def get_vanilla_model(x_train, y_train, batch_norm=False):
m = Sequential()
m.add(Conv2D(64, (3, 3), padding='valid', input_shape=(28, 28, 1)))
m.add(Activation('relu'))
if (batch_norm):
m.add(BatchNormalization())
m.add(Conv2D(64, (3, 3)))
m.add(Activation('relu'))
if (batch_norm):
m.add(BatchNormalization())
m.add(MaxPooling2D(pool_size=(2, 2)))
m.add(Dropout(0.5))
m.add(Flatten())
m.add(Dense(128))
m.add(Activation('relu'))
if (batch_norm):
m.add(BatchNormalization())
m.add(Dropout(0.5))
m.add(Dense(10))
m.add(Activation('softmax'))
m.compile(loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy'])
c = KerasClassifier(model=m)
c.fit(x_train, y_train, nb_epochs=50, batch_size=128)
return c
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Get MNIST
(x_train, y_train), (x_test, _) = self.mnist
# Create simple CNN
model = Sequential()
model.add(
Conv2D(4,
kernel_size=(5, 5),
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2)
# Attack
# import time
nf = NewtonFool(krc, max_iter=5)
# print("Test Keras....")
# starttime = time.clock()
# x_test_adv = nf.generate(x_test, batch_size=1)
# endtime = time.clock()
# print(1, endtime - starttime)
# starttime = time.clock()
# x_test_adv = nf.generate(x_test, batch_size=10)
# endtime = time.clock()
# print(10, endtime - starttime)
# starttime = time.clock()
x_test_adv = nf.generate(x_test, batch_size=100)
# endtime = time.clock()
# print(100, endtime - starttime)
#
# starttime = time.clock()
# x_test_adv = nf.generate(x_test, batch_size=1000)
# endtime = time.clock()
# print(1000, endtime - starttime)
self.assertFalse((x_test == x_test_adv).all())
y_pred = krc.predict(x_test)
y_pred_adv = krc.predict(x_test_adv)
y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred
y_pred_max = y_pred.max(axis=1)
y_pred_adv_max = y_pred_adv[y_pred_bool]
self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def adversarial_training(self):
# Data augmentation: expand the training set with the adversarial samples
x_train = np.append(self.x_train, self.adv_train, axis=0)
y_train = np.append(self.y_train, self.y_train, axis=0)
# Retrain the CNN on the extended dataset
classifier = KerasClassifier((min_, max_), model=model)
classifier.fit(x_train, y_train, nb_epochs=5, batch_size=50)
with open(out_file, 'a+') as f:
preds = np.argmax(classifier.predict(x_train), axis=1)
acc = np.sum(
preds == np.argmax(y_train, axis=1)) / y_train.shape[0]
print("TRAIN: %.2f%% \n" % (acc * 100), file=f)
preds = np.argmax(classifier.predict(self.adv_train), axis=1)
acc = np.sum(
preds == np.argmax(y_train, axis=1)) / y_train.shape[0]
print("TRAIN-ADVERSARY: %.2f%% \n" % (acc * 100), file=f)
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("TEST: %.2f%% \n" % (acc * 100), file=f)
preds = np.argmax(classifier.predict(self.adv_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print('TEST-ADVERSARY: %.2f%% \n' % (acc * 100), file=f)
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Initialize a tf session
session = tf.Session()
k.set_session(session)
# Get MNIST
(x_train, y_train), (x_test, y_test) = self.mnist
# Create simple CNN
model = Sequential()
model.add(Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=10)
# First attack
ead = ElasticNet(classifier=krc, targeted=True, max_iter=2)
params = {'y': random_targets(y_test, krc.nb_classes)}
x_test_adv = ead.generate(x_test, **params)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv <= 1.0001).all())
self.assertTrue((x_test_adv >= -0.0001).all())
target = np.argmax(params['y'], axis=1)
y_pred_adv = np.argmax(krc.predict(x_test_adv), axis=1)
logger.debug('EAD Target: %s', target)
logger.debug('EAD Actual: %s', y_pred_adv)
logger.info('EAD Success Rate: %.2f', (sum(target == y_pred_adv) / float(len(target))))
self.assertTrue((target == y_pred_adv).any())
# Second attack
ead = ElasticNet(classifier=krc, targeted=False, max_iter=2)
params = {'y': random_targets(y_test, krc.nb_classes)}
x_test_adv = ead.generate(x_test, **params)
self.assertTrue((x_test_adv <= 1.0001).all())
self.assertTrue((x_test_adv >= -0.0001).all())
target = np.argmax(params['y'], axis=1)
y_pred_adv = np.argmax(krc.predict(x_test_adv), axis=1)
logger.debug('EAD Target: %s', target)
logger.debug('EAD Actual: %s', y_pred_adv)
logger.info('EAD Success Rate: %.2f', (sum(target != y_pred_adv) / float(len(target))))
self.assertTrue((target != y_pred_adv).any())
# Kill Keras
k.clear_session()
def test_krclassifier(self):
"""
Test with a KerasClassifier.
