-
Notifications
You must be signed in to change notification settings - Fork 45
/
Copy pathsia.py
106 lines (85 loc) · 4.3 KB
/
sia.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import torch
import torch.nn.functional as F
from ..utils import *
from ..gradient.mifgsm import MIFGSM
import scipy.stats as st
class SIA(MIFGSM):
"""
SIA(Structure Invariant Attack)
'Structure Invariant Transformation for better Adversarial Transferability'(https://arxiv.org/abs/2309.14700)
Arguments:
model_name (str): the name of surrogate model for attack.
epsilon (float): the perturbation budget.
alpha (float): the step size.
epoch (int): the number of iterations.
decay (float): the decay factor for momentum calculation.
num_scale (int): the number of shuffled copies in each iteration.
num_block (int): the number of block in the image.
targeted (bool): targeted/untargeted attack.
random_start (bool): whether using random initialization for delta.
norm (str): the norm of perturbation, l2/linfty.
loss (str): the loss function.
device (torch.device): the device for data. If it is None, the device would be same as model
Official arguments:
epsilon=16/255, alpha=epsilon/epoch=1.6/255, epoch=10, decay=1., num_scale=10, num_block=3
Example script:
python main.py --input_dir ./path/to/data --output_dir adv_data/sia/resnet18 --attack sia --model=resnet18
python main.py --input_dir ./path/to/data --output_dir adv_data/sia/resnet18 --eval
"""
def __init__(self, model_name, epsilon=16/255, alpha=1.6/255, epoch=10, decay=1., num_scale=20, num_block=3, targeted=False, random_start=False,
norm='linfty', loss='crossentropy', device=None, attack='SIA', **kwargs):
super().__init__(model_name, epsilon, alpha, epoch, decay, targeted, random_start, norm, loss, device, attack)
self.num_scale = num_scale
self.num_block = num_block
self.kernel = self.gkern()
self.op = [self.vertical_shift, self.horizontal_shift, self.vertical_flip, self.horizontal_flip, self.rotate180, self.scale, self.add_noise]
def vertical_shift(self, x):
_, _, w, _ = x.shape
step = np.random.randint(low = 0, high=w, dtype=np.int32)
return x.roll(step, dims=2)
def horizontal_shift(self, x):
_, _, _, h = x.shape
step = np.random.randint(low = 0, high=h, dtype=np.int32)
return x.roll(step, dims=3)
def vertical_flip(self, x):
return x.flip(dims=(2,))
def horizontal_flip(self, x):
return x.flip(dims=(3,))
def rotate180(self, x):
return x.rot90(k=2, dims=(2,3))
def scale(self, x):
return torch.rand(1)[0] * x
def add_noise(self, x):
return torch.clip(x + torch.zeros_like(x).uniform_(-16/255,16/255), 0, 1)
def gkern(self, kernel_size=3, nsig=3):
x = np.linspace(-nsig, nsig, kernel_size)
kern1d = st.norm.pdf(x)
kernel_raw = np.outer(kern1d, kern1d)
kernel = kernel_raw / kernel_raw.sum()
stack_kernel = np.stack([kernel, kernel, kernel])
stack_kernel = np.expand_dims(stack_kernel, 1)
return torch.from_numpy(stack_kernel.astype(np.float32)).to(self.device)
def blur(self, x):
return F.conv2d(x, self.kernel, stride=1, padding='same', groups=3)
def blocktransform(self, x, choice=-1):
_, _, w, h = x.shape
y_axis = [0,] + np.random.choice(list(range(1, h)), self.num_block-1, replace=False).tolist() + [h,]
x_axis = [0,] + np.random.choice(list(range(1, w)), self.num_block-1, replace=False).tolist() + [w,]
y_axis.sort()
x_axis.sort()
x_copy = x.clone()
for i, idx_x in enumerate(x_axis[1:]):
for j, idx_y in enumerate(y_axis[1:]):
chosen = choice if choice >= 0 else np.random.randint(0, high=len(self.op), dtype=np.int32)
x_copy[:, :, x_axis[i]:idx_x, y_axis[j]:idx_y] = self.op[chosen](x_copy[:, :, x_axis[i]:idx_x, y_axis[j]:idx_y])
return x_copy
def transform(self, x, **kwargs):
"""
Scale the input for BSR
"""
return torch.cat([self.blocktransform(x) for _ in range(self.num_scale)])
def get_loss(self, logits, label):
"""
Calculate the loss
"""
return -self.loss(logits, label.repeat(self.num_scale)) if self.targeted else self.loss(logits, label.repeat(self.num_scale))