-
Notifications
You must be signed in to change notification settings - Fork 1
/
adversarial_reprogramming_of_neural_network.py
176 lines (140 loc) · 5.48 KB
/
adversarial_reprogramming_of_neural_network.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
"""
Re-implementation of "Adversarial Reprogramming of Neural Networks" (ICLR'19)
https://arxiv.org/pdf/1806.11146.pdf
More experiments done with : https://github.com/kcelia/adversarial_reprogramming_of_neural_network
"""
import numpy as np
import torch
import torch as T
import torch.nn as nn
import torchvision
from tqdm import tqdm
from torchvision import datasets, transforms
def x_to_X(x, X_size, channel_out=3):
"""
This function places a batch of small image x in the center
of a bigger one of size X_size with zero padding.
:param x: batch x, [batch_size, channels, im_size, im_size]
:param X_size: the size of the new image
:param channel_out: the number of the channel
:type x: torch.Tensor
:type X_size: int
:type channel_out: int
:return: x centred in X_size zerroed image
:rtype: torch.tensor
"""
X = T.zeros((x.shape[0], channel_out, X_size, X_size))
start_x = X_size // 2 - x.shape[2] // 2
end_x = start_x + x.shape[2]
start_y = X_size // 2 - x.shape[3] // 2
end_y = start_y + x.shape[3]
x = x.expand(x.shape[0], channel_out, x.shape[2], x.shape[3])
X[:, :, start_x:end_x, start_y:end_y] = x
return X
def get_mask(patch_size, X_size, channel_out, batch_size=1):
"""
This function return the mask for an img of size patch_size
which is in the center of a bigger on with size X_size
:param patch_size: the size of patch that we want to put in the center
:param X_size: the new size of the img
:param channel_out: nb channels
:param batch_size: nb times that the mask will be replicated
:type patch_size: int
:type X_size: int
:type channel_out: int
:type batch_size: int
:return: binary mask
:rtype: torch.Tensor
"""
ones = T.ones((batch_size, channel_out, patch_size, patch_size))
return x_to_X(ones, X_size, channel_out)
def get_mnist(batch_size):
"""
This function retruns the train and test loader of mnist
dataset for a given batch_size
:param batch_size: size of the batch for data loader
:type batch_size: int
:return: train and test loader
:rtype: tuple[torch.utils.data.DataLoader]
"""
train_loader = T.utils.data.DataLoader(datasets.MNIST(
'./data', train=True, download=True,
transform=transforms.Compose([
transforms.ToTensor(),
transforms.Normalize((0.1307,), (0.3081,))
])),
batch_size=batch_size, shuffle=True
)
test_loader = T.utils.data.DataLoader(datasets.MNIST(
'./data', train=False, download=True,
transform=transforms.Compose([
transforms.ToTensor(),
transforms.Normalize((0.1307,), (0.3081,))
])),
batch_size=batch_size, shuffle=True
)
return train_loader, test_loader
class ProgrammingNetwork(nn.Module):
"""
This class is the module that contains the network
that will be uilized and the associated programm
that will be learned to hijak the first one
"""
def __init__(self, pretained_model, input_size, patch_size, channel_out=3):
"""
Constructor
:param pretrained_model: the model to hitjak
:param input_size: the img's size excepected by pretrained_model
:param patch_size: the size of the small target domain img
:param channel_out: nb channel
:type pretrained_model: modul
:type input_size: int
:type patch_size: int
:type channel_out: int
"""
super().__init__()
self.model = pretained_model
self.p = T.autograd.Variable(T.randn((channel_out, input_size, input_size)).to(device), requires_grad=True)
self.input_size = input_size
self.mask = get_mask(patch_size, input_size, channel_out, batch_size=1)[0].to(device)
self.mask.requires_grad = False
def forward(self, x):
#P = tanh (W + M)
P = nn.Tanh()((1 - self.mask) * self.p)
#Xadv = hf (˜x; W) = X˜ + P
x_adv = x_to_X(x, self.input_size, self.p.shape[0]).to(device) + P
return self.model(x_adv)
device = "cuda:0"
batch_size = 16
train_loader, test_loader = get_mnist(batch_size)
#pretrained_model = torchvision.models.resnet101(pretrained=True).eval()
pretrained_model = torchvision.models.squeezenet1_0(pretrained=True).eval()
input_size = 224
patch_size = 28
model = ProgrammingNetwork(pretrained_model, input_size, patch_size)
model.to(device)
loss_function = nn.CrossEntropyLoss()
optimizer = T.optim.Adam([model.p])
nb_epochs = 20
loss_history = []
for epoch in range(nb_epochs):
print("epoch : ", epoch)
for i, (x, y) in enumerate(tqdm(train_loader)):
y_hat = model(x.to(device))
optimizer.zero_grad()
loss = loss_function(y_hat, y.to(device))
loss.backward()
optimizer.step()
loss_history.append(loss.item())
if not i % 50: #save each 50 batches
#T.save(model.state_dict(), "./models/squeezenet1_0_mnist.pth")
np.save("./models/squeezenet1_0_mnist_program_{}_{}".format(epoch, i // 50), model.p.detach().to("cpu").numpy())
np.save("loss_history", loss_history)
#np.save("loss_history", loss_history)
#compute test accuracy
test_accuracy = []
for i, (x, y) in enumerate(tqdm(test_loader)):
y_hat = model(x.to(device))
(y_hat.argmax(1).to('cpu') == y).float()
test_accuracy.extend((y_hat.argmax(1).to('cpu') == y).float().numpy())
print("test accuracy : ", np.array(test_accuracy).mean())