:return:
"""
# Initialize a tf session
session = tf.Session()
k.set_session(session)
# Get MNIST
(x_train, y_train), (x_test, y_test) = self.mnist
# Create simple CNN
model = Sequential()
model.add(
Conv2D(4,
kernel_size=(5, 5),
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=10)
# First attack (without EoT):
fgsm = FastGradientMethod(classifier=krc, targeted=True)
params = {'y': random_targets(y_test, krc.nb_classes)}
x_test_adv = fgsm.generate(x_test, **params)
# Second attack (with EoT):
def t(x):
return x
def transformation():
while True:
yield t
eot = ExpectationOverTransformations(sample_size=1,
transformation=transformation)
fgsm_with_eot = FastGradientMethod(classifier=krc,
expectation=eot,
targeted=True)
self.assertFalse(fgsm_with_eot.expectation is None)
x_test_adv_with_eot = fgsm_with_eot.generate(x_test, **params)
self.assertTrue(
(np.abs(x_test_adv - x_test_adv_with_eot) < 0.001).all())
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Initialize a tf session
session = tf.Session()
k.set_session(session)
# Get MNIST
(x_train, y_train), (x_test, y_test) = self.mnist
# Create simple CNN
model = Sequential()
model.add(
Conv2D(4,
kernel_size=(5, 5),
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2)
# Attack
attack_params = {
"max_translation": 10.0,
"num_translations": 3,
"max_rotation": 30.0,
"num_rotations": 3
}
attack_st = SpatialTransformation(krc)
x_train_adv = attack_st.generate(x_train, **attack_params)
self.assertTrue(abs(x_train_adv[0, 8, 13, 0] - 0.8066048) <= 0.01)
self.assertTrue(abs(attack_st.fooling_rate - 0.923) <= 0.01)
self.assertTrue(attack_st.attack_trans_x == -3)
self.assertTrue(attack_st.attack_trans_y == -3)
self.assertTrue(attack_st.attack_rot == -30.0)
x_test_adv = attack_st.generate(x_test)
self.assertTrue(abs(x_test_adv[0, 14, 14, 0] - 0.6941315) <= 0.01)
k.clear_session()
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Initialize a tf session
session = tf.Session()
k.set_session(session)
# Get MNIST
(x_train, y_train), (x_test, y_test) = self.mnist
# Create simple CNN
model = Sequential()
model.add(
Conv2D(4,
kernel_size=(5, 5),
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2)
# Attack
attack_params = {
"max_iter": 1,
"attacker": "ead",
"attacker_params": {
"max_iter": 5,
"targeted": False
}
}
up = UniversalPerturbation(krc)
x_train_adv = up.generate(x_train, **attack_params)
self.assertTrue((up.fooling_rate >= 0.2) or not up.converged)
x_test_adv = x_test + up.v
self.assertFalse((x_test == x_test_adv).all())
train_y_pred = np.argmax(krc.predict(x_train_adv), axis=1)
test_y_pred = np.argmax(krc.predict(x_test_adv), axis=1)
self.assertFalse((np.argmax(y_test, axis=1) == test_y_pred).all())
self.assertFalse((np.argmax(y_train, axis=1) == train_y_pred).all())
def test_fit(self):
labels = np.argmax(self.mnist[1][1], axis=1)
classifier = KerasClassifier((0, 1),
self.model_mnist,
use_logits=False)
acc = np.sum(
np.argmax(classifier.predict(self.mnist[1][0]), axis=1) ==
labels) / NB_TEST
print("\nAccuracy: %.2f%%" % (acc * 100))
classifier.fit(self.mnist[0][0],
self.mnist[0][1],
batch_size=BATCH_SIZE,
nb_epochs=5)
acc2 = np.sum(
np.argmax(classifier.predict(self.mnist[1][0]), axis=1) ==
labels) / NB_TEST
print("\nAccuracy: %.2f%%" % (acc2 * 100))
self.assertTrue(acc2 >= acc)
def _test_fit(self, custom_activation=False):
labels = np.argmax(self.mnist[1][1], axis=1)
classifier = KerasClassifier((0, 1),
self.model_mnist,
use_logits=False,
custom_activation=custom_activation)
acc = np.sum(
np.argmax(classifier.predict(self.mnist[1][0]), axis=1) ==
labels) / NB_TEST
logger.info('Accuracy: %.2f%%', (acc * 100))
classifier.fit(self.mnist[0][0],
self.mnist[0][1],
batch_size=BATCH_SIZE,
nb_epochs=2)
acc2 = np.sum(
np.argmax(classifier.predict(self.mnist[1][0]), axis=1) ==
labels) / NB_TEST
logger.info('Accuracy: %.2f%%', (acc2 * 100))
self.assertTrue(acc2 >= .9 * acc)
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Get MNIST
batch_size, nb_train, nb_test = 100, 1000, 10
(x_train, y_train), (x_test, y_test), _, _ = load_mnist()
x_train, y_train = x_train[:nb_train], y_train[:nb_train]
x_test, y_test = x_test[:nb_test], y_test[:nb_test]
# Create simple CNN
model = Sequential()
model.add(Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01),
metrics=['accuracy'])
# Get classifier
krc = KerasClassifier((0, 1), model, use_logits=False)
krc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=2)
# Attack
nf = NewtonFool(krc)
nf.set_params(max_iter=5)
x_test_adv = nf.generate(x_test)
self.assertFalse((x_test == x_test_adv).all())
y_pred = krc.predict(x_test)
y_pred_adv = krc.predict(x_test_adv)
y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred
y_pred_max = y_pred.max(axis=1)
y_pred_adv_max = y_pred_adv[y_pred_bool]
self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def Model1(input_tensor=None,
train=False,
model_name="model",
backdoor_type="pixel",
sources=np.arange(10),
targets=(np.arange(10) + 1) % 10):
nb_classes = 10
# convolution kernel size
kernel_size = (5, 5)
if train:
batch_size = 256
nb_epoch = 10
# input image dimensions
img_rows, img_cols = 28, 28
# the data, shuffled and split between train and test sets
# (x_train, y_train), (x_test, y_test) = mnist.load_data()
(x_train, y_train), (x_test,
