Python basic_iterative_method Beispiele

Beispiel #1

Datei: util.py Projekt: liquor233/AIDefender_demo

def calc_single_bim(x,sess):
    from scipy.spatial.distance import euclidean
    K.set_session(sess)
    model = load_model("model/model_mnist.h5")
    x = x.reshape(1,28,28,1)
    y = model.predict_classes(x)
    y = np.eye(10)[y]
    print y.shape
    its, results = basic_iterative_method(
            sess, model, x, y, eps=0.40,
            eps_iter=0.010, clip_min=-0.5,
            clip_max=0.5)
    x_adv = np.asarray([results[its[i], i] for i in range(len(y))])
    dist = np.zeros(shape=(1,1))
    dist[0][0] = euclidean(x.reshape(-1),x_adv.reshape(-1))
    return dist

Beispiel #2

Datei: util.py Projekt: liquor233/AIDefender_demo

def craftadv(x,y,sess,dataset='mnist'):
    assert dataset in ['mnist','roadsign']
    K.set_session(sess)
    if dataset == 'mnist':
        x = x.reshape((1,28,28,1))
        y = np.eye(10)[y]
        y = y.reshape(-1,10)
        model = load_model("model/model_mnist.h5")
    else :
        x = x.reshape((1,32,32,3))
        y = np.eye(62)[y]
        y = y.reshape(-1,62)
        model = load_model("model/model_traffic.h5")
    its, results = basic_iterative_method(
            sess, model, x, y, eps=0.4,
            eps_iter=0.010, clip_min=0.0,
            clip_max=1.0
    )
    x_adv = np.asarray([results[its[0], 0]])
    return x_adv

Beispiel #3

def craft_one_type(sess, model, X, Y, dataset, attack, batch_size):
    """
    TODO
    :param sess:
    :param model:
    :param X:
    :param Y:
    :param dataset:
    :param attack:
    :param batch_size:
    :return:
    """

    if attack == 'fgsm':
        # FGSM attack
        print('Crafting fgsm adversarial samples...')
        X_adv = fast_gradient_sign_method(sess,
                                          model,
                                          X,
                                          Y,
                                          eps=ATTACK_PARAMS['fgsm']['eps'],
                                          clip_min=0.0,
                                          clip_max=1.0,
                                          batch_size=batch_size)
    elif attack in ['bim-a', 'bim-b']:
        # BIM attack
        print('Crafting %s adversarial samples...' % attack)
        its, results = basic_iterative_method(
            sess,
            model,
            X,
            Y,
            eps=ATTACK_PARAMS['bim']['eps'],
            eps_iter=ATTACK_PARAMS['bim']['eps_iter'],
            clip_min=0.,
            clip_max=1.,
            batch_size=batch_size)
        if attack == 'bim-a':
            # BIM-A
            # For each sample, select the time step where that sample first
            # became misclassified
            X_adv = np.asarray([results[its[i], i] for i in range(len(Y))])
        else:
            # BIM-B
            # For each sample, select the very last time step
            X_adv = results[-1]
    elif attack == 'jsma':
        # JSMA attack
        print('Crafting jsma adversarial samples. This may take a while...')
        X_adv = saliency_map_method(sess,
                                    model,
                                    X,
                                    Y,
                                    theta=1,
                                    gamma=0.1,
                                    clip_min=0.,
                                    clip_max=1.)
    else:
        # TODO: CW attack
        raise NotImplementedError('CW attack not yet implemented.')
    _, acc = model.evaluate(X_adv, Y, batch_size=batch_size, verbose=0)
    np.set_printoptions(threshold=9999)  # 打印全部

    # print(model(inputs=X[0], outputs=model.layers[30].input))

    def sigmoid(x):
        s = 1 / (1 + np.exp(-x))
        return s

    temperature = 1
    predicted = model.predict(X) / temperature
    print(predicted)

    #print(np.concatenate((softmax(predicted,0), softmax(predicted,1), softmax(predicted,2),softmax(predicted,3)), axis=1))
    def softmax(X, i):  # softmax函数
        return np.exp(X[LEN * i:LEN *
                        (i + 1)]) / np.sum(np.exp(X[LEN * i:LEN * (i + 1)]))

    # print(np.concatenate((softmax(predicted,0), softmax(predicted,1), softmax(predicted,2),softmax(predicted,3)), axis=1))

    def soften(predicted):
        soft = predicted
        for i in range(1):
            soft[i] = np.concatenate(
                (softmax(predicted[i], 0), softmax(predicted[i], 1),
                 softmax(predicted[i], 2), softmax(predicted[i], 3)),
                axis=0)
        return soft

    def fn(correct, predicted):
        loss = 0
        for i in range(CAPTCHA_LEN):
            loss += tf.nn.softmax_cross_entropy_with_logits(
                labels=correct[LEN * i:LEN * (i + 1)],
                logits=predicted[LEN * i:LEN * (i + 1)])
        return loss

    # print(fn(Y,model.predict(X)))
    soft_label = soften(predicted)
    print(Y, soft_label)

    # print((model.predict(X) ))
    # print(softmax(model.predict(X)))
    pred_adv = sigmoid(model.predict(X_adv))

    pred_x = sigmoid(model.predict(X))

