detect_safetynet.py

"""Detect adv/clean from the hidden feature"""
from __future__ import absolute_import
from __future__ import print_function

import os
import argparse
from datasets import get_data
from models import get_model
import numpy as np
import sklearn.metrics
from sklearn.model_selection import StratifiedShuffleSplit, StratifiedKFold, train_test_split
from sklearn.decomposition import PCA
from sklearn.svm import SVC
from sklearn.metrics import accuracy_score, roc_auc_score, roc_curve
from sklearn.ensemble import RandomForestClassifier
import matplotlib.pyplot as plt
from concurrent.futures import ThreadPoolExecutor

DATASETS = ['dr', 'cxr', 'derm']
ATTACKS = ['fgsm', 'bim', 'jsma', 'cw-l2', 'clean']
TEST_SIZE = {'dr': 0.2, 'cxr': 0.2, 'derm': 0.2}

def balance_data(X, y, sub_sample=False):  # assume that the positive samples is less than negative ones
    idx_pos, = np.where(y>0)
    idx_neg, = np.where(y<1)
    if sub_sample:
        idx_neg = np.random.choice(idx_neg, len(idx_pos))
    else:  # over sample
        idx_pos = np.random.choice(idx_pos, len(idx_neg))
    idx_resample = np.concatenate([idx_neg, idx_pos])
    return X[idx_resample], y[idx_resample]


def detect(args):
    assert args.dataset in ['mnist', 'cifar-10', 'svhn', 'dr', 'cxr', 'derm'], \
        "Dataset parameter must be either 'mnist', 'cifar-10', 'svhn', 'dr', 'cxr', or 'derm'"
    assert args.attack in ['fgsm', 'bim', 'jsma', 'deepfool', 'pgd', 'ead', 'cw-l2', 'cw-lid', 'cw-li',
                           'fgsm_bb', 'bim_bb', 'jsma_bb', 'deepfool_bb', 'pgd_bb', 'ead_bb', 'cw-l2_bb', 'cw-lid_bb', 'cw-li_bb',], \
        "Attack parameter must be either 'fgsm', 'bim', 'jsma', 'deepfool', " \
        "'pgd', 'ead', 'cw-l2', 'cw-lid'"

    # load feature/label data
    _, _, cX_test, cy_test = get_data(args.dataset, onehot=False, load_feat='clean')  # clean feat
    _, _, aX_test, ay_test = get_data(args.dataset, onehot=False, load_feat=args.attack)  # attack feat

    # balance data
    cX_test, cy_test = balance_data(cX_test, cy_test)  # balance over positive/negative examples
    aX_test, ay_test = balance_data(aX_test, ay_test)  # balance over positive/negative examples
    X = np.concatenate([cX_test, aX_test])
    label = np.concatenate([cy_test, ay_test + 2])  # 0: clean neg, 1: clean pos, 2: adv_neg, 3: adv pos
    y = np.concatenate([np.zeros(len(cX_test)), np.ones(len(aX_test))])

    # quantization
    X = (X > np.mean(X, axis=0, keepdims=True)).astype('float32')

    # # load testing data
    # _, _, test_idx = np.load('data/split_%s.npy' % args.dataset)  # generated by "extract_features.py -d dataset -a clean"
    # feat_clean = np.load('data/feat_%s_clean.npy' % args.dataset)
    # feat_adv = np.load('data/feat_%s_%s.npy' % (args.dataset, args.attack))
    # feat_clean, feat_adv = feat_clean[test_idx], feat_adv[test_idx]
    # _, _, _, is_positive = get_data(args.dataset, onehot=False)
    #
    # # balance data through under-sampling
    # idx_pos, = np.where(is_positive>0)
    # idx_neg, = np.where(is_positive<1)
    # idx_neg_resample = np.random.choice(idx_neg, len(idx_pos))
    # idx_neg_resample2 = np.random.choice(idx_neg, len(idx_pos))
    # X = np.concatenate([feat_clean[idx_pos], feat_clean[idx_neg_resample], feat_adv[idx_pos], feat_adv[idx_neg_resample2]])
    # y = np.concatenate([np.zeros([len(idx_pos)+len(idx_neg_resample)]), np.ones([len(idx_pos) + len(idx_neg_resample2)])])
    # print('Total Samples: %d = %d pos_clean + %d pos_adv + %d neg_clean + %d neg_adv' %
    #       (len(y), len(idx_pos), len(idx_pos), len(idx_neg_resample), len(idx_neg_resample2)))

    # do PCA
    dec_method = None #'tSNE'
    if dec_method:
        decomposer = PCA(20, True) if dec_method == 'PCA' else TSNE(learning_rate=100)
        X_dec = decomposer.fit_transform(X)
        if dec_method == 'PCA':
            print('PCA explanation of variances:', (decomposer.explained_variance_ratio_))
        # plt.scatter(X_pca[y<1, 0], X_pca[y<1, 1])
        # plt.scatter(X_pca[y>0, 0], X_pca[y>0, 1])
        plt.scatter(X_dec[label == 0, 0], X_dec[label == 0, 1], s=9, label='Clean Negative')
        plt.scatter(X_dec[label == 1, 0], X_dec[label == 1, 1], s=9, label='Clean Positive')
        plt.scatter(X_dec[label == 2, 0], X_dec[label == 2, 1], s=9, label='Adversarial Negative')
        plt.scatter(X_dec[label == 3, 0], X_dec[label == 3, 1], s=9, label='Adversarial Positive')
        plt.legend(prop={'weight': 'bold', 'size': 15}, loc='upper left')
        plt.show()

    # train-test split
    accs = []
    aucs = []
    for i in range(3):
        X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=TEST_SIZE[args.dataset])
        clf = SVC(gamma=2.8, probability=True)  #RandomForestClassifier(30)  # SVC(gamma=2.8, probability=True)
        clf.fit(X_train, y_train)
        acc = accuracy_score(y_test, clf.predict(X_test))
        auc = roc_auc_score(y_test, clf.predict_proba(X_test)[:, 1])
        print('Acc:', acc)
        print('AUC:', auc)
        accs.append(acc)
        aucs.append(auc)
    log = 'Dataset: %5s, Attack: %10s, Acc: %.4f, AUC: %.4f, Accs: %s, AUCs: %s \n' % \
          (args.dataset, args.attack, np.mean(accs), np.mean(aucs), str(accs), str(aucs))
    print(log)
    with open('log/detect_safetynet.log', 'a') as f:
        f.write(log)


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument(
        '-d', '--dataset',
        help="Dataset to use",
        required=True, type=str
    )
    parser.add_argument(
        '-a', '--attack',
        help="Attack to use train the discriminator; either 'fgsm', 'bim-a', 'bim-b', 'jsma', 'cw-l2'",
        required=True, type=str
    )


    # args = parser.parse_args()
    # detect(args)

    with ThreadPoolExecutor(24) as e:
        for ds in ['dr', 'cxr', 'derm']:
            for atk in ['pgd']:  # 'fgsm', 'bim', 'deepfool', 'pgd']:
                argv = ['-d', ds, '-a', atk]
                print('\n$> ', argv)
                args = parser.parse_args(argv)
                e.submit(detect, args) #detect(args)
        e.result()