y_test), (min_, max_), is_poison_test = load_data(
backdoor_type=backdoor_type,
sources=sources,
targets=targets)
print(x_train.shape)
x_train = x_train.reshape(x_train.shape[0], img_rows, img_cols, 1)
x_test = x_test.reshape(x_test.shape[0], img_rows, img_cols, 1)
input_shape = (img_rows, img_cols, 1)
x_train = x_train.astype('float32')
x_test = x_test.astype('float32')
x_train /= 255
x_test /= 255
# convert class vectors to binary class matrices
y_train = to_categorical(y_train, nb_classes)
y_test = to_categorical(y_test, nb_classes)
input_tensor = Input(shape=input_shape)
elif input_tensor is None:
print('you have to proved input_tensor when testing')
exit()
# block1
# print("in Model1 input_tensor = ",input_tensor)
x = Convolution2D(4,
kernel_size,
activation='relu',
padding='same',
name='block1_conv1')(input_tensor)
# print("in Model1 x = ", x)
x = MaxPooling2D(pool_size=(2, 2), name='block1_pool1')(x)
# block2
x = Convolution2D(12,
kernel_size,
activation='relu',
padding='same',
name='block2_conv1')(x)
x = MaxPooling2D(pool_size=(2, 2), name='block2_pool1')(x)
x = Flatten(name='flatten')(x)
x = Dense(nb_classes, name='before_softmax')(x)
x = Activation('softmax', name='predictions')(x)
model = Model(input_tensor, x)
if train:
# # compiling
# model.compile(loss='categorical_crossentropy', optimizer='adadelta', metrics=['accuracy'])
#
# # trainig
# model.fit(x_train, y_train, validation_data=(x_test, y_test), batch_size=batch_size, epochs=nb_epoch, verbose=1)
# # save model
# model.save_weights('./models/{0}.h5'.format(model_name))
# score = model.evaluate(x_test, y_test, verbose=0)
# print('\n')
# print('Overall Test score:', score[0])
# print('Overall Test accuracy:', score[1])
model.compile(loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy'])
classifier = KerasClassifier(model=model, clip_values=(min_, max_))
classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128)
results = open("./models/{0}.txt".format(model_name), "w")
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
results.write("\nTest accuracy: %.2f%%" % (acc * 100))
# Evaluate the classifier on poisonous data
preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1)
acc = np.sum(preds == np.argmax(
y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0]
results.write(
"\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%"
% (acc * 100))
# Evaluate the classifier on clean data
preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]),
axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1)
) / y_test[is_poison_test == 0].shape[0]
results.write("\nClean test set accuracy: %.2f%%" % (acc * 100))
results.close()
# serialize model to JSON
# model_json = model.to_json()
# with open("./models/{0}.json".format(model_name), "w") as json_file:
# json_file.write(model_json)
# serialize weights to HDF5
model.save_weights("./models/{0}.h5".format(model_name))
print("Saved model to disk")
else:
model.load_weights('./models/{0}.h5'.format(model_name))
print('Model1 loaded')
# K.clear_session()
return model
im_shape = x_train[0].shape
# Create Keras convolutional neural network
model = Sequential()
model.add(Conv2D(32, (3, 3), padding='same', input_shape=x_train.shape[1:]))
model.add(Activation('relu'))
model.add(Conv2D(32, (3, 3)))
model.add(Activation('relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Conv2D(64, (3, 3), padding='same'))
model.add(Activation('relu'))
model.add(Conv2D(64, (3, 3)))
model.add(Activation('relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(512))
model.add(Activation('relu'))
model.add(Dropout(0.5))
model.add(Dense(10))
model.add(Activation('softmax'))
model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy'])
classifier = KerasClassifier(model=model, clip_values=(min_, max_))
classifier.fit(x_train, y_train, nb_epochs=10, batch_size=64)
#classifier.save('cnn_mnist.model')
def main(args):
logging.info('brokers={}'.format(args.brokers))
logging.info('readtopic={}'.format(args.readtopic))
logging.info('creating kafka consumer')
consumer = KafkaConsumer(
args.readtopic,
bootstrap_servers=args.brokers,
value_deserializer=lambda val: loads(val.decode('utf-8')))
logging.info("finished creating kafka consumer")
if args.dbxtoken != '':
dbx = dropbox.Dropbox(args.dbxtoken)
else:
dbx = None
logging.info('No Dropbox token provided')
while True:
for message in consumer:
if (message.value['status']
== 'Ready') and (message.value['modelurl']):
logging.info('Received {}'.format(message.value))
(X_train, y_train), (X_test, y_test) = cifar10.load_data()
X_train = X_train.reshape(X_train.shape[0], 32, 32,
3).astype('float32')
X_test = X_test.reshape(X_test.shape[0], 32, 32,
3).astype('float32')
y_train = to_categorical(y_train, 10)
y_test = to_categorical(y_test, 10)
modelurl = message.value['modelurl']
logging.info('model={}'.format(modelurl))
model_filename = 'base_model.h5'
location = os.path.join(ART_DATA_PATH, model_filename)
try:
os.remove(location)
except OSError as error:
pass
path = get_file(model_filename,
extract=False,
path=ART_DATA_PATH,
url=modelurl)
kmodel = load_model(path)
model = KerasClassifier(
kmodel,
use_logits=False,
clip_values=[float(args.min),
float(args.max)])
logging.info('finished acquiring model')
