def make_lisa_cnn(sess, batch_size, dim):
""" Creates a simple sign classification network.
Note that the network produced by cnn_model() is fairly weak.
For example, on CIFAR-10 it gets 60-something percent accuracy,
which substantially below state-of-the-art.
Note: it is not required here that dim be the same as the
CNN input spatial dimensions. In these cases, the
caller is responsible for resizing x to make it
compatible with the model (e.g. via random crops).
"""
num_classes = 48 # usually only use 17 vs 48 classes, but it doesn't hurt to have room for 48
num_channels = 1
x = tf.placeholder(tf.float32, shape=(batch_size, dim, dim, num_channels))
y = tf.placeholder(tf.float32, shape=(batch_size, num_classes))
# XXX: set layer naming convention explicitly?
# Otherwise, names depend upon when model was created...
model = cnn_model(img_rows=32,
img_cols=32,
channels=num_channels,
nb_classes=num_classes)
return model, x, y
def oracle_model():
print("Define oracle model")
model = cnn_model(img_rows=FLAGS.nb_rows,
img_cols=FLAGS.nb_cols,
channels=FLAGS.nb_channels,
nb_classes=FLAGS.nb_classes)
return model
def prep_bbox(sess, x, y, X_train, Y_train, X_test, Y_test, nb_epochs,
batch_size, learning_rate):
"""
Define and train a model that simulates the "remote"
black-box oracle described in the original paper.
:param sess: the TF session
:param x: the input placeholder for MNIST
:param y: the ouput placeholder for MNIST
:param X_train: the training data for the oracle
:param Y_train: the training labels for the oracle
:param X_test: the testing data for the oracle
:param Y_test: the testing labels for the oracle
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:return:
"""
# Define TF model graph (for the black-box model)
model = cnn_model()
predictions = model(x)
print("Defined TensorFlow model graph.")
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate
}
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
verbose=False,
args=train_params)
# Print out the accuracy on legitimate data
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
print('Test accuracy of black-box on legitimate test '
'examples: ' + str(accuracy))
return model, predictions, accuracy
def test_get_logits_over_interval(self):
import tensorflow as tf
model = cnn_model()
wrap = KerasModelWrapper(model)
fgsm_params = {'eps': .5}
img = np.ones(shape=(28, 28, 1))
num_points = 21
with tf.Session() as sess:
tf.global_variables_initializer().run()
logits = utils.get_logits_over_interval(sess, wrap,
img, fgsm_params,
min_epsilon=-10,
max_epsilon=10,
num_points=num_points)
self.assertEqual(logits.shape[0], num_points)
def prep_bbox(sess, x, y, X_train, Y_train, X_test, Y_test,
nb_epochs, batch_size, learning_rate,
rng, nb_classes=10, img_rows=28, img_cols=28, nchannels=1):
"""
Define and train a model that simulates the "remote"
black-box oracle described in the original paper.
:param sess: the TF session
:param x: the input placeholder for MNIST
:param y: the ouput placeholder for MNIST
:param X_train: the training data for the oracle
:param Y_train: the training labels for the oracle
:param X_test: the testing data for the oracle
:param Y_test: the testing labels for the oracle
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param rng: numpy.random.RandomState
:return:
"""
# Define Keras-based TF model graph (for the black-box model)
nb_filters = 64
model = cnn_model(nb_filters=nb_filters, nb_classes=nb_classes)
# Wrap the model in KerasModelWrapper
model = KerasModelWrapper(model, nb_classes)
loss = LossCrossEntropy(model, smoothing=0.1)
predictions = model.get_logits(x)
print("Defined TensorFlow model graph.")
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate
}
train(sess, loss, x, y, X_train, Y_train, args=train_params, rng=rng)
# Print out the accuracy on legitimate data
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test,
args=eval_params)
print('Test accuracy of black-box on legitimate test '
'examples: ' + str(accuracy))
return model, predictions, accuracy
def main():
keras.backend.set_image_dim_ordering('th')
# We can't use argparse in a test because it reads the arguments to nosetests
# e.g., nosetests -v passes the -v to the test
args = {
"batch_size": 128,
"nb_epochs": 2,
"learning_rate": .5
}
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist()
X_train = X_train[:10000]
Y_train = Y_train[:10000]
X_test = X_test[:2000]
Y_test = Y_test[:2000]
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input Theano placeholder
x_shape = (None, 1, 28, 28)
x = T.tensor4('x')
y = T.matrix('y')
# Define Theano model graph
model = cnn_model()
model.build(x_shape)
predictions = model(x)
print("Defined Theano model graph.")
# Train an MNIST model
th_model_train(x, y, predictions, model.trainable_weights,
X_train, Y_train, args=args)
accuracy = th_model_eval(x, y, predictions, X_test, Y_test, args=args)
assert accuracy > 0.8, accuracy
def __init__(self, dataset, model_type='cnn_model', label_smoothing=.1):
self.x_train, self.y_train = dataset.get_set('train')
self.x_test, self.y_test = dataset.get_set('test')
# Obtain Image Parameters
self.img_rows, self.img_cols, self.nchannels = self.x_train.shape[1:4]
self.nb_classes = self.y_train.shape[1]
# Label smoothing
self.y_train -= label_smoothing * (self.y_train - 1. / self.nb_classes)
# Define Keras model
self.model = cnn_model(img_rows=self.img_rows,
img_cols=self.img_cols,
channels=self.nchannels,
nb_filters=64,
nb_classes=self.nb_classes)
print("Defined Keras model.")
