In [4]:
import numpy as np
%matplotlib inline
import matplotlib.pyplot as plt
from mpl_toolkits.axes_grid1 import ImageGrid
from matplotlib.backends.backend_pdf import PdfPages
from matplotlib.transforms import offset_copy
import pickle
from tensorflow.examples.tutorials.mnist import input_data
mnist = input_data.read_data_sets("MNIST_data/")
from CIFAR.load_cifar10 import load_data10
In [12]:
u_tiny = np.load('./tiny-imagenet/u.npy')
s_tiny = np.load('./tiny-imagenet/s.npy')
v_tiny = np.load('./tiny-imagenet/v.npy')
mean_img_tiny = np.load('./tiny-imagenet/mean.npy')
In [47]:
mean_img_mnist = np.mean(mnist.train.images, axis=0)
cov = np.dot((mnist.train.images - mean_img_mnist).T, (mnist.train.images - mean_img_mnist))/mnist.train.images.shape[0]
u_mnist,s_mnist,v_mnist = np.linalg.svd(cov)
In [275]:
x, _, _, _ = load_data10()
x = x.reshape((-1,32*32*3))
mean_img_cifar = np.mean(x, axis=0)
cov = np.dot((x - mean_img_cifar).T, (x - mean_img_cifar))/x.shape[0]
u_cifar, s_cifar, v_cifar = np.linalg.svd(cov)
In [274]:
tiny_fast_clipped = pickle.load(open('./tiny-imagenet/data/tiny_foolers_fast/tiny_foolers_fast_clip.p', 'rb'),
encoding='latin1')
tiny_iter_clipped = pickle.load(open('./tiny-imagenet/data/tiny_foolers/tiny_foolers_clip.p', 'rb'),
encoding='latin1')
tiny_fast = pickle.load(open('./tiny-imagenet/data/tiny_foolers_fast/tiny_foolers_fast.p', 'rb'),
encoding='latin1')
tiny_iter = pickle.load(open('./tiny-imagenet/data/tiny_foolers/tiny_foolers_clip.p', 'rb'),
encoding='latin1')
tiny_fast_clipped_keys = list(tiny_fast_clipped.keys())
tiny_iter_clipped_keys = list(tiny_iter_clipped.keys())
tiny_fast_keys = list(tiny_fast.keys())
tiny_iter_keys = list(tiny_iter.keys())
mnist_iter = pickle.load(open('./MNIST/data/normal.p', 'rb'), encoding='latin1')
mnist_fast = pickle.load(open('./MNIST/data/fast.p', 'rb'), encoding='latin1')
mnist_iter_keys = list(mnist_iter.keys())
mnist_fast_keys = list(mnist_fast.keys())
cifar_iter = pickle.load(open('./CIFAR/data/normal_foolers.p', 'rb'), encoding='latin1')
cifar_fast = pickle.load(open('./CIFAR/data/fast_foolers.p', 'rb'), encoding='latin1')
cifar_iter_keys = list(cifar_iter.keys())
cifar_fast_keys = list(cifar_fast.keys())
In [281]:
def rescaler(img):
low, high = np.min(img), np.max(img)
return (img - low) / (high - low)
def show_tiny_whitened(image, rescale=False, add_mean=False, zca=False, smoother=1e-4):
img = image.copy()
img = img.transpose(1,2,0)
img = img.reshape(1,64*64*3)
img = np.dot(img, u_tiny)
img = img/np.sqrt(s_tiny + smoother)
if zca is True:
img = np.dot(img, u_tiny.T)
img = img.reshape((64,64,3))
if add_mean:
img += mean_img_tiny.reshape((64,64,3))
if rescale:
img = rescaler(img)
return img
In [155]:
k = np.random.choice(tiny_fast_clipped_keys)
image_fool = tiny_fast_clipped[k][3][0]
image = tiny_fast_clipped[k][4][0]
In [180]:
def turn_off_ticks():
plt.tick_params(axis='both', which='both', bottom='off',
top='off', labelbottom='off', right='off',
left='off', labelleft='off')
with PdfPages('whitened.pdf') as pdf:
fig = plt.figure(1, (5, 3.75))
for i in range(1,4,2):
k = np.random.choice(tiny_fast_clipped_keys)
image_fool = tiny_fast_clipped[k][3][0]
image = tiny_fast_clipped[k][4][0]
plt.subplot(3,4,i)
if i == 1:
plt.ylabel('Tiny-ImageNet')
plt.title('Clean')
plt.imshow(show_tiny_whitened(image, rescale=True, zca=True, add_mean=False))