imagefiles = dbx.files_list_folder('/images')
adversaries = False
for dbximage in imagefiles.entries:
filepath = '/images/' + dbximage.name
filename = dbximage.name
label = filename.split('_')[-3]
response = dbx.files_download(filepath)[1]
img = Image.open(BytesIO(response.content))
logging.info('downloaded file {}'.format(dbximage.name))
image = np.array(img.getdata()).reshape(
1, img.size[0], img.size[1], 3).astype('float32')
if adversaries is False:
X_adv = image
y_adv = [label]
adversaries = True
else:
X_adv = np.append(X_adv, image, axis=0)
y_adv = np.append(y_adv, [label], axis=0)
y_adv = to_categorical(y_adv, 10)
X_train = np.append(X_train, X_adv, axis=0)
y_train = np.append(y_train, y_adv, axis=0)
if args.testmode == '0':
model.fit(X_train, y_train, nb_epochs=83,
batch_size=50) # Per ART 360 example
else:
model.fit(X_train, y_train, nb_epochs=1,
batch_size=50) # Testing only
model_basename = model_filename.split('.')[0]
adv_model_name = model_basename + '_adv'
adv_model_filename = adv_model_name + '.h5'
model.save(adv_model_filename)
outfilename = '/models/{}'.format(adv_model_filename)
adv_model_fullpath = '/opt/app-root/src/.art/data/' + adv_model_filename
mfile = open(adv_model_fullpath, 'rb')
dbx.files_upload(f=mfile.read(),
path=outfilename,
mode=dropbox.files.WriteMode(
'overwrite', None))
mfile.close()
share_link = dbx.sharing_create_shared_link_with_settings(
outfilename)
conn = psycopg2.connect(host=args.dbhost,
port=5432,
dbname=args.dbname,
user=args.dbusername,
password=args.dbpassword)
cur = conn.cursor()
query = 'INSERT into models(URL, FILENAME, MODELNAME) VALUES(%s, %s, %s)'
cur.execute(query,
(share_link, adv_model_filename, adv_model_name))
conn.commit()
logging.info('updated database with new model')
cur.close()
conn.close()
model.add(Activation('relu'))
model.add(MaxPooling2D(pool_size=(2, 2),strides=(2, 2),padding='same'))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(16))
model.add(Activation('relu'))
model.add(Dropout(0.5))
model.add(Dense(2))
model.add(Activation('sigmoid'))
model.compile(loss='binary_crossentropy', optimizer='adam', metrics=['accuracy'])
# Create classifier wrapper
classifier = KerasClassifier(model=model, clip_values=(min_, max_))
classifier.fit(x_train, y_train, nb_epochs=100, batch_size=20,callbacks=[TensorBoard(log_dir='D:\BSWJ\logs')])
y_pred=model.predict(x_train, batch_size=20)#此处传入的X_test和Input层的内容一致,要是多个Input(),就传个列表,和model.fit传入的参数一致(不传y_test)
for i in range(len(y_pred)):
max_value=max(y_pred[i])
for j in range(len(y_pred[i])):
if max_value==y_pred[i][j]:
y_pred[i][j]=1
else:
y_pred[i][j]=0
print(classification_report(y_train, y_pred))
# Craft adversarial samples with DeepFool
logger.info('Create DeepFool attack')
adv_crafter = DeepFool(classifier)
def main():
# Read MNIST dataset (x_raw contains the original images):
(x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True)
n_train = np.shape(x_raw)[0]
num_selection = 5000
random_selection_indices = np.random.choice(n_train, num_selection)
x_raw = x_raw[random_selection_indices]
y_raw = y_raw[random_selection_indices]
# Poison training data
perc_poison = 0.33
(is_poison_train, x_poisoned_raw,
y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison)
x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw)
# Add channel axis:
x_train = np.expand_dims(x_train, axis=3)
# Poison test data
(is_poison_test, x_poisoned_raw_test,
y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test,
perc_poison)
x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test)
# Add channel axis:
x_test = np.expand_dims(x_test, axis=3)
# Shuffle training data so poison is not together
n_train = np.shape(y_train)[0]
shuffled_indices = np.arange(n_train)
np.random.shuffle(shuffled_indices)
x_train = x_train[shuffled_indices]
y_train = y_train[shuffled_indices]
is_poison_train = is_poison_train[shuffled_indices]
# Create Keras convolutional neural network - basic architecture from Keras examples
# Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py
model = Sequential()
model.add(
Conv2D(32,
kernel_size=(3, 3),
activation="relu",
input_shape=x_train.shape[1:]))
model.add(Conv2D(64, (3, 3), activation="relu"))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(128, activation="relu"))
model.add(Dropout(0.5))
model.add(Dense(10, activation="softmax"))
model.compile(loss="categorical_crossentropy",
optimizer="adam",
metrics=["accuracy"])
classifier = KerasClassifier(model=model, clip_values=(min_, max_))
classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128)
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("\nTest accuracy: %.2f%%" % (acc * 100))
# Evaluate the classifier on poisonous data
preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test],
axis=1)) / y_test[is_poison_test].shape[0]
print(
"\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%"
% (acc * 100))
# Evaluate the classifier on clean data
preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1)
acc = np.sum(preds == np.argmax(y_test[
is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0]
print("\nClean test set accuracy: %.2f%%" % (acc * 100))
# Calling poisoning defence:
defence = ActivationDefence(classifier, x_train, y_train)
# End-to-end method:
print("------------------- Results using size metric -------------------")
print(defence.get_params())
defence.detect_poison(nb_clusters=2, nb_dims=10, reduce="PCA")
# Evaluate method when ground truth is known:
is_clean = is_poison_train == 0
confusion_matrix = defence.evaluate_defence(is_clean)
print("Evaluation defence results for size-based metric: ")
jsonObject = json.loads(confusion_matrix)
for label in jsonObject:
print(label)
pprint.pprint(jsonObject[label])
# Visualize clusters:
print("Visualize clusters")
sprites_by_class = defence.visualize_clusters(x_train, "mnist_poison_demo")
# Show plots for clusters of class 5
n_class = 5
try:
import matplotlib.pyplot as plt
plt.imshow(sprites_by_class[n_class][0])
plt.title("Class " + str(n_class) + " cluster: 0")
plt.show()
plt.imshow(sprites_by_class[n_class][1])
plt.title("Class " + str(n_class) + " cluster: 1")
plt.show()
except ImportError:
print(
"matplotlib not installed. For this reason, cluster visualization was not displayed"
)
# Try again using distance analysis this time:
print(
"------------------- Results using distance metric -------------------"
)
print(defence.get_params())
defence.detect_poison(nb_clusters=2,
nb_dims=10,
reduce="PCA",
cluster_analysis="distance")
confusion_matrix = defence.evaluate_defence(is_clean)
print("Evaluation defence results for distance-based metric: ")
jsonObject = json.loads(confusion_matrix)
for label in jsonObject:
print(label)
pprint.pprint(jsonObject[label])
# Other ways to invoke the defence:
kwargs = {"nb_clusters": 2, "nb_dims": 10, "reduce": "PCA"}
defence.cluster_activations(**kwargs)
kwargs = {"cluster_analysis": "distance"}
defence.analyze_clusters(**kwargs)
defence.evaluate_defence(is_clean)
kwargs = {"cluster_analysis": "smaller"}
defence.analyze_clusters(**kwargs)
defence.evaluate_defence(is_clean)
print("done :) ")
attack = ProjectedGradientDescent(robust_cnn,
norm=np.inf,
eps=0.03,
eps_step=0.007,
max_iter=40)
x_adv = attack.generate(x=x_train)
print("------Training Robust Model------")
x_train_final = np.append(x_train, x_adv, axis=0)
y_train_final = np.append(y_train, y_train, axis=0)
if not os.path.isfile('robust_model.h5'):
print(x_adv.shape, y_train.shape, x_train_final.shape,
y_train_final.shape, x_train.shape)
robust_model = robust_cnn.fit(x_train_final,
y_train_final,
nb_epochs=1,
batch_size=128)
robust_cnn.save('robust_model.h5')
else:
cnn.load_weights('robust_model.h5')
print("Loaded Robust model")
print("------Evaluating robust classifier-----")
accuracy = np.sum(np.argmax(predict, axis=1) == y_test) / len(y_test)
print('Accuracy on benign test examples: {:.3f}%'.format(accuracy * 100))
x_example = x_test[example]
# Generate adversarial test examples
# Evaluate the ART classifier on adversarial test examples
print("*" * 100)
attack = FastGradientMethod(classifier=robust_cnn, eps=0.03)
def main():
# Read MNIST dataset (x_raw contains the original images):
(x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True)
n_train = np.shape(x_raw)[0]
num_selection = 5000
random_selection_indices = np.random.choice(n_train, num_selection)
x_raw = x_raw[random_selection_indices]
y_raw = y_raw[random_selection_indices]
# Poison training data
perc_poison = .33
(is_poison_train, x_poisoned_raw, y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison)
x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw)
# Add channel axis:
x_train = np.expand_dims(x_train, axis=3)
# Poison test data
(is_poison_test, x_poisoned_raw_test, y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test, perc_poison)
x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test)
# Add channel axis:
x_test = np.expand_dims(x_test, axis=3)
# Shuffle training data so poison is not together
n_train = np.shape(y_train)[0]
shuffled_indices = np.arange(n_train)
np.random.shuffle(shuffled_indices)
x_train = x_train[shuffled_indices]
y_train = y_train[shuffled_indices]
is_poison_train = is_poison_train[shuffled_indices]
# Create Keras convolutional neural network - basic architecture from Keras examples
# Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py
k.set_learning_phase(1)
model = Sequential()
model.add(Conv2D(32, kernel_size=(3, 3), activation='relu', input_shape=x_train.shape[1:]))
model.add(Conv2D(64, (3, 3), activation='relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(128, activation='relu'))
model.add(Dropout(0.5))
model.add(Dense(10, activation='softmax'))
model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy'])
classifier = KerasClassifier((min_, max_), model=model)
classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128)
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("\nTest accuracy: %.2f%%" % (acc * 100))
# Evaluate the classifier on poisonous data
preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0]
print("\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100))
# Evaluate the classifier on clean data
preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0]
print("\nClean test set accuracy: %.2f%%" % (acc * 100))
# Calling poisoning defence:
defence = ActivationDefence(classifier, x_train, y_train, verbose=True)
# End-to-end method:
print("------------------- Results using size metric -------------------")
print(defence.get_params())
defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA")
# Evaluate method when ground truth is known:
is_clean = (is_poison_train == 0)
confusion_matrix = defence.evaluate_defence(is_clean)
print("Evaluation defence results for size-based metric: ")
pprint.pprint(confusion_matrix)
# Visualize clusters:
print("Visualize clusters")
defence.visualize_clusters(x_train, 'mnist_poison_demo')
# Try again using distance analysis this time:
print("------------------- Results using distance metric -------------------")
print(defence.get_params())
defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA", cluster_analysis='distance')
confusion_matrix = defence.evaluate_defence(is_clean)
print("Evaluation defence results for distance-based metric: ")
pprint.pprint(confusion_matrix)
# Other ways to invoke the defence:
defence.cluster_activations(n_clusters=2, ndims=10, reduce='PCA')
defence.analyze_clusters(cluster_analysis='distance')
defence.evaluate_defence(is_clean)
defence.analyze_clusters(cluster_analysis='smaller')
defence.evaluate_defence(is_clean)
print("done :) ")
import warnings
warnings.filterwarnings('ignore')
from tensorflow.keras.models import Sequential
from tensorflow.keras.layers import Dense, Conv2D, BatchNormalization, Dropout, MaxPool2D, Input, Softmax, Activation, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.preprocessing.image import ImageDataGenerator
from tensorflow.keras.layers import MaxPooling2D
from tensorflow.keras.utils import to_categorical
classifier = KerasClassifier(model=model,
clip_values=(1, 100),
use_logits=False)
classifier.fit(X_train, y_train, batch_size=64, nb_epochs=3)
predictions = classifier.predict(X_val)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_val, axis=1)) / len(y_val)
print('Accuracy on benign test examples: {}%'.format(accuracy * 100))
#Generate adversarial test examples
attack = FastGradientMethod(classifier=classifier, eps=0.2)
x_test_adv = attack.generate(x=X_val)
#Evaluate the ART classifier on adversarial test examples
predictions = classifier.predict(x_test_adv)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_val, axis=1)) / len(y_val)
print('Accuracy on adversarial test examples: {}%'.format(accuracy * 100))
make_model_parallel(model)
return Model(image, output)
# Read MNIST dataset
(x_train, y_train), (x_test, y_test), min_, max_ = load_mnist()
# Construct and train a convolutional neural network on MNIST using Keras
source = cnn_mnist_k()
source.compile(loss=keras.losses.categorical_crossentropy,
optimizer=Adam(lr=0.01),
metrics=['accuracy'])
source = KerasClassifier(clip_values=(min_, max_),
model=source,
use_logits=False)
source.fit(x_train, y_train, nb_epochs=5, batch_size=128)
# Craft adversarial samples with DeepFool
adv_crafter = DeepFool(source)
x_test_adv = adv_crafter.generate(x_test)
# Compare with existing Adversarial Training (from ART)
robust_classifier = load_model('saved_models/mnist_cnn_robust.h5')
robust_classifier = KerasClassifier(clip_values=(0, 1),
model=robust_classifier,
use_logits=False)
print('compare_transfer.py for mnist dataset v2')
print('based on inf norm')
# Normal images
original_model = load_model('saved_models/mnist_cnn_original.h5') # original
activation='relu',
input_shape=x_train.shape[1:]))
model.add(Conv2D(64, (3, 3), activation='relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(128, activation='relu'))
model.add(Dropout(0.5))
model.add(Dense(10, activation='softmax'))
model.compile(loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy'])
classifier = KerasClassifier(model=model, clip_values=(min_, max_))
classifier.fit(x_train, y_train, nb_epochs=5, batch_size=128)
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("\nTest accuracy: %.2f%%" % (acc * 100))
# Craft adversarial samples with FGSM
epsilon = .1 # Maximum perturbation
adv_crafter = FastGradientMethod(classifier, eps=epsilon)
x_test_adv = adv_crafter.generate(x=x_test)
# Evaluate the classifier on the adversarial examples
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("\nTest accuracy on adversarial sample: %.2f%%" % (acc * 100))
class TestActivationDefence(unittest.TestCase):
# python -m unittest discover art/ -p 'activation_defence_unittest.py'
def setUp(self):
(self.x_train,
self.y_train), (x_test,
y_test), min_, max_ = load_dataset(str('mnist'))
self.x_train = self.x_train[:300]
self.y_train = self.y_train[:300]
k.set_learning_phase(1)
model = Sequential()
model.add(
Conv2D(32,
kernel_size=(3, 3),
activation='relu',
input_shape=self.x_train.shape[1:]))
model.add(Conv2D(64, (3, 3), activation='relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(128, activation='relu'))
model.add(Dropout(0.5))
model.add(Dense(10, activation='softmax'))
model.compile(loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy'])
self.classifier = KerasClassifier((min_, max_), model=model)
self.classifier.fit(self.x_train,
self.y_train,
nb_epochs=1,
batch_size=128)
self.defence = ActivationDefence(self.classifier, self.x_train,
self.y_train)
# def tearDown(self):
# self.classifier.dispose()
# self.x_train.dispose()
# self.y_train.dispose()
@unittest.expectedFailure
def test_wrong_parameters_1(self):
self.defence.set_params(n_clusters=0)
@unittest.expectedFailure