# To be able to call the model in the custom loss, we need to call it once
# before, see https://github.com/tensorflow/tensorflow/issues/23769
self.model(self.model.input)
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=6,
batch_size=128,
epsilon=0.3,
learning_rate=0.001,
train_dir="/tmp",
filename="mnist.ckpt",
load_model=False,
testing=False):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Use label smoothing
assert Y_train.shape[1] == 10
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model_BIM()
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params)
report.clean_train_clean_eval = acc
assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
ckpt = tf.train.get_checkpoint_state(train_dir)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
rng = np.random.RandomState([2017, 8, 30])
if load_model and ckpt_path:
saver = tf.train.Saver()
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
model_train(sess,
x,
y,
preds,
X_train,
Y_train,
evaluate=evaluate,
args=train_params,
save=False,
rng=rng)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
wrap = KerasModelWrapper(model)
print("FastGradientMethod")
fgsm1 = FastGradientMethod(wrap, sess=sess)
for epsilon in [0.005, 0.01, 0.05, 0.1, 0.5, 1.0]:
print("Epsilon =", epsilon),
fgsm_params = {'eps': epsilon, 'clip_min': None, 'clip_max': None}
adv_x = fgsm1.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
print("BasicIterativeMethod")
bim = BasicIterativeMethod(wrap, sess=sess)
for epsilon, order in zip(
[0.005, 0.01, 0.05, 0.1, 0.5, 1.0, 0.5, 1.0],
[np.inf, np.inf, np.inf, np.inf, np.inf, np.inf, 2, 2]):
print("Epsilon =", epsilon),
fgsm_params = {
'eps': epsilon,
'clip_min': 0.,
'clip_max': 1.,
'ord': order
}
adv_x = bim.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {'batch_size': batch_size}
acc = model_eval(sess,
x,
y,
preds_adv,
X_train,
Y_train,
args=eval_par)
report.train_clean_train_adv_eval = acc
return
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model()
preds_2 = model_2(x)
wrap_2 = KerasModelWrapper(model_2)
#fgsm2 = FastGradientMethod(wrap_2, sess=sess)
bim2 = BasicIterativeMethod(wrap_2, sess=sess)
preds_2_adv = model_2(bim2.generate(x, **fgsm_params))
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess,
x,
y,
preds_2,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess,
x,
y,
preds_2_adv,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: %0.4f' % accuracy)
report.adv_train_adv_eval = accuracy
# Perform and evaluate adversarial training
model_train(sess,
x,
y,
preds_2,
X_train,
Y_train,
predictions_adv=preds_2_adv,
evaluate=evaluate_2,
args=train_params,
save=False,
rng=rng)
# Calculate training errors
if testing:
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess,
x,
y,
preds_2,
X_train,
Y_train,
args=eval_params)
report.train_adv_train_clean_eval = accuracy
accuracy = model_eval(sess,
x,
y,
preds_2_adv,
X_train,
Y_train,
args=eval_params)
report.train_adv_train_adv_eval = accuracy
return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=6, batch_size=128,
learning_rate=0.001, train_dir="/tmp",
filename="mnist.ckpt", load_model=False,
testing=False):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
# Image dimensions ordering should follow the Theano convention
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Use label smoothing
assert Y_train.shape[1] == 10
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model()
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params)
report.clean_train_clean_eval = acc
assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
ckpt = tf.train.get_checkpoint_state(train_dir)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
rng = np.random.RandomState([2017, 8, 30])
if load_model and ckpt_path:
saver = tf.train.Saver()
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate,
args=train_params, save=True)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
wrap = KerasModelWrapper(model)
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.3}
adv_x = fgsm.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_train,
Y_train, args=eval_par)
report.train_clean_train_adv_eval = acc
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model()
preds_2 = model_2(x)
wrap_2 = KerasModelWrapper(model_2)
fgsm2 = FastGradientMethod(wrap_2, sess=sess)
preds_2_adv = model_2(fgsm2.generate(x, **fgsm_params))
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, X_test, Y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess, x, y, preds_2_adv, X_test,
Y_test, args=eval_params)
print('Test accuracy on adversarial examples: %0.4f' % accuracy)
report.adv_train_adv_eval = accuracy
# Perform and evaluate adversarial training
train(sess, x, y, preds_2, X_train, Y_train,
predictions_adv=preds_2_adv, evaluate=evaluate_2,
args=train_params, save=False)
# Get a random slice of the data for linear extrapolation plots
random_idx = np.random.randint(0, X_train.shape[0])
X_slice = X_train[random_idx]
Y_slice = Y_train[random_idx]
# Plot the linear extrapolation plot for clean model
log_prob_adv_array = get_logits_over_interval(
sess, wrap, X_slice, fgsm_params)
linear_extrapolation_plot(log_prob_adv_array, Y_slice,
'lep_clean.png')
# Plot the linear extrapolation plot for adv model
log_prob_adv_array = get_logits_over_interval(
sess, wrap_2, X_slice, fgsm_params)
linear_extrapolation_plot(log_prob_adv_array, Y_slice,
'lep_adv.png')
# Calculate training errors
if testing:
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, X_train, Y_train,
args=eval_params)
report.train_adv_train_clean_eval = accuracy
accuracy = model_eval(sess, x, y, preds_2_adv, X_train,
Y_train, args=eval_params)
report.train_adv_train_adv_eval = accuracy
return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=6, batch_size=128,
learning_rate=0.001, train_dir="/tmp",
filename="mnist.ckpt", load_model=False,
testing=False):
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
config = tf.ConfigProto()
config.gpu_options.allow_growth = True
sess = tf.Session(config=config)
keras.backend.set_session(sess)
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Use label smoothing
assert Y_train.shape[1] == 10
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model()
predictions = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params)
report.clean_train_clean_eval = acc
assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
# Train an MNIST model
ckpt = tf.train.get_checkpoint_state(train_dir)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
rng = np.random.RandomState([2017, 8, 30])
if load_model and ckpt_path:
saver = tf.train.Saver()
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
else:
print("Model was not loaded, training from scratch.")
model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate,
args=train_params, save=True, rng=rng)
advGenTimeStart = time.time()
wrap = KerasModelWrapper(model)
advGenTimeStart = time.time()
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.2,
'clip_min': 0.,
'clip_max': 1.}
adv_x = fgsm.generate(x, **fgsm_params)
adv_x = sess.run(adv_x, feed_dict={x: X_test[4500:5500]})
advGenTimeEnd = time.time()
advGenTime = advGenTimeEnd-advGenTimeStart
for i in xrange(1000):
normalization(adv_x[i:(i+1)])
original_classified_wrong_number = 0
disturbed_failure_number = 0
NbLowEntropy = 0
NbMidEntropy = 0
NbHighEntropy = 0
lowTP = 0
lowFN = 0
lowFP = 0
midTP = 0
midFN = 0
midFP = 0
highTP = 0
highFN = 0
highFP = 0
for i in range(len(adv_x)):
current_class = int(np.argmax(Y_test[4500+i]))
oriPreTimeStart = time.time()
currentXLabel = model_argmax(sess,x,predictions,X_test[i+4500:(i+4501)])
currentXProbList = my_model_argmax(sess,x,predictions,X_test[i+4500:(i+4501)])
oriPreTimeEnd = time.time()
oriPreTime = oriPreTimeEnd-oriPreTimeStart
if currentXLabel != current_class:
original_classified_wrong_number+=1
continue
advPreTimeStart = time.time()
currentAdvXLabel = model_argmax(sess,x,predictions,adv_x[i:(i+1)])
currentAdvXProbList = my_model_argmax(sess,x,predictions,adv_x[i:(i+1)])
advPreTimeEnd = time.time()
advPreTime = advPreTimeEnd-advPreTimeStart
if currentAdvXLabel == currentXLabel:
disturbed_failure_number+=1
continue
tempX = np.reshape(X_test[i+4500:(i+4501)], (28,28))
test_x = np.array(tempX)
oriFilteredPreTimeStart = time.time()
currentX = np.reshape(X_test[i+4500:(i+4501)], (28,28))
imageEntropy = oneDEntropy(test_x)
if imageEntropy < 4:
NbLowEntropy+=1
current_x_res = scalarQuantization(currentX,128)
current_x_res = np.reshape(current_x_res, X_test[0:1].shape)
current_x_res_label = model_argmax(sess,x,predictions,current_x_res)
if current_x_res_label != current_class:
lowFP+=1
elif imageEntropy < 5:
NbMidEntropy+=1
current_x_res = scalarQuantization(currentX,64)
current_x_res = np.reshape(current_x_res, X_test[0:1].shape)
current_x_res_label = model_argmax(sess,x,predictions,current_x_res)
if current_x_res_label != current_class:
midFP+=1
else:
NbHighEntropy+=1
current_x_res = scalarQuantization(currentX,43)
current_x_res = np.reshape(current_x_res, X_test[0:1].shape)
current_x_res_label = model_argmax(sess,x,predictions,current_x_res)
if current_x_res_label != current_class:
highFP+=1
tempX2 = np.reshape(adv_x[i:(i+1)], (28,28))
test_adv_x = np.array(tempX2)
currentAdvX = np.reshape(adv_x[i:(i+1)], (28,28))
imageEntropy2 = oneDEntropy(test_adv_x)
print('%d: %.2f------%.2f' % (i, imageEntropy,imageEntropy2))
if imageEntropy2 < 4:
NbLowEntropy+=1
current_adv_x_res = scalarQuantization(currentAdvX,128)
current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape)
current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res)
if current_adv_x_res_label != currentAdvXLabel:
lowTP+=1
else:
lowFN+=1
elif imageEntropy2 < 5:
NbMidEntropy+=1
current_adv_x_res = scalarQuantization(currentAdvX,64)
current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape)
current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res)
if current_adv_x_res_label != currentAdvXLabel:
midTP+=1
else:
highFN+=1
else:
NbHighEntropy+=1
current_adv_x_res = scalarQuantization(currentAdvX,43)
current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape)
current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res)
if current_adv_x_res_label != currentAdvXLabel:
highTP+=1
else:
highFN+=1
str1 = '%d-%d' % (original_classified_wrong_number,disturbed_failure_number)
lowstr = '%d : lowTP = %d; lowFN = %d; lowFP = %d' % (NbLowEntropy,lowTP,lowFN,lowFP)
midstr = '%d : midTP = %d; midFN = %d; midFP = %d' % (NbMidEntropy,midTP,midFN,midFP)
highstr = '%d : highTP = %d; highFN = %d; highFP = %d' % (NbHighEntropy,highTP,highFN,highFP)
print(str1)
print(lowstr)
print(midstr)
print(highstr)
lowRecall=lowTP*1.0/(lowTP+lowFN)
lowPrecision=lowTP*1.0/(lowTP+lowFP)
midRecall=midTP*1.0/(midTP+midFN)
midPrecision=midTP*1.0/(midTP+midFP)
highRecall=highTP*1.0/(highTP+highFN)
highPrecision=highTP*1.0/(highTP+highFP)
print ("lowRecall: ",lowRecall)
print ("lowPrecision: ",lowPrecision)
print ("midRecall: ",midRecall)
print ("midPrecision: ",midPrecision)
print ("highRecall: ",highRecall)
print ("highPrecision: ",highPrecision)
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=6, batch_size=128,
learning_rate=0.001, train_dir="train_dir",
filename="mnist.ckpt", load_model=False,
testing=False, label_smoothing=0.1):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
x_train, y_train, x_test, y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols,
nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(img_rows=img_rows, img_cols=img_cols,
channels=nchannels, nb_filters=64,
nb_classes=nb_classes)
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
loss = LossCrossEntropy(wrap, smoothing=label_smoothing)
train(sess, loss, x, y, x_train, y_train, evaluate=evaluate,
args=train_params, save=True, rng=rng)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.3,
'clip_min': 0.,
'clip_max': 1.}
adv_x = fgsm.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, x_train,
y_train, args=eval_par)
report.train_clean_train_adv_eval = acc
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model(img_rows=img_rows, img_cols=img_cols,
channels=nchannels, nb_filters=64,
nb_classes=nb_classes)
wrap_2 = KerasModelWrapper(model_2)
preds_2 = model_2(x)
fgsm2 = FastGradientMethod(wrap_2, sess=sess)
def attack(x):
return fgsm2.generate(x, **fgsm_params)
preds_2_adv = model_2(attack(x))
loss_2 = LossCrossEntropy(wrap_2, smoothing=label_smoothing, attack=attack)
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_test, y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess, x, y, preds_2_adv, x_test,
y_test, args=eval_params)
print('Test accuracy on adversarial examples: %0.4f' % accuracy)
report.adv_train_adv_eval = accuracy
# Perform and evaluate adversarial training
train(sess, loss_2, x, y, x_train, y_train, evaluate=evaluate_2,
args=train_params, save=False, rng=rng)
# Calculate training errors
if testing:
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_train, y_train,
args=eval_params)
report.train_adv_train_clean_eval = accuracy
accuracy = model_eval(sess, x, y, preds_2_adv, x_train,
y_train, args=eval_params)
report.train_adv_train_adv_eval = accuracy
return report
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=NB_EPOCHS,
batch_size=BATCH_SIZE,
learning_rate=LEARNING_RATE,
train_dir=TRAIN_DIR,
filename=FILENAME,
load_model=LOAD_MODEL,
testing=True,
label_smoothing=0.1):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
tf.keras.backend.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if keras.backend.image_data_format() != 'channels_last':
raise NotImplementedError(
"this tutorial requires keras to be configured to channels_last format"
)
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
mnist = MNIST(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
x_train, y_train = mnist.get_set('train')
x_test, y_test = mnist.get_set('test')
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(img_rows=img_rows,
img_cols=img_cols,
channels=nchannels,
nb_filters=64,
nb_classes=nb_classes)
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
eval_params = {'batch_size': batch_size}
def eval(xx):
acc = model_eval(sess, x, y, preds, xx, y_test, args=eval_params)
print(acc)
eval(x_test)
model = load_modell(str("./autoencoder_bim.h5"))
x_test_decoded = model.predict(x_test)
eval(x_test_decoded)
_, bim_test = pickle.load(open("/data/mnist/bim.pkl"))
bim_test = bim_test.astype('float32') / 255.
bim_test = np.mean(bim_test, axis=3)
bim_test = np.expand_dims(bim_test, axis=3)
bim_test_decoded = model.predict(bim_test)
eval(bim_test)
eval(bim_test_decoded)
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=6,
batch_size=128,
learning_rate=0.001,
train_dir="/tmp",
filename="mnist.ckpt",
load_model=False,
testing=False):
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
config = tf.ConfigProto()
config.gpu_options.allow_growth = True
sess = tf.Session(config=config)
keras.backend.set_session(sess)
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Use label smoothing
assert Y_train.shape[1] == 10
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model()
predictions = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
report.clean_train_clean_eval = acc
assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
# Train an MNIST model
ckpt = tf.train.get_checkpoint_state(train_dir)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
rng = np.random.RandomState([2017, 8, 30])
if load_model and ckpt_path:
saver = tf.train.Saver()
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
else:
print("Model was not loaded, training from scratch.")
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
evaluate=evaluate,
args=train_params,
save=True,
rng=rng)
advGenTimeStart = time.time()
wrap = KerasModelWrapper(model)
advGenTimeStart = time.time()
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.3, 'clip_min': 0., 'clip_max': 1.}
adv_x = fgsm.generate(x, **fgsm_params)
adv_x = sess.run(adv_x, feed_dict={x: X_test[5500:]})
advGenTimeEnd = time.time()
advGenTime = advGenTimeEnd - advGenTimeStart
for i in xrange(4500):
normalization(adv_x[i:(i + 1)])
original_classified_wrong_number = 0
disturbed_failure_number = 0
test_number = 0
TTP = 0
TP = 0
FN = 0
FP = 0
for i in range(len(adv_x)):
current_class = int(np.argmax(Y_test[i + 5500]))
oriPreTimeStart = time.time()
currentXLabel = model_argmax(sess, x, predictions,
X_test[i + 5500:(i + 5501)])
currentXProbList = my_model_argmax(sess, x, predictions,
X_test[i + 5500:(i + 5501)])
oriPreTimeEnd = time.time()
oriPreTime = oriPreTimeEnd - oriPreTimeStart
if currentXLabel != current_class:
original_classified_wrong_number += 1
continue
advPreTimeStart = time.time()
currentAdvXLabel = model_argmax(sess, x, predictions, adv_x[i:(i + 1)])
currentAdvXProbList = my_model_argmax(sess, x, predictions,
adv_x[i:(i + 1)])
advPreTimeEnd = time.time()
advPreTime = advPreTimeEnd - advPreTimeStart
if currentAdvXLabel == currentXLabel:
disturbed_failure_number += 1
continue
# fig = plt.figure('test')
# picOne = fig.add_subplot(121)
# picOne.imshow(X_test[i+5500:(i+5501)].reshape((28,28)), cmap='gray')
# picTwo = fig.add_subplot(122)
# picTwo.imshow(adv_x[i:(i+1)].reshape((28,28)), cmap='gray')
# plt.show()
test_number += 1
print('probabilities = %.4f ; %.4f' %
(currentXProbList[currentXLabel],
currentAdvXProbList[currentAdvXLabel]))
tempX = np.reshape(X_test[i + 5500:(i + 5501)], (28, 28))
test_x = np.array(tempX)
oriFilteredPreTimeStart = time.time()
currentX = np.reshape(X_test[i + 5500:(i + 5501)], (28, 28))
imageEntropy = oneDEntropy(test_x)
if imageEntropy < 4:
current_x_res = scalarQuantization(currentX, 128)
elif imageEntropy < 5:
current_x_res = scalarQuantization(currentX, 64)
else:
current_x_ASQ = scalarQuantization(currentX, 43)
current_x_ASQ_AMF = crossMeanFilterOperations(
current_x_ASQ, 3, 25, 13)
current_x_res = chooseCloserFilter(currentX, current_x_ASQ,
current_x_ASQ_AMF)
current_x_res = np.reshape(current_x_res, X_test[0:1].shape)
current_x_res_label = model_argmax(sess, x, predictions, current_x_res)
current_x_res_prob = my_model_argmax(sess, x, predictions,
current_x_res)
tempX2 = np.reshape(adv_x[i:(i + 1)], (28, 28))
test_adv_x = np.array(tempX2)
currentAdvX = np.reshape(adv_x[i:(i + 1)], (28, 28))
imageEntropy2 = oneDEntropy(test_adv_x)
print('%d: %.2f------%.2f' % (i, imageEntropy, imageEntropy2))
if imageEntropy2 < 4:
current_adv_x_res = scalarQuantization(currentAdvX, 128)
elif imageEntropy2 < 5:
current_adv_x_res = scalarQuantization(currentAdvX, 64)
else:
current_adv_x_ASQ = scalarQuantization(currentAdvX, 43)
current_adv_x_ASQ_AMF = crossMeanFilterOperations(
current_adv_x_ASQ, 3, 25, 13)
current_adv_x_res = chooseCloserFilter(currentAdvX,
current_adv_x_ASQ,
current_adv_x_ASQ_AMF)
current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape)
current_adv_x_res_label = model_argmax(sess, x, predictions,
current_adv_x_res)
current_adv_x_res_prob = my_model_argmax(sess, x, predictions,
current_adv_x_res)
print('filtered Probs = %.4f ; %.4f' %
(current_x_res_prob[current_x_res_label],
current_adv_x_res_prob[current_adv_x_res_label]))
if current_adv_x_res_label != currentAdvXLabel:
TP += 1
if current_adv_x_res_label == current_class:
TTP += 1
else:
FN += 1
if current_x_res_label != currentXLabel:
FP += 1
str1 = '%d-%d-%d: TP = %d; FN = %d; FP = %d; TTP = %d' % (
test_number, original_classified_wrong_number,
disturbed_failure_number, TP, FN, FP, TTP)
print(str1)
Recall = TP / (TP + FN)
Precision = TP / (TP + FP)
tempStarStr = '********************************************************'
recallStr = 'Recall = %.4f' % (Recall)
precisionStr = 'Precision = %.4f' % (Precision)
print(tempStarStr)
print(recallStr)
print(precisionStr)
print(tempStarStr)
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=6,
batch_size=128,
learning_rate=0.001,
train_dir="/tmp",
filename="mnist.ckpt",
load_model=False,
testing=False):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
# X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
# train_end=train_end,
# test_start=test_start,
# test_end=test_end)
# # Use label smoothing
# assert Y_train.shape[1] == 10
# label_smooth = .1
# Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# # Define input TF placeholder
# x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
# y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model()
print(type(model))
print(model)
# preds = model(x)
# print("Defined TensorFlow model graph.")
# def evaluate():
# # Evaluate the accuracy of the MNIST model on legitimate test examples
# eval_params = {'batch_size': batch_size}
# acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params)
# report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
# print('Test accuracy on legitimate examples: %0.4f' % acc)
# # Train an MNIST model
# train_params = {
# 'nb_epochs': nb_epochs,
# 'batch_size': batch_size,
# 'learning_rate': learning_rate,
# 'train_dir': train_dir,
# 'filename': filename
# }
# ckpt = tf.train.get_checkpoint_state(train_dir)
# ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
# rng = np.random.RandomState([2017, 8, 30])
# if load_model and ckpt_path:
# saver = tf.train.Saver()
# saver.restore(sess, ckpt_path)
# print("Model loaded from: {}".format(ckpt_path))
# evaluate()
# else:
# print("Model was not loaded, training from scratch.")
# model_train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate,
# args=train_params, save=True, rng=rng)
# # Calculate training error
# if testing:
# eval_params = {'batch_size': batch_size}
# acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params)
# report.train_clean_train_clean_eval = acc
# # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
wrap = KerasModelWrapper(model)
print(wrap)
print(type(wrap))
def main(argv=None):
tf.set_random_seed(1234)
sess = tf.Session()
keras.backend.set_session(sess)
X_train, Y_train, X_test, Y_test = data_lmrc()
Y_train = Y_train.clip(.1 / 9., 1. - .1)
x = tf.placeholder(tf.float32, shape=(None, 128, 128, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
model = cnn_model(img_rows=128, img_cols=128, channels=3)
predictions = model(x)
def evaluate():
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on legitimate test examples: ' + str(accuracy))
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate,
'train_dir': FLAGS.train_dir,
'filename': FLAGS.filename
}
model_path = os.path.join(FLAGS.train_dir, FLAGS.filename)
if os.path.exists(model_path + ".meta"):
tf_model_load(sess, model_path)
else:
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
evaluate=evaluate,
args=train_params,
save=True)
wrap = KerasModelWrapper(model)
nb_classes = 10
targeted = False
nb_adv_per_sample = str(nb_classes - 1) if targeted else '1'
n_adv = 1000
cw = CarliniWagnerL2(model, back='tf', sess=sess)
adv_inputs = X_test[:n_adv]
adv_ys = None
yname = "y"
cw_params = {
'binary_search_steps': 1,
yname: adv_ys,
'max_iterations': 100,
'learning_rate': 0.1,
'batch_size': 10,
'initial_const': 10,
}
adv = cw.generate_np(adv_inputs, **cw_params)
#nFeatures = np.ndarray(shape=(n_adv,3))
#for i in range(0,n_adv):
# img = adv_inputs[i]
# fast = cv2.FastFeatureDetector_create()
# kp = fast.detect(img,None)
# nFeatures[i][0] = len(kp)
# img = adv[i]
# fast = cv2.FastFeatureDetector_create()
# kp = fast.detect(img,None)
# nFeatures[i][1] = len(kp)
# nFeatures[i][2] = int(np.argmax(Y_test[i]))
#print('Format: Mean(Std)')
#for i in range(0,10):
# pdb.set_trace()
# rows = np.where(nFeatures[:,2] == i)
# data = np.delete(nFeatures[rows], 2, 1)
# mean = np.mean(data, 0)
# std = np.std(data, 0)
# print('Class{0} : Original Image {1:.2f}({2:.2f}) Adversarial Image {3:.2f}({4:.2f})'.format(i, mean[0], std[0], mean[1], std[1]))
adv_den = np.zeros(adv.shape)
for i in range(0, n_adv):
img = adv[i] * 255
img = img.astype('uint8')
dst = cv2.fastNlMeansDenoisingColored(img, None, 10, 10, 7, 21)
dst = dst.astype('float32')
dst /= 255
adv_den[i] = dst
eval_params = {'batch_size': np.minimum(nb_classes, 10)}
original_accuracy = model_eval(sess,
x,
y,
predictions,
adv_inputs,
Y_test[:n_adv],
args=eval_params)
adv_accuracy = model_eval(sess,
x,
y,
predictions,
adv,
Y_test[:n_adv],
args=eval_params)
print('Accuracy on original images {0:.4f}'.format(original_accuracy))
print('Accuracy on adversarial images {0:.4f}'.format(adv_accuracy))
adv_accuracy = model_eval(sess,
x,
y,
predictions,
adv_den,
Y_test[:n_adv],
args=eval_params)
print(
'Accuracy on denoised adversarial images {0:.4f}'.format(adv_accuracy))
percent_perturbed = np.mean(
np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of perturbations adversarial samples {0:.4f}'.format(
percent_perturbed))
percent_perturbed = np.mean(
np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of denoised perturbations {0:.4f}'.format(
percent_perturbed))
sess.close()
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=6, batch_size=128,
learning_rate=0.001, train_dir="train_dir",
filename="mnist.ckpt", load_model=False,
testing=False, label_smoothing=True):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
x_train, y_train, x_test, y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
if label_smoothing:
label_smooth = .1
y_train = y_train.clip(label_smooth / (nb_classes-1),
1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols,
nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(img_rows=img_rows, img_cols=img_cols,
channels=nchannels, nb_filters=64,
nb_classes=nb_classes)
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
loss = LossCrossEntropy(wrap, smoothing=0.1)
train(sess, loss, x, y, x_train, y_train, evaluate=evaluate,
args=train_params, save=True, rng=rng)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.3,
'clip_min': 0.,
'clip_max': 1.}
adv_x = fgsm.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, x_train,
y_train, args=eval_par)
report.train_clean_train_adv_eval = acc
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model(img_rows=img_rows, img_cols=img_cols,
channels=nchannels, nb_filters=64,
nb_classes=nb_classes)
wrap_2 = KerasModelWrapper(model_2)
preds_2 = model_2(x)
fgsm2 = FastGradientMethod(wrap_2, sess=sess)
def attack(x):
return fgsm2.generate(x, **fgsm_params)
preds_2_adv = model_2(attack(x))
loss_2 = LossCrossEntropy(wrap_2, smoothing=0.1, attack=attack)
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_test, y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess, x, y, preds_2_adv, x_test,
y_test, args=eval_params)
print('Test accuracy on adversarial examples: %0.4f' % accuracy)
report.adv_train_adv_eval = accuracy
# Perform and evaluate adversarial training
train(sess, loss_2, x, y, x_train, y_train, evaluate=evaluate_2,
args=train_params, save=False, rng=rng)
# Calculate training errors
if testing:
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_train, y_train,
args=eval_params)
report.train_adv_train_clean_eval = accuracy
accuracy = model_eval(sess, x, y, preds_2_adv, x_train,
y_train, args=eval_params)
report.train_adv_train_adv_eval = accuracy
return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE,
learning_rate=LEARNING_RATE, train_dir=TRAIN_DIR,
filename=FILENAME, load_model=LOAD_MODEL,
testing=True, label_smoothing=0.1):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
tf.keras.backend.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if keras.backend.image_data_format() != 'channels_last':
raise NotImplementedError("this tutorial requires keras to be configured to channels_last format")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
mnist = MNIST(train_start=train_start, train_end=train_end,
test_start=test_start, test_end=test_end)
[x_adv_train, x_adv_test] = pickle.load(open(PKLDATA+'.pkl'))
x_train, y_train = mnist.get_set('train')
x_train = x_adv_train
x_test, y_test = mnist.get_set('test')
x_test = x_adv_test
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols,
nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(img_rows=img_rows, img_cols=img_cols,
channels=nchannels, nb_filters=64,
nb_classes=nb_classes)
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
print('Test accuracy on adversarial examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
loss = CrossEntropy(wrap, smoothing=label_smoothing)
train(sess, loss, x_train, y_train, evaluate=evaluate,
args=train_params, rng=rng)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
filter_x = binary_filter(x)
batch = 1000
def convert(x_input):
x_output = None
for i in tqdm(range(int(len(x_input) / batch))):
tmp = sess.run(filter_x, feed_dict={x: x_input[i * batch:(i + 1) * batch]})
if x_output is None:
x_output = tmp
else:
x_output = np.concatenate((x_output, tmp))
return x_output
x_filter_test = convert(x_test)
x_filter_train = convert(x_train)
def evaluate_adv():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_filter_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
print('Test accuracy on filtered examples: %0.4f' % acc)
evaluate_adv()
def main():
"""
MNIST CleverHans tutorial
:return:
"""
if not hasattr(backend, "theano"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the Theano backend.")
# Image dimensions ordering should follow the Theano convention
if keras.backend.image_dim_ordering() != 'th':
keras.backend.set_image_dim_ordering('th')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'tf', temporarily setting to 'th'")
parser = argparse.ArgumentParser()
parser.add_argument('--batch_size', '-b', default=128,
help='Size of training batches')
parser.add_argument('--train_dir', '-d', default='/tmp',
help='Directory storing the saved model.')
parser.add_argument('--filename', '-f', default='mnist.ckpt',
help='Filename to save model under.')
parser.add_argument('--nb_epochs', '-e', default=6, type=int,
help='Number of epochs to train model')
parser.add_argument('--learning_rate', '-lr', default=0.5, type=float,
help='Learning rate for training')
args = parser.parse_args()
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist()
print("Loaded MNIST test data.")
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input Theano placeholder
x_shape = (None, 1, 28, 28)
x = T.tensor4('x')
y = T.matrix('y')
# Define Theano model graph
model = cnn_model()
model.build(x_shape)
predictions = model(x)
print("Defined Theano model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
accuracy = th_model_eval(x, y, predictions, X_test, Y_test, args=args)
assert X_test.shape[0] == 10000, X_test.shape
print('Test accuracy on legitimate test examples: ' + str(accuracy))
pass
# Train an MNIST model
th_model_train(x, y, predictions, model.trainable_weights, X_train,
Y_train, evaluate=evaluate, args=args)
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
fgsm = FastGradientMethod(model, back='th')
adv_x = fgsm.generate(x, params={'eps': 0.3})
# Evaluate the accuracy of the MNIST model on adversarial examples
accuracy = th_model_eval(x, y, model(adv_x), X_test, Y_test, args=args)
print('Test accuracy on adversarial examples: ' + str(accuracy))
print("Repeating the process, using adversarial training")
# Redefine Theano model graph
model_2 = cnn_model()
model_2.build(x_shape)
preds_2 = model_2(x)
fgsm = FastGradientMethod(model_2, back='th')
preds_2_adv = model_2(fgsm.generate(x, params={'eps': 0.3}))
def evaluate_2():
# Evaluate the accuracy of the adversarialy trained MNIST model on
# legitimate test examples
accuracy = th_model_eval(x, y, preds_2, X_test, Y_test, args=args)
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Evaluate the accuracy of the adversarially trained MNIST model on
# adversarial examples
acc_adv = th_model_eval(x, y, preds_2_adv, X_test, Y_test, args=args)
print('Test accuracy on adversarial examples: ' + str(acc_adv))
# Perform adversarial training
th_model_train(x, y, preds_2, model_2.trainable_weights, X_train, Y_train,
