Classifier.predict() says my pretrained and accurate model is inaccurate.

[dwight-nwaigwe]

Describe the bug

I included a code snippet. Basically, I use the example located at https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/examples/get_started_tensorflow.py, with some variations. Instead of training a model, I create my model and initialize with weights loaded from a pickle file. To verify my model works properly, I call classifier.predict(). Instead of getting a high percentage, i get 8%-10% accuracy, which is not in agreement with the test accuracy I find when I don't use classifier.predict(). For some reason unknown to me, classifier.predict() gives me numbers indicative of random guesses. I assume that my pretrained model is not correctly being read by the aversarial robustness toolbox framework.

To Reproduce

`
import tensorflow.compat.v1 as tf
import numpy as np
tf.compat.v1.disable_eager_execution()
#from tensorflow.compat.v1.keras.models import Model
import tensorflow.compat.v1.keras.layers
from tensorflow.compat.v1.keras.models import Sequential
from tensorflow.compat.v1.keras.layers import Dense, Dropout, Activation, Flatten
from art.estimators.classification import TensorFlowClassifier
from art.utils import load_mnist
import pickle

Step 1: Load the MNIST dataset

(x_train, y_train), (x_test, y_test), min_pixel_value, max_pixel_value = load_mnist()

load layer weights

with open('C:\Users\valentin\Desktop\my_name\file_adv.pkl', 'rb') as f:
lay_weights = pickle.load(f)

Step 2: Create the model

input_ph = tf.placeholder(tf.float32, shape=[None, 28, 28, 1])
labels_ph = tf.placeholder(tf.int32, shape=[None, 10])

model = Sequential()
model.add(Flatten(input_shape=(28, 28, 1)))
model.add(Activation('relu'))
model.add(Dense(300))
model.add(Activation('relu'))
model.add(Dense(200))
model.add(Activation('relu'))
model.add(Dense(150))
model.add(Activation('relu'))
model.add(Dense(150))
model.add(Activation('relu'))
model.add(Dense(100))
model.add(Activation('sigmoid'))
model.add(Dense(10))
model.layers[2].set_weights([lay_weights[0], lay_weights[1]])
model.layers[4].set_weights([lay_weights[2], lay_weights[3]])
model.layers[6].set_weights([lay_weights[4], lay_weights[5]])
model.layers[8].set_weights([lay_weights[6], lay_weights[7]])
model.layers[10].set_weights([lay_weights[8], lay_weights[9]])
model.layers[12].set_weights([lay_weights[10], lay_weights[11]])

#set logits equal to model output
logits=model(input_ph)

#check that my model is accurate
for ind in range(0,10):
x_sample1=x_test[ind,:,:,:]
x_sample1=np.expand_dims(x_sample1,0)
mod_output=model.predict(x_sample1)
print(np.argmax(mod_output))
print(np.argmax(y_test[ind]))

sess = tf.Session()
sess.run(tf.global_variables_initializer())

Step 3: Create the ART classifier

classifier = TensorFlowClassifier(
clip_values=(min_pixel_value, max_pixel_value),
input_ph=input_ph,
output=logits,
labels_ph=labels_ph,
learning=None,
sess=sess,
preprocessing_defences=[],
)

Step 5: Evaluate the ART classifier on benign test examples

predictions = classifier.predict(x_test)
accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on benign test examples: {}%".format(accuracy * 100))

`
Expected behavior
I expect classifier.predict() to report an accuracy (high 90th percentile) of my model that is in agreement with my other tests.

Screenshots
If applicable, add screenshots to help explain your problem.

System information (please complete the following information):

• Windows 10
• python 3.7.10
• ART version or commit number
• TensorFlow 2.1 and 2.4.1

[beat-buesser]

Hi @animalcroc Are you able to extend/modify this script to make correct predictions just with your model only?

[beat-buesser]

@animalcroc Ok, I see. Let me try out the weights you have shared. How did you get to the 97% accuracy reported earlier?