def test_wrong_parameters_2(self):
self.defence.set_params(clustering_method='what')
@unittest.expectedFailure
def test_wrong_parameters_3(self):
self.defence.set_params(reduce='what')
@unittest.expectedFailure
def test_wrong_parameters_4(self):
self.defence.set_params(cluster_analysis='what')
def test_activations(self):
activations = self.defence._get_activations()
self.assertEqual(len(self.x_train), len(activations))
def test_output_clusters(self):
n_classes = self.classifier.nb_classes
for n_clusters in range(2, 5):
clusters_by_class, red_activations_by_class = self.defence.cluster_activations(
n_clusters=n_clusters)
# Verify expected number of classes
self.assertEqual(np.shape(clusters_by_class)[0], n_classes)
# Check we get the expected number of clusters:
found_clusters = len(np.unique(clusters_by_class[0]))
self.assertEqual(found_clusters, n_clusters)
# Check right amount of data
n_dp = 0
for i in range(0, n_classes):
n_dp += len(clusters_by_class[i])
self.assertEqual(len(self.x_train), n_dp)
def test_detect_poison(self):
confidence_level, is_clean_lst = self.defence.detect_poison(
n_clusters=2, ndims=10, reduce='PCA')
sum_clean1 = sum(is_clean_lst)
# Check number of items in is_clean
self.assertEqual(len(self.x_train), len(is_clean_lst))
self.assertEqual(len(self.x_train), len(confidence_level))
# Test right number of clusters
found_clusters = len(np.unique(self.defence.clusters_by_class[0]))
self.assertEqual(found_clusters, 2)
confidence_level, is_clean_lst = self.defence.detect_poison(
n_clusters=3, ndims=10, reduce='PCA', cluster_analysis='distance')
self.assertEqual(len(self.x_train), len(is_clean_lst))
self.assertEqual(len(self.x_train), len(confidence_level))
# Test change of state to new number of clusters:
found_clusters = len(np.unique(self.defence.clusters_by_class[0]))
self.assertEqual(found_clusters, 3)
# Test clean data has changed
sum_clean2 = sum(is_clean_lst)
self.assertNotEqual(sum_clean1, sum_clean2)
confidence_level, is_clean_lst = self.defence.detect_poison(
n_clusters=2, ndims=10, reduce='PCA', cluster_analysis='distance')
sum_dist = sum(is_clean_lst)
confidence_level, is_clean_lst = self.defence.detect_poison(
n_clusters=2, ndims=10, reduce='PCA', cluster_analysis='smaller')
sum_size = sum(is_clean_lst)
self.assertNotEqual(sum_dist, sum_size)
def test_analyze_cluster(self):
dist_clean_by_class = self.defence.analyze_clusters(
cluster_analysis='distance')
n_classes = self.classifier.nb_classes
self.assertEqual(n_classes, len(dist_clean_by_class))
# Check right amount of data
n_dp = 0
for i in range(0, n_classes):
n_dp += len(dist_clean_by_class[i])
self.assertEqual(len(self.x_train), n_dp)
sz_clean_by_class = self.defence.analyze_clusters(
cluster_analysis='smaller')
n_classes = self.classifier.nb_classes
self.assertEqual(n_classes, len(sz_clean_by_class))
# Check right amount of data
n_dp = 0
sum_sz = 0
sum_dis = 0
for i in range(0, n_classes):
n_dp += len(sz_clean_by_class[i])
sum_sz += sum(sz_clean_by_class[i])
sum_dis += sum(dist_clean_by_class[i])
self.assertEqual(len(self.x_train), n_dp)
# Very unlikely that they are the same
self.assertNotEqual(
sum_dis,
sum_sz,
msg='This is very unlikely to happen... there may be an error')
if __name__ == '__main__':
unittest.main()
def main():
try:
print('See if poison model has been previously trained ')
import pickle
classifier = pickle.load(open('my_poison_classifier.p', 'rb'))
print('Loaded model from pickle.... ')
data_train = np.load('data_training.npz')
x_train = data_train['x_train']
y_train = data_train['y_train']
is_poison_train = data_train['is_poison_train']
data_test = np.load('data_testing.npz')
x_test = data_test['x_test']
y_test = data_test['y_test']
is_poison_test = data_test['is_poison_test']
except:
# Read MNIST dataset (x_raw contains the original images):
(x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True)
n_train = np.shape(x_raw)[0]
num_selection = n_train
random_selection_indices = np.random.choice(n_train, num_selection)
x_raw = x_raw[random_selection_indices]
y_raw = y_raw[random_selection_indices]
# Poison training data
perc_poison = .33
(is_poison_train, x_poisoned_raw, y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison)
x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw)
# Add channel axis:
x_train = np.expand_dims(x_train, axis=3)
# Poison test data
(is_poison_test, x_poisoned_raw_test, y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test,
perc_poison)
x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test)
# Add channel axis:
x_test = np.expand_dims(x_test, axis=3)
# Shuffle training data so poison is not together
n_train = np.shape(y_train)[0]
shuffled_indices = np.arange(n_train)
np.random.shuffle(shuffled_indices)
x_train = x_train[shuffled_indices]
y_train = y_train[shuffled_indices]
is_poison_train = is_poison_train[shuffled_indices]
# Save data used for training and testing split:
np.savez('data_training.npz', x_train=x_train, y_train=y_train, is_poison_train=is_poison_train,
x_raw=x_poisoned_raw)
np.savez('data_testing.npz', x_test=x_test, y_test=y_test, is_poison_test=is_poison_test,
x_raw_test=x_poisoned_raw_test)
# Create Keras convolutional neural network - basic architecture from Keras examples
# Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py