turn_off_ticks()
plt.subplot(3,4,i+1)
plt.title('Adversarial')
plt.imshow(show_tiny_whitened(image_fool, rescale=True, zca=True, add_mean=False))
turn_off_ticks()
for i in range(5,9,2):
k = np.random.choice(cifar_iter_keys)
image_fool = cifar_iter[k][3][0].reshape((1,32*32*3))
image = cifar_iter[k][4][0].reshape((1,32*32*3))
plt.subplot(3,4,i)
if i == 5:
plt.ylabel('CIFAR')
img = np.dot(image - mean_img_cifar, u_cifar)
img = np.dot(img/np.sqrt(s_cifar + 1e-4), u_cifar.T)
plt.imshow(rescaler(img).reshape(32,32,3))
turn_off_ticks()
plt.subplot(3,4,i+1)
img = np.dot(image_fool - mean_img_cifar, u_cifar)
img = np.dot(img/np.sqrt(s_cifar + 1e-4), u_cifar.T)
plt.imshow(rescaler(img).reshape(32,32,3))
turn_off_ticks()
for i in range(9,12,2):
k = np.random.choice(mnist_iter_keys)
image_fool = mnist_iter[k][2][0]
image = mnist_iter[k][3][0]
plt.subplot(3,4,i)
if i == 9:
plt.ylabel('MNIST')
img = np.dot(image-mean_img_mnist, u_mnist)
img = np.dot(img/np.sqrt(s_mnist + 1e-4), u_mnist.T)
plt.imshow(rescaler(img).reshape(28,28))
turn_off_ticks()
plt.subplot(3,4,i+1)
img = np.dot(image_fool-mean_img_mnist, u_mnist)
img = np.dot(img/np.sqrt(s_mnist + 1e-4), u_mnist.T)
plt.imshow(rescaler(img).reshape(28,28))
turn_off_ticks()
plt.subplots_adjust(left=None, bottom=0, right=None, top=0.8, wspace=0, hspace=0)
pdf.savefig(fig, bbox_inches='tight', pad_inches=0)
In [ ]:
In [192]:
np.sum(s_tiny[:5000])/np.sum(s_tiny)
Out[192]:
In [381]:
with PdfPages('coefficients.pdf') as pdf:
rows = ['Tiny-ImageNet\nFast Gradient Sign', 'Tiny-ImageNet\nIterative',
'CIFAR\nIterative', 'MNIST\nIterative']
fig, axes = plt.subplots(nrows=2, ncols=3, figsize=(12, 9), dpi=300)
fooler_type_number = 0
for i in range(1,13):
if fooler_type_number//3 == 0:
dataset, dataset_keys = tiny_fast_clipped, tiny_fast_clipped_keys
row_label = rows[0]
elif fooler_type_number//3 == 1:
dataset, dataset_keys = tiny_iter_clipped, tiny_iter_clipped_keys
row_label = rows[1]
elif fooler_type_number//3 == 2:
dataset, dataset_keys = cifar_iter, cifar_iter_keys
row_label = rows[2]
elif fooler_type_number//3 == 3:
dataset, dataset_keys = mnist_iter, mnist_iter_keys
row_label = rows[3]
k = np.random.choice(dataset_keys)
if fooler_type_number // 3 != 3:
image = dataset[k][4][0]
image_fool = dataset[k][3][0]
else:
image = dataset[k][3][0]
image_fool = dataset[k][2][0]
plt.subplot(4,3,i)
if fooler_type_number//3 == 0 or fooler_type_number//3 == 1:
f = show_tiny_whitened(image_fool, smoother=1e-11).reshape((-1))
r = show_tiny_whitened(image, smoother=1e-11).reshape((-1))
elif fooler_type_number//3 == 2:
img = np.dot(image_fool.reshape((-1))-mean_img_cifar, u_cifar)
f = img/np.sqrt(s_cifar + 1e-11)
img = np.dot(image.reshape((-1))-mean_img_cifar, u_cifar)
r = img/np.sqrt(s_cifar + 1e-11)
elif fooler_type_number//3 == 3:
img = np.dot(image_fool-mean_img_mnist, u_mnist)
f = img/np.sqrt(s_mnist + 1e-11)
img = np.dot(image-mean_img_mnist, u_mnist)
r = img/np.sqrt(s_mnist + 1e-11)
plt.plot(np.linspace(0, len(f), len(f)), f, rasterized=True)
plt.plot(np.linspace(0, len(r), len(r)), r, rasterized=True)
fooler_type_number += 1
if fooler_type_number == 1:
plt.legend(['Adversarial Coefficients', 'Clean Coefficients'])
if (fooler_type_number-1) % 3 == 0:
plt.ylabel(row_label)
if i == 12 or i == 11 or i == 10:
plt.xlabel('Principal Component')