[dwight-nwaigwe]

@beat-buesser Whoops, i responded outside this thread.

[beat-buesser]

@animalcroc No problem, I'll continue responding in this thread.

[beat-buesser]

Hi @animalcroc It looks like you also need to set the weights again after creating the graph and running the global initialiser in the 2 lines after # New Addition: Update weights on graph:

import tensorflow.compat.v1 as tf
import numpy as np
tf.compat.v1.disable_eager_execution()
#from tensorflow.compat.v1.keras.models import Model
import tensorflow.compat.v1.keras.layers
from tensorflow.compat.v1.keras.models import Sequential
from tensorflow.compat.v1.keras.layers import Dense, Dropout, Activation, Flatten
from art.estimators.classification import TensorFlowClassifier
from art.utils import load_mnist
import pickle


# Step 1: Load the MNIST dataset

(x_train, y_train), (x_test, y_test), min_pixel_value, max_pixel_value = load_mnist()

# load layer weights
lay_weights = []
for i in range(12):
    lay_weights.append(np.load("/tmp/layer_weights/arr_" + str(i) + ".npy"))

    

# Step 2: Create the model
input_ph = tf.placeholder(tf.float32, shape=[None, 28, 28, 1])
labels_ph = tf.placeholder(tf.int32, shape=[None, 10])

model = Sequential()
model.add(Flatten(input_shape=(28, 28, 1)))
model.add(Activation('relu'))
model.add(Dense(300))
model.add(Activation('relu'))
model.add(Dense(200))
model.add(Activation('relu'))
model.add(Dense(150))
model.add(Activation('relu'))
model.add(Dense(150))
model.add(Activation('relu'))
model.add(Dense(100))
model.add(Activation('sigmoid'))
model.add(Dense(10))
model.layers[2].set_weights([lay_weights[0], lay_weights[1]])
model.layers[4].set_weights([lay_weights[2], lay_weights[3]])
model.layers[6].set_weights([lay_weights[4], lay_weights[5]])
model.layers[8].set_weights([lay_weights[6], lay_weights[7]])
model.layers[10].set_weights([lay_weights[8], lay_weights[9]])
model.layers[12].set_weights([lay_weights[10], lay_weights[11]])

#set logits equal to model output
logits=model(input_ph)

#check that my model is accurate
for ind in range(0,10):
    x_sample1=x_test[ind,:,:,:]
    x_sample1=np.expand_dims(x_sample1,0)
    mod_output=model.predict(x_sample1)
    print(np.argmax(mod_output), np.argmax(y_test[ind]))

sess = tf.Session()
sess.run(tf.global_variables_initializer())

# New Addition: Update weights on graph
update_ops = [tf.assign(to_var, from_var) for to_var, from_var in zip(model.trainable_weights, lay_weights)]
sess.run(update_ops)

# Step 3: Create the ART classifier

classifier = TensorFlowClassifier(
    clip_values=(min_pixel_value, max_pixel_value),
    input_ph=input_ph,
    output=logits,
    labels_ph=labels_ph,
    learning=None,
    sess=sess,
    preprocessing_defences=[],
)

# Step 5: Evaluate the ART classifier on benign test examples
predictions = classifier.predict(x_test)
accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on benign test examples: {}%".format(accuracy * 100))

[dwight-nwaigwe]

@beat-buesser Great, thanks for the fix.

[dwight-nwaigwe]

ART_error_pretrained.txt
I attached a text file with my code. Hopefully it's easier to read than the inline code I pasted in my initial post. The 97% accuracy is an estimate based on the number of times the model output matches the test output (you can also see this in my attached code). For your convenience, i repaste it here inline:

#check that my model is accurate for ind in range(0,10): x_sample1=x_test[ind,:,:,:] x_sample1=np.expand_dims(x_sample1,0) mod_output=model.predict(x_sample1) print(np.argmax(mod_output)) print(np.argmax(y_test[ind]))