    # print(pred_x)
    # print(sigmoid(pred_x))

    # x=tf.convert_to_tensor(X.astype(np.float32))
    # logits,=model(x).op.input
    # print(aget_logits(sess,model,X,Y,))

    succeed = 0
    t_all = 0
    for j in range(1):
        t = 0
        for i in range(4):
            if np.argmax(pred_x[j, LEN * i:LEN * (i + 1)]) == np.argmax(
                    Y[j, LEN * i:LEN * (i + 1)]):
                t = t + 1
        t_all += t
        if t == 4:
            succeed += 1
    print(succeed, ' ', t_all)

    def max_predict(x):
        for i in range(4):
            print(CAPTCHA_LIST[np.argmax(x[0, LEN * i:LEN * (i + 1)])],
                  " ",
                  end="")

    print("真实值")
    max_predict(Y)
    print("   ")
    print("蒸馏值")
    max_predict(soft_label)
    print("   ")
    print("攻击前预测值")
    max_predict(pred_x)
    print("   ")
    print("攻击后预测值")
    max_predict(pred_adv)

    print("   ")
    #np.argmax(pred_adv)

    acc_x = soft_label[0] * (Y[0] / 4)  #每个数字权重是1/4
    acc_adv = pred_adv[0] * (Y[0] / 4)
    print("攻击前准确度", sum(acc_x), "攻击后准确度", sum(acc_adv))

    print("攻击前模型输出")
    print(pred_x)
    print("攻击后模型输出")
    print(pred_adv)

    plt.figure()
    plt.subplot(2, 1, 1)
    plt.imshow(X[0, :, :, 0])
    plt.subplot(2, 1, 2)
    plt.imshow(X_adv[0, :, :, 0])
    plt.show()

    print("Model accuracy on the adversarial test set: %0.2f%%" % (100 * acc))
    np.save('../data/captcha6.npy', X_adv)

Beispiel #4

Datei: craft_adv_examples.py Projekt: liquor233/AIDefender_demo

def craft_one_type(sess, model, X, Y, dataset, attack, batch_size):
    """
    TODO
    :param sess:
    :param model:
    :param X:
    :param Y:
    :param dataset:
    :param attack:
    :param batch_size:
    :return:
    """
    if attack == 'fgsm':
        # FGSM attack
        print('Crafting fgsm adversarial samples...')
        X_adv = fast_gradient_sign_method(sess,
                                          model,
                                          X,
                                          Y,
                                          eps=ATTACK_PARAMS[dataset]['eps'],
                                          clip_min=CLIP_MIN,
                                          clip_max=CLIP_MAX,
                                          batch_size=batch_size)
    elif attack in ['bim-a', 'bim-b']:
        # BIM attack
        print('Crafting %s adversarial samples...' % attack)
        its, results = basic_iterative_method(
            sess,
            model,
            X,
            Y,
            eps=ATTACK_PARAMS[dataset]['eps'],
            eps_iter=ATTACK_PARAMS[dataset]['eps_iter'],
            clip_min=CLIP_MIN,
            clip_max=CLIP_MAX,
            batch_size=batch_size)
        if attack == 'bim-a':
            # BIM-A
            # For each sample, select the time step where that sample first
            # became misclassified
            X_adv = np.asarray([results[its[i], i] for i in range(len(Y))])
        else:
            # BIM-B
            # For each sample, select the very last time step
            X_adv = results[-1]
    elif attack == 'jsma':
        # JSMA attack
        print('Crafting jsma adversarial samples. This may take > 5 hours')
        X_adv = saliency_map_method(sess,
                                    model,
                                    X,
                                    Y,
                                    theta=1,
                                    gamma=0.1,
                                    clip_min=CLIP_MIN,
                                    clip_max=CLIP_MAX)
    elif attack == 'cw-l2':
        # C&W attack
        print(
            'Crafting %s examples. This takes > 5 hours due to internal grid search'
            % attack)
        image_size = ATTACK_PARAMS[dataset]['image_size']
        num_channels = ATTACK_PARAMS[dataset]['num_channels']
        num_labels = ATTACK_PARAMS[dataset]['num_labels']
        cw_attack = CarliniL2(sess,
                              model,
                              image_size,
                              num_channels,
                              num_labels,
                              batch_size=batch_size)
        X_adv = cw_attack.attack(X, Y)
    elif attack == 'cw-lid':
        # C&W attack to break LID detector
        print(
            'Crafting %s examples. This takes > 5 hours due to internal grid search'
            % attack)
        image_size = ATTACK_PARAMS[dataset]['image_size']
        num_channels = ATTACK_PARAMS[dataset]['num_channels']
        num_labels = ATTACK_PARAMS[dataset]['num_labels']
        cw_attack = CarliniLID(sess,
                               model,
                               image_size,
                               num_channels,
                               num_labels,
                               batch_size=batch_size)
        X_adv = cw_attack.attack(X, Y)

    _, acc = model.evaluate(X_adv, Y, batch_size=batch_size, verbose=0)
    print("Model accuracy on the adversarial test set: %0.2f%%" % (100 * acc))
    np.save(os.path.join(PATH_DATA, 'Adv_%s_%s.npy' % (dataset, attack)),
            X_adv)
    l2_diff = np.linalg.norm(X_adv.reshape((len(X), -1)) - X.reshape(
        (len(X), -1)),
                             axis=1).mean()
    print("Average L-2 perturbation size of the %s attack: %0.2f" %
          (attack, l2_diff))