pdf.savefig(fig, bbox_inches='tight', pad_inches=0)
In [247]:
import sklearn.metrics as sk
In [398]:
examples = []
labels = []
for k in tiny_fast_clipped_keys:
examples.append(np.var(show_tiny_whitened(tiny_fast_clipped[k][3][0], smoother=1e-11).reshape((-1))[10000:]))
labels.append(1)
examples.append(np.var(show_tiny_whitened(tiny_fast_clipped[k][4][0], smoother=1e-11).reshape((-1))[10000:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
dirty = np.array(examples[::2])
clean = np.array(examples[1::2])
print('Fraction of adversarial examples with a variance within 10 stds of the clean variances',
np.mean(dirty < np.mean(clean) + 10*np.std(clean)))
In [367]:
examples = []
labels = []
for k in tiny_iter_clipped_keys:
examples.append(np.var(show_tiny_whitened(tiny_iter_clipped[k][3][0], smoother=1e-11).reshape((-1))[10000:]))
labels.append(1)
examples.append(np.var(show_tiny_whitened(tiny_iter_clipped[k][4][0], smoother=1e-11).reshape((-1))[10000:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
In [399]:
examples = []
labels = []
for k in cifar_fast_keys:
image_fool = cifar_fast[k][3][0].reshape((-1))
img = np.dot(image_fool-mean_img_cifar, u_cifar)
f = img/np.sqrt(s_cifar + 1e-11)
examples.append(np.var(f[2500:]))
labels.append(1)
image = cifar_fast[k][4][0].reshape((-1))
img = np.dot(image-mean_img_cifar, u_cifar)
r = img/np.sqrt(s_cifar + 1e-11)
examples.append(np.var(r[2500:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
dirty = np.array(examples[::2])
clean = np.array(examples[1::2])
print('Fraction of adversarial examples with a variance within 10 stds of the clean variances',
np.mean(dirty < np.mean(clean) + 10*np.std(clean)))
In [388]:
print(np.mean(clean), np.std(clean))
print(np.mean(dirty))
In [370]:
examples = []
labels = []
for k in cifar_iter_keys:
image_fool = cifar_iter[k][3][0].reshape((-1))
img = np.dot(image_fool-mean_img_cifar, u_cifar)
f = img/np.sqrt(s_cifar + 1e-11)
examples.append(np.var(f[2500:]))
labels.append(1)
image = cifar_iter[k][4][0].reshape((-1))
img = np.dot(image-mean_img_cifar, u_cifar)
r = img/np.sqrt(s_cifar + 1e-11)
examples.append(np.var(r[2500:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
In [412]:
examples = []
labels = []
for k in mnist_fast_keys:
image_fool = mnist_fast[k][2][0]
img = np.dot(image_fool-mean_img_mnist, u_mnist)
f = img/np.sqrt(s_mnist + 1e-11)
examples.append(np.var(f[700:]))
labels.append(1)
image = mnist_fast[k][3][0]
img = np.dot(image-mean_img_mnist, u_mnist)
r = img/np.sqrt(s_mnist + 1e-11)
examples.append(np.var(r[700:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
dirty = np.array(examples[::2])
clean = np.array(examples[1::2])
print('Fraction of adversarial examples with a variance within 10 billion stds of the clean variances',
np.mean(dirty < np.mean(clean) + 10000000000*np.std(clean)))
In [373]:
examples = []
labels = []
for k in mnist_iter_keys:
image_fool = mnist_iter[k][2][0]
img = np.dot(image_fool-mean_img_mnist, u_mnist)
f = img/np.sqrt(s_mnist + 1e-11)
examples.append(np.var(f[700:]))
labels.append(1)
image = mnist_iter[k][3][0]
img = np.dot(image-mean_img_mnist, u_mnist)
r = img/np.sqrt(s_mnist + 1e-11)
examples.append(np.var(r[700:]))
labels.append(0)
print('AUROC', sk.roc_auc_score(labels, examples))
print('AUPR', sk.average_precision_score(labels, examples))
In [ ]:
In [ ]:
In [ ]: