (for some cases) because when we recreate image
+            # the values become integers between 1 and 255 and sometimes the adversariality
+            # is lost in the recreation process
+
+            # Generate confirmation image
+            recreated_image = recreate_image(processed_image)
+            # Process confirmation image
+            prep_confirmation_image = preprocess_image(recreated_image)
+            # Forward pass
+            confirmation_out = self.model(prep_confirmation_image)
+            # Get prediction
+            _, confirmation_prediction = confirmation_out.data.max(1)
+            # Get Probability
+            confirmation_confidence = \
+                nn.functional.softmax(confirmation_out)[0][confirmation_prediction].data.numpy()[0]
+            # Convert tensor to int
+            confirmation_prediction = confirmation_prediction.numpy()[0]
+            # Check if the prediction is different than the original
+            if confirmation_prediction == target_class:
+                print('Original image was predicted as:', org_class,
+                      'with adversarial noise converted to:', confirmation_prediction,
+                      'and predicted with confidence of:', confirmation_confidence)
+                # Create the image for noise as: Original image - generated image
+                noise_image = original_image - recreated_image
+                cv2.imwrite('../generated/targeted_adv_noise_from_' + str(org_class) + '_to_' +
+                            str(confirmation_prediction) + '.jpg', noise_image)
+                # Write image
+                cv2.imwrite('../generated/targeted_adv_img_from_' + str(org_class) + '_to_' +
+                            str(confirmation_prediction) + '.jpg', recreated_image)
+                break
+
+        return 1
+
+
+if __name__ == '__main__':
+    target_example = 0  # Apple
+    (original_image, prep_img, org_class, _, pretrained_model) =\
+        get_params(target_example)
+    target_class = 62  # Mud turtle
+
+    FGS_untargeted = FastGradientSignTargeted(pretrained_model, 0.01)
+    FGS_untargeted.generate(original_image, org_class, target_class)
@@ -0,0 +1,111 @@
+"""
+Created on Fri Dec 15 19:57:34 2017
+
+@author: Utku Ozbulak - github.com/utkuozbulak
+"""
+import os
+import numpy as np
+import cv2
+
+import torch
+from torch import nn
+from torch.autograd import Variable
+# from torch.autograd.gradcheck import zero_gradients  # See processed_image.grad = None
+
+from misc_functions import preprocess_image, recreate_image, get_params
+import torch.nn.functional
+
+class FastGradientSignUntargeted():
+    """
+        Fast gradient sign untargeted adversarial attack, minimizes the initial class activation
+        with iterative grad sign updates
+    """
+    def __init__(self, model, alpha):
+        self.model = model
+        self.model.eval()
+        # Movement multiplier per iteration
+        self.alpha = alpha
+        # Create the folder to export images if not exists
+        if not os.path.exists('../generated'):
+            os.makedirs('../generated')
+
+    def generate(self, original_image, im_label):
+        # I honestly dont know a better way to create a variable with specific value
+        im_label_as_var = Variable(torch.from_numpy(np.asarray([im_label])))
+        im_label_as_var = im_label_as_var.long()
+        im_label_as_var = torch.max(im_label_as_var, 1)[1]
+        
+        # Define loss functions
+        ce_loss = nn.CrossEntropyLoss()
+        # Process image
+        processed_image = preprocess_image(original_image)
+        # Start iteration
+        for i in range(10):
+            #print('Iteration:', str(i))
+            # zero_gradients(x)
+            # Zero out previous gradients
+            # Can also use zero_gradients(x)
+            processed_image.grad = None
+            # Forward pass
+            out = self.model(processed_image)
+            # Calculate CE loss
+            
+            # no need to softmax out
+            #out = torch.nn.functional.softmax(Variable(out, requires_grad=True), dim=1).data
+
+            im_label = im_label_as_var
+
+            pred_loss = ce_loss(out, im_label_as_var)
+            #print(pred_loss)
+            # Do backward pass
+            pred_loss.backward()
+            # Create Noise
+            # Here, processed_image.grad.data is also the same thing is the backward gradient from
+            # the first layer, can use that with hooks as well
+            adv_noise = self.alpha * torch.sign(processed_image.grad.data)
+            # Add Noise to processed image
+            processed_image.data = processed_image.data + adv_noise
+
+            # Confirming if the image is indeed adversarial with added noise
+            # This is necessary (for some cases) because when we recreate image
+            # the values become integers between 1 and 255 and sometimes the adversariality
+            # is lost in the recreation process
+
+            # Generate confirmation image
+            recreated_image = recreate_image(processed_image)
+            # Process confirmation image
+            prep_confirmation_image = preprocess_image(recreated_image)
+            # Forward pass
+            confirmation_out = self.model(prep_confirmation_image)
+            # Get prediction
+            _, confirmation_prediction = confirmation_out.data.max(1)
+            #print(confirmation_prediction)
+            # Get Probability
+            confirmation_confidence = \
+                nn.functional.softmax(confirmation_out)[0][confirmation_prediction].data.numpy()[0]
+            # Convert tensor to int
+            confirmation_prediction = confirmation_prediction.numpy()[0]
+            # Check if the prediction is different than the original
+            if confirmation_prediction != im_label:
+                #print('Original image was predicted as:', im_label,
+                #      'with adversarial noise converted to:', confirmation_prediction,
+                #      'and predicted with confidence of:', confirmation_confidence)
+                # Create the image for noise as: Original image - generated image
+                noise_image = original_image - recreated_image
+                # cv2.imwrite('../generated/untargeted_adv_noise_from_' + str(im_label) + '_to_' +
+                #             str(confirmation_prediction) + '.jpg', noise_image)
+                # # Write image
+                # cv2.imwrite('../generated/untargeted_adv_img_from_' + str(im_label) + '_to_' +
+                #             str(confirmation_prediction) + '.jpg', recreated_image)
+                return recreated_image, 1
+
+        return None, 0
+
+
+if __name__ == '__main__':
+    target_example = 2  # Eel
+    (original_image, prep_img, target_class, _, pretrained_model) =\
+        get_params(target_example)
+
+    FGS_untargeted = FastGradientSignUntargeted(pretrained_model, 0.01)
+    FGS_untargeted.generate(original_image, target_class)