k.set_learning_phase(1)
model = Sequential()
model.add(Conv2D(32, kernel_size=(3, 3), activation='relu', input_shape=x_train.shape[1:]))
model.add(Conv2D(64, (3, 3), activation='relu'))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Dropout(0.25))
model.add(Flatten())
model.add(Dense(128, activation='relu'))
model.add(Dropout(0.5))
model.add(Dense(10, activation='softmax'))
model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy'])
classifier = KerasClassifier((min_, max_), model=model)
classifier.fit(x_train, y_train, nb_epochs=50, batch_size=128)
print('Saving poisoned model: ')
pickle.dump(classifier, open('my_poison_classifier.p', 'wb'))
# Also saving for Anu:
file_name = 'anu_poison_mnist'
model.save(file_name + '.hdf5')
model_json = model.to_json()
with open(file_name + '.json', "w") as json_file:
json_file.write(model_json)
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("\nTest accuracy: %.2f%%" % (acc * 100))
# Evaluate the classifier on poisonous data
preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0]
print("\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100))
# Evaluate the classifier on clean data
preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1)
acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0]
print("\nClean test set accuracy: %.2f%%" % (acc * 100))
# Calling poisoning defence:
defence = ActivationDefence(classifier, x_train, y_train)
# End-to-end method:
print("------------------- Results using size metric -------------------")
print(defence.get_params())
defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA")
# Now fix the model
x_new, y_fix = correct_poisoned_labels(x_train, y_train, is_poison_train)
improvement = defence.relabel_poison_ground_truth(x_new, y_fix, test_set_split=0.7, tolerable_backdoor=0.001,
max_epochs=5, batch_epochs=10)
# Evaluate the classifier on poisonous data after backdoor fix:
preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1)
acc_after = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0]
print("\nPoisonous test set accuracy (i.e. effectiveness of poison) after backdoor fix: %.2f%%" % (acc_after * 100))
print("\n Improvement after training: ", improvement)
print('before: ', acc, ' after: ', acc_after)
print("done :) ")
verbose=1,
save_best_only=True)
lr_scheduler = LearningRateScheduler(lr_schedule)
lr_reducer = ReduceLROnPlateau(factor=np.sqrt(0.1),
cooldown=0,
patience=5,
min_lr=0.5e-6)
callbacks = [checkpoint, lr_reducer, lr_scheduler]
_c = KerasClassifier(model=model)
_c.fit(x_train, y_train,
batch_size=batch_size,
nb_epochs=50,
validation_data=(x_test, y_test),
shuffle=True,
callbacks=callbacks)
# Score trained model.
scores = model.evaluate(x_test, y_test, verbose=1)
print('Test loss:', scores[0])
print('Test accuracy:', scores[1])
save_clf(_c, '/home/surthi/models/cifar10/', 'resnet_clf_bn.h5', 'resnet_clf_model_bn.h5')
return _c
# Train CIFAR RESNET WITH AND WITHOUT BN MODELS
cifar_resnet_bn = fitResNet(batch_normalization=True)
cifar_resnet_no_bn = fitResNet(batch_normalization=False)
def get_vanilla_model(x_train, y_train, batch_norm=False):
# os.chdir('/home/surthi')
# _m = tf.keras.models.load_model('data/lid_model_cifar.h5')
m = Sequential()
m.add(Conv2D(32, (3, 3), padding='same', input_shape=(32, 32, 3)))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(Conv2D(32, (3, 3), padding='same'))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(MaxPooling2D(pool_size=(2, 2)))
# layer 5
m.add(Conv2D(64, (3, 3), padding='same'))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(Conv2D(64, (3, 3), padding='same'))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(MaxPooling2D(pool_size=(2, 2)))
# layer 10
m.add(Conv2D(128, (3, 3), padding='same'))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(Conv2D(128, (3, 3), padding='same'))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(MaxPooling2D(pool_size=(2, 2)))
# layer 15
m.add(Flatten())
m.add(Dropout(0.5))
m.add(Dense(1024, kernel_regularizer=l2(0.001), bias_regularizer=l2(0.001)))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
# layer19
m.add(Dropout(0.5))
m.add(Dense(512, kernel_regularizer=l2(0.001), bias_regularizer=l2(0.001)))
m.add(Activation('relu'))
if(batch_norm):
m.add(BatchNormalization())
m.add(Dropout(0.5))
m.add(Dense(10))
m.add(Activation('softmax'))
m.compile(
loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy']
)
c = KerasClassifier(model=m)
c.fit(x_train, y_train, nb_epochs=50, batch_size=128)
# os.chdir('/home/surthi/adversarial-robustness-toolbox/')
return c
kernel_size=(5, 5),
strides=1,
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(
Conv2D(filters=10,
kernel_size=(5, 5),
strides=1,
activation='relu',
input_shape=(23, 23, 4)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(100, activation='relu'))
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.SGD(lr=0.01),
metrics=['accuracy'])
# Step 3: Create the ART classifier
classifier = KerasClassifier(model=model,
clip_values=(min_pixel_value, max_pixel_value),
use_logits=False)
# Step 4: Train the ART classifier
classifier.fit(x_train, y_train, batch_size=32, nb_epochs=10)
classifier.save('cnn_simple_mnist.model')
