{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Generating Images to Fool an MNIST Classifier\n", "\n", "_This tutorial is part of the series of pyribs tutorials! See [here](https://docs.pyribs.org/en/stable/tutorials.html) for the list of all tutorials and the order in which they should be read._\n", "\n", "Despite their high performance on classification tasks such as MNIST, neural networks like the [LeNet-5](https://en.wikipedia.org/wiki/LeNet) have a weakness: they are easy to fool. Namely, given images like the ones below, a classifier may confidently believe that it is seeing certain digits, even though the images look like random noise to humans. Naturally, this phenomenon raises some concerns, especially when the network in question is used in a safety-critical system like a self-driving car. Given such unrecognizable input, one would hope that the network at least has low confidence in its prediction.\n", "\n", "![fooling images example](_static/fooling_mnist_example.png)\n", "\n", "To make matters worse for neural networks, generating such images is incredibly easy with QD algorithms. As shown in [Nguyen 2015](http://anhnguyen.me/project/fooling/), one can use simple MAP-Elites to generate these images. In this tutorial, we will use the pyribs version of MAP-Elites to do just that." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Setup\n", "\n", "First, we install pyribs and PyTorch." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "%pip install ribs torch tqdm matplotlib" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Here, we import PyTorch and some utilities." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "import time\n", "import sys\n", "\n", "import matplotlib.pyplot as plt\n", "import numpy as np\n", "import torch\n", "import torch.nn as nn\n", "from tqdm import tqdm, trange" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Below, we check what device is available for PyTorch. On Colab, activate the GPU by clicking \"Runtime\" in the toolbar at the top. Then, click \"Change Runtime Type\", and select \"GPU\"." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "device = torch.device(\"cuda\" if torch.cuda.is_available() else \"cpu\")\n", "print(device)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Preliminary: MNIST Network\n", "\n", "We have pretrained a high-performing [LeNet-5](https://en.wikipedia.org/wiki/LeNet) classifier (98.4% training set accuracy, 98.5% test set accuracy) for the MNIST dataset using the code [here](https://github.com/icaros-usc/pyribs/tree/master/tutorials/mnist/train_mnist_classifier.py). This is the same network that we use in the [LSI MNIST](https://docs.pyribs.org/en/stable/tutorials/lsi_mnist.html) tutorial. Below, we define the network." ] }, { "cell_type": "code", "execution_count": 3, "metadata": {}, "outputs": [], "source": [ "LENET5 = nn.Sequential(\n", " nn.Conv2d(1, 6, (5, 5), stride=1, padding=0), # (1,28,28) -> (6,24,24)\n", " nn.MaxPool2d(2), # (6,24,24) -> (6,12,12)\n", " nn.ReLU(),\n", " nn.Conv2d(6, 16, (5, 5), stride=1, padding=0), # (6,12,12) -> (16,8,8)\n", " nn.MaxPool2d(2), # (16,8,8) -> (16,4,4)\n", " nn.ReLU(),\n", " nn.Flatten(), # (16,4,4) -> (256,)\n", " nn.Linear(256, 120), # (256,) -> (120,)\n", " nn.ReLU(),\n", " nn.Linear(120, 84), # (120,) -> (84,)\n", " nn.ReLU(),\n", " nn.Linear(84, 10), # (84,) -> (10,)\n", " nn.LogSoftmax(dim=1), # (10,) log probabilities\n", ").to(device)\n", "LENET5_MEAN_TRANSFORM = 0.1307\n", "LENET5_STD_DEV_TRANSFORM = 0.3081" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Now, we download the weights and load them into the network." ] }, { "cell_type": "code", "execution_count": 4, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "" ] }, "execution_count": 4, "metadata": {}, "output_type": "execute_result" } ], "source": [ "import os\n", "from urllib.request import urlretrieve\n", "from pathlib import Path\n", "\n", "LOCAL_DIR = Path(\"fooling_mnist_weights\")\n", "LOCAL_DIR.mkdir(exist_ok=True)\n", "WEB_DIR = \"https://raw.githubusercontent.com/icaros-usc/pyribs/master/tutorials/mnist/\"\n", "\n", "# Download the model file to LOCAL_DIR.\n", "filename = \"mnist_classifier.pth\"\n", "model_path = LOCAL_DIR / filename\n", "if not model_path.is_file():\n", " urlretrieve(WEB_DIR + filename, str(model_path))\n", "\n", "# Load the weights of the network.\n", "state_dict = torch.load(\n", " str(LOCAL_DIR / \"mnist_classifier.pth\"),\n", " map_location=device,\n", ")\n", "\n", "# Insert the weights into the network.\n", "LENET5.load_state_dict(state_dict)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Fooling the Classifier with MAP-Elites\n", "\n", "In order to fool the classifier into seeing various digits, we use MAP-Elites. As we have 10 distinct digits (0-9), we have a discrete measure space with 10 values. Note that while pyribs is designed for continuous search spaces, the measure space can be either continuous or discrete.\n", "\n", "Our classifier outputs a log probability vector with its belief that it is seeing each digit. Thus, our objective for each digit is to maximize the probability that the classifier assigns to the image associated with it. For instance, for digit 5, we want to generate an image that makes the classifier believe with high probability that it is seeing a 5.\n", "\n", "In pyribs, we implement MAP-Elites with a [`GridArchive`](https://docs.pyribs.org/en/stable/api/ribs.archives.GridArchive.html) and a [`GaussianEmitter`](https://docs.pyribs.org/en/stable/api/ribs.emitters.GaussianEmitter.html). Below, we start by constructing the `GridArchive`. The archive has 10 cells and a range of (0,10). Since `GridArchive` was originally designed for continuous spaces, it does not directly support discrete spaces, but by using these settings, we have a cell for each digit from 0 to 9." ] }, { "cell_type": "code", "execution_count": 5, "metadata": {}, "outputs": [], "source": [ "from ribs.archives import GridArchive\n", "img_size = (28, 28)\n", "flat_img_size = 784 # 28 * 28\n", "\n", "archive = GridArchive(solution_dim=flat_img_size, dims=[10], ranges=[(0, 10)])" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Next, we use a single `GaussianEmitter` with batch size of 30. The emitter begins with an image filled with 0.5 (i.e. grey, since pixels are in the range $[0,1]$) and has $\\sigma = 0.5$." ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [], "source": [ "from ribs.emitters import GaussianEmitter\n", "\n", "emitters = [\n", " GaussianEmitter(\n", " archive,\n", " sigma=0.5,\n", " # Start with a grey image.\n", " x0=np.full(flat_img_size, 0.5),\n", " # Bound the generated images to the pixel range.\n", " bounds=[(0, 1)] * flat_img_size,\n", " batch_size=30,\n", " )\n", "]" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Finally, we construct the scheduler to connect the archive and emitter together." ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [], "source": [ "from ribs.schedulers import Scheduler\n", "\n", "scheduler = Scheduler(archive, emitters)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "With the components created, we now generate the images. As we use 1 emitter with batch size of 30 and run 30,000 iterations, we evaluate 900,000 images in total." ] }, { "cell_type": "code", "execution_count": 8, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Iterations: 100%|████████████████████████████████████████████████████████████████████████████████████████████████████| 30000/30000 [00:55<00:00, 539.24it/s]\n" ] } ], "source": [ "total_itrs = 30_000\n", "start_time = time.time()\n", "\n", "for itr in trange(1, total_itrs + 1, file=sys.stdout, desc='Iterations'):\n", " sols = scheduler.ask()\n", "\n", " with torch.no_grad():\n", " # Reshape and normalize the image and pass it through the network.\n", " imgs = sols.reshape((-1, 1, *img_size))\n", " imgs = (imgs - LENET5_MEAN_TRANSFORM) / LENET5_STD_DEV_TRANSFORM\n", " imgs = torch.tensor(imgs, dtype=torch.float32, device=device)\n", " output = LENET5(imgs)\n", "\n", " # The measures is the digit that the network believes it is seeing,\n", " # i.e. the digit with the maximum probability. The objective is the\n", " # probability associated with that digit.\n", " scores, predicted = torch.max(output.to(\"cpu\"), 1)\n", " scores = torch.exp(scores)\n", " objs = scores.numpy()\n", " meas = predicted.numpy()[:,None]\n", "\n", " scheduler.tell(objs, meas)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Below, we display the images found. Interestingly, though the images look mostly like noise, we can occasionally make out traces of the original digit. Note that MAP-Elites may not find images for all the digits, and this is mostly due to the small behavior space. Usually, QD algorithms run with fairly large behavior spaces. This is something to keep in mind when tuning QD algorithms." ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [ { "data": { "image/png": "\n", "text/plain": [ "
" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "fig, ax = plt.subplots(2, 5, figsize=(10, 4))\n", "fig.tight_layout()\n", "ax = ax.flatten()\n", "found = set()\n", "\n", "# Display images.\n", "for elite in archive:\n", " digit = elite[\"index\"]\n", " found.add(digit)\n", "\n", " # No need to normalize image because we want to see the original.\n", " ax[digit].imshow(elite[\"solution\"].reshape(28, 28), cmap=\"Greys\")\n", " ax[digit].set_axis_off()\n", " ax[digit].set_title(f\"{digit} | Score: {elite['objective']:.3f}\", pad=8)\n", "\n", "# Mark digits that we did not generate images for.\n", "for digit in range(10):\n", " if digit not in found:\n", " ax[digit].set_title(f\"{digit} | (no solution)\", pad=8)\n", " ax[digit].set_axis_off()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Conclusion\n", "\n", "In this tutorial, we used MAP-Elites to generate images that fool a LeNet-5 MNIST classifier. For further exploration, we recommend referring to [Nguyen 2015](http://anhnguyen.me/project/fooling/) and replicating or extending the other experiments described in the paper." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Citation\n", "\n", "If you find this tutorial useful, please cite it as:\n", "\n", "```text\n", "@article{pyribs_fooling_mnist,\n", " title = {Generating Images to Fool an MNIST Classifier},\n", " author = {Bryon Tjanaka and Matthew C. Fontaine and Stefanos Nikolaidis},\n", " journal = {pyribs.org},\n", " year = {2021},\n", " url = {https://docs.pyribs.org/en/stable/tutorials/fooling_mnist.html}\n", "}\n", "```" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.8.17" } }, "nbformat": 4, "nbformat_minor": 4 }