Loading pretrained models¶
The AttackModel¶
To launch any adversarial attack, you would need a model to attack.
torchattack provides a simple abstraction over both torchvision and timm models, to load pretrained image classification models on ImageNet.
First, import torch, import AttackModel from torchattack, and determine the device to use.
import torch
from torchattack import AttackModel
device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')
Pretrained models are loaded by its name¶
Contrary to torchvision.models, AttackModel loads a pretrained model by its name.
To load a ResNet-50 model for instance.
The AttackModel.from_pretrained() method does three things under the hood:
- It automatically loads the model from either
torchvision(by default) ortimm(if not found intorchvision). - It sets the model to evaluation mode by calling
model.eval(). - It resolves the model's
transformandnormalizefunctions associated with its pretrained weights to theAttackModelinstance. - And finally, it populates the resolved transformation attributes to the model's
metaattribute.
Doing so, we not only get our pretrained model set up, but also its necessary associated, and more importantly, separated transform and normalization functions(1).
- Separating the model's normalize function from its transform is crucial for launching attacks, as adversarial perturbation is crafted within the original image space — most often within
(0, 1).
>>> model.meta
AttackModelMeta(resize_size=232, crop_size=224, interpolation=<InterpolationMode.BILINEAR: 'bilinear'>, antialias=True, mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225])
Specifying the model source¶
AttackModel honors an explicit model source to load from, by prepending the model name with tv/ or timm/, for torchvision and timm respectively.
For instance, to load the ViT-B/16 model from timm.
To load the Inception-v3 model from torchvision.
Or, explicitly specify using timm as the source with from_timm=True.