Implementing Attacker class

[rajaswa]

• An attacker should take the pre-trained model, original dataset, adversarial dataset (made with transforms), and a list of criteria to monitor (like accuracy, loss, etc) [All the entities in PyTorch]
• The attacker should have a method .attack(), when called, the model shall run inference over each sample from the given dataset and its adversarial counterpart in the adversarial dataset.
• Finally giving out things like the performance difference due to the attacks, worst hit attacks, best hit attacks etc (in terms of given criteria)

[abheesht17]

Sounds interesting 🤩

[rajaswa]

The ultimate usage can be something like this:

from decepticonlp import attacker
from deceptionlp.transforms import transforms
import torch
from torch.uitls.data import Dataset

#define adversarial transforms
tfms = transforms.Compose(
        [
            transforms.AddChar(),
            transforms.ShuffleChar("RandomWordExtractor", True),
            transforms.VisuallySimilarChar(),
            transforms.TypoChar("RandomWordExtractor", probability=0.5),
        ]
    )

#Original dataset
class IMDB_Dataset(Dataset):
    def __init__(self):
        #some code

    def _len__(self):
        #some code

    def __getitem__(self, idx):
        text = data['review_text'][idx]    #get text from sample
        embeddings = getWordEmbeddings(text)    #convert to sequence of word embeddings
        label = torch.tensor(data['sentiment'][idx])    #sentiment label
        return embeddings, label

#Adversarial dataset
class IMDB_Adversarial_Dataset(Dataset):
    def __init__(self):
        #some code

    def _len__(self):
        #some code

    def __getitem__(self, idx):
        text = data['review_text'][idx]    #get text from sample
        adversarial_text = tfms(text)    #apply adversarial transform
        embeddings = getWordEmbeddings(adversarial_text)    #convert to sequence of word embeddings
        label = torch.tensor(data['sentiment'][idx])    #sentiment label
        return embeddings, label

#Load pre-trained model
imdb_classifier = torch.load("IMDB_Classifier.pth")
imdb_classifier.eval()

#Set up the attacker
IMDB_attacker = attacker()
IMDB_attacker.model = imdb_classifier
IMDB_attacker.dataset = IMDB_Dataset()
IMDB_attacker.adversarial_dataset = IMDB_Adversarial_Dataset()
IMDB_attacker.criterion = ['accuracy', 'F1', 'BCELoss']

#Attack and get logs
IMDB_attacker.attack()
IMDB_attacker.get_crtierion_logs()
IMDB_attacker.show_best_attacks()
IMDB_attacker.show_worst_attacks()

#Maybe more functionalities?

[rajaswa]

This shall be a multi-step process, avoid limiting yourself to the above mentioned example functionalities and please feel free to discuss more functionalities.

[Sharad24]

Looks pretty good! Can think of integration with this https://github.com/huggingface/nlp <https://github.com/huggingface/nlp> as well.

…

On 21-May-2020, at 5:17 PM, Rajaswa Patil ***@***.***> wrote: The ultimate usage can be something like this: from decepticonlp import attacker from deceptionlp.transforms import transforms import torch from torch.uitls.data import Dataset #define adversarial transforms tfms = transforms.Compose( [ transforms.AddChar(), transforms.ShuffleChar("RandomWordExtractor", True), transforms.VisuallySimilarChar(), transforms.TypoChar("RandomWordExtractor", probability=0.5), ] ) #Original dataset class IMDB_Dataset(Dataset): def __init__(self): #some code def _len__(self): #some code def __getitem__(self, idx): text = data['review_text'][idx] #get text from sample embeddings = getWordEmbeddings(text) #convert to sequence of word embeddings label = torch.tensor(data['sentiment'][idx]) #sentiment label return embeddings, label #Adversarial dataset class IMDB_Adversarial_Dataset(Dataset): def __init__(self): #some code def _len__(self): #some code def __getitem__(self, idx): text = data['review_text'][idx] #get text from sample adversarial_text = tfms(text) #apply adversarial transform embeddings = getWordEmbeddings(adversarial_text) #convert to sequence of word embeddings label = torch.tensor(data['sentiment'][idx]) #sentiment label return embeddings, label #Load pre-trained model imdb_classifier = torch.load("IMDB_Classifier.pth") imdb_classifier.eval() #Set up the attacker IMDB_attacker = attacker() IMDB_attacker.model = imdb_classifier IMDB_attacker.dataset = IMDB_Dataset() IMDB_attacker.adversarial_dataset = IMDB_Adversarial_Dataset() IMDB_attacker.criterion = ['accuracy', 'F1', 'BCELoss'] #Attack and get logs IMDB_attacker.attack() IMDB_attacker.get_crtierion_logs() IMDB_attacker.show_best_attacks() IMDB_attacker.show_worst_attacks() #Maybe more functionalities? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#70 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AH72FJ4QABLTN23HJ6NFQTDRSUIDZANCNFSM4NGYMAWA>.

[abheesht17]

Maybe we can add functionality to draw graphs as well for loss, accuracy, etc. for both the original dataset and the adversarial dataset. More of a utility function rather than a necessary one though.

[Sharad24]

Would be helpful although if we’re doing that then a logger (Tensorboard, etc) would be much better.

…

On 21-May-2020, at 5:31 PM, abheesht17 ***@***.***> wrote: Maybe we can add functionality to draw graphs as well for loss, accuracy, etc. for both the original dataset and the adversarial dataset. More of a utility function rather than a necessary one though. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#70 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AH72FJYG6I7JCHFJZJZVKFLRSUJ2VANCNFSM4NGYMAWA>.

[rajaswa]

Which one seems the better option:

1. Implement everything in crude way as shown in example above and then added logger, huggingface/nlp and other enhancements slowly over time
2. Start implementation with all these things taken into consideration beforehand

[Sharad24]

To me, definitely point 1

[Sharad24]

You can make a checklist here maybe with the suggestions here to keep track of the enhancements.

[parantak]

I am not sure if this would be feasible but introducing an option for the different available embeddings could be done. The attacker should have an option, if possible, depending on his model.

[abheesht17]

The user will define it himself in his Dataset class; we don't have to bother about which embedding he has used.

[abheesht17]

What should I check in the test function of the Attacker class?