-
Notifications
You must be signed in to change notification settings - Fork 1
/
madrys.py
executable file
·91 lines (76 loc) · 3.42 KB
/
madrys.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import torch
import torch.nn as nn
import torch.nn.functional as F
import models
from torch.autograd import Variable
if torch.cuda.is_available():
device = torch.device('cuda')
else:
device = torch.device('cpu')
class MadrysLoss(nn.Module):
def __init__(self, step_size=0.007, epsilon=0.031, perturb_steps=10, distance='l_inf', cutmix=False):
super(MadrysLoss, self).__init__()
self.step_size = step_size
self.epsilon = epsilon
self.perturb_steps = perturb_steps
self.distance = distance
self.cross_entropy = models.CutMixCrossEntropyLoss() if cutmix else torch.nn.CrossEntropyLoss()
def forward(self, model, x_natural, y, optimizer):
model.eval()
for param in model.parameters():
param.requires_grad = False
# generate adversarial example
x_adv = x_natural.clone() + self.step_size * torch.randn(x_natural.shape).to(device)
if self.distance == 'l_inf':
for _ in range(self.perturb_steps):
x_adv.requires_grad_()
loss_ce = self.cross_entropy(model(x_adv), y)
grad = torch.autograd.grad(loss_ce, [x_adv])[0]
x_adv = x_adv.detach() + self.step_size * torch.sign(grad.detach())
x_adv = torch.min(torch.max(x_adv, x_natural - self.epsilon), x_natural + self.epsilon)
x_adv = torch.clamp(x_adv, 0.0, 1.0)
else:
x_adv = torch.clamp(x_adv, 0.0, 1.0)
for param in model.parameters():
param.requires_grad = True
model.train()
# x_adv = Variable(x_adv, requires_grad=False)
optimizer.zero_grad()
logits = model(x_adv)
loss = self.cross_entropy(logits, y)
return logits, loss
class MadrysLoss_v2(nn.Module):
def __init__(self, step_size=0.007, epsilon=0.031, perturb_steps=10, distance='l_inf', cutmix=False):
super(MadrysLoss_v2, self).__init__()
self.step_size = step_size
self.epsilon = epsilon
self.perturb_steps = perturb_steps
self.distance = distance
self.cross_entropy = models.CutMixCrossEntropyLoss() if cutmix else torch.nn.CrossEntropyLoss()
def forward(self, model, x_natural, y, optimizer):
model.eval()
for param in model.parameters():
param.requires_grad = False
# generate adversarial example
x_adv = torch.rand_like(x_natural.clone()) + self.step_size * torch.randn(x_natural.shape).to(device)
if self.distance == 'l_inf':
for _ in range(self.perturb_steps):
x_adv.requires_grad_()
loss_ce = -self.cross_entropy(model(x_adv), y)
grad = torch.autograd.grad(loss_ce, [x_adv])[0]
x_adv = x_adv.detach() + self.step_size * torch.sign(grad.detach())
x_adv = torch.min(torch.max(x_adv, x_natural - self.epsilon), x_natural + self.epsilon)
x_adv = torch.clamp(x_adv, 0.0, 1.0)
else:
x_adv = torch.clamp(x_adv, 0.0, 1.0)
for param in model.parameters():
param.requires_grad = True
model.train()
# x_adv = Variable(x_adv, requires_grad=False)
optimizer.zero_grad()
logits = model(x_natural)
loss = self.cross_entropy(logits, y)
logits2 = model(x_adv)
loss2 = self.cross_entropy(logits2, y)
loss_final = loss - 10 * min(loss2, 3)
return logits, loss