predictions_adv=preds_2_adv, evaluate=evaluate_2, args=args)
def mnist_tutorial(
train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=NB_EPOCHS,
batch_size=BATCH_SIZE,
learning_rate=LEARNING_RATE,
train_dir=TRAIN_DIR,
filename=FILENAME,
load_model=LOAD_MODEL,
testing=False,
label_smoothing=0.1,
):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
tf.keras.backend.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if keras.backend.image_data_format() != "channels_last":
raise NotImplementedError(
"this tutorial requires keras to be configured to channels_last format"
)
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
mnist = MNIST(
train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end,
)
x_train, y_train = mnist.get_set("train")
x_test, y_test = mnist.get_set("test")
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(
img_rows=img_rows,
img_cols=img_cols,
channels=nchannels,
nb_filters=64,
nb_classes=nb_classes,
)
preds = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {"batch_size": batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
print("Test accuracy on legitimate examples: %0.4f" % acc)
# Train an MNIST model
train_params = {
"nb_epochs": nb_epochs,
"batch_size": batch_size,
"learning_rate": learning_rate,
"train_dir": train_dir,
"filename": filename,
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
loss = CrossEntropy(wrap, smoothing=label_smoothing)
train(
sess, loss, x_train, y_train, evaluate=evaluate, args=train_params, rng=rng
)
# Calculate training error
if testing:
eval_params = {"batch_size": batch_size}
acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {"eps": 0.3, "clip_min": 0.0, "clip_max": 1.0}
adv_x = fgsm.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {"batch_size": batch_size}
acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par)
print("Test accuracy on adversarial examples: %0.4f\n" % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {"batch_size": batch_size}
acc = model_eval(sess, x, y, preds_adv, x_train, y_train, args=eval_par)
report.train_clean_train_adv_eval = acc
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model(
img_rows=img_rows,
img_cols=img_cols,
channels=nchannels,
nb_filters=64,
nb_classes=nb_classes,
)
wrap_2 = KerasModelWrapper(model_2)
preds_2 = model_2(x)
fgsm2 = FastGradientMethod(wrap_2, sess=sess)
def attack(x):
return fgsm2.generate(x, **fgsm_params)
preds_2_adv = model_2(attack(x))
loss_2 = CrossEntropy(wrap_2, smoothing=label_smoothing, attack=attack)
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {"batch_size": batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_test, y_test, args=eval_params)
print("Test accuracy on legitimate examples: %0.4f" % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess, x, y, preds_2_adv, x_test, y_test, args=eval_params)
print("Test accuracy on adversarial examples: %0.4f" % accuracy)
report.adv_train_adv_eval = accuracy
# Perform and evaluate adversarial training
train(
sess, loss_2, x_train, y_train, evaluate=evaluate_2, args=train_params, rng=rng
)
# Calculate training errors
if testing:
eval_params = {"batch_size": batch_size}
accuracy = model_eval(sess, x, y, preds_2, x_train, y_train, args=eval_params)
report.train_adv_train_clean_eval = accuracy
accuracy = model_eval(
sess, x, y, preds_2_adv, x_train, y_train, args=eval_params
)
report.train_adv_train_adv_eval = accuracy
return report
def main(argv=None):
"""
CIFAR10 CleverHans tutorial
:return:
"""
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
# Set logging level to see debug information
set_log_level(logging.DEBUG)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get CIFAR10 test data
X_train, Y_train, X_test, Y_test = data_cifar10()
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
################ color training initialization ####################
color_training_epochs = 10000
color_learning_rate = 0.1
accepted_range = np.round(1/numColorOutput, 4)
colorCategory = [
[0.0, 0.4], # Black
[0.3, 0.7], # Grey
[0.6, 1.0] # White
]
#for i in range(numColorOutput):
# colorCategory.append([np.round((i*accepted_range), 4), np.round(((i+1)*accepted_range), 4)])
print(colorCategory)
save_dir2 = '/home/labiai/Jiacang/Experiments/tmp/pr/'+type+'/prmodel_'+str(FLAGS.nb_epochs)+'_'+str(numColorOutput)+'_output_model/'
filename2 = 'network'
model_path2 = os.path.join(save_dir2, filename2)
numColorInput = 1
color_x = tf.placeholder(tf.float32, [None, numColorInput]) # mnist data image of shape 28*28=784
color_y = tf.placeholder(tf.float32, [None, numColorOutput]) # 0-9 digits recognition => 10 classes
# Set model weights
color_W = tf.Variable(tf.zeros([numColorInput, numColorOutput]))
color_b = tf.Variable(tf.zeros([numColorOutput]))
color_pred_out = tf.matmul(color_x, color_W) + color_b # Softmax
color_cost = tf.reduce_mean(tf.nn.softmax_cross_entropy_with_logits(logits=color_pred_out, labels=color_y))
# Gradient Descent
color_optimizer = tf.train.GradientDescentOptimizer(color_learning_rate).minimize(color_cost)
# Test model
color_argmax = tf.argmax(color_pred_out, 1)
color_correct_prediction = tf.equal(tf.argmax(color_pred_out, 1), tf.argmax(color_y, 1))
# Calculate accuracy
color_accuracy = tf.reduce_mean(tf.cast(color_correct_prediction, tf.float32))
# Graph for re-generating the original image into a new image by using trained color model
pr_model_x = tf.placeholder(tf.float32, [None, n_input, numColorInput]) # mnist data image of shape 28*28=784
pr_model_W = tf.placeholder(tf.float32,
[None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784
pr_model_b = tf.placeholder(tf.float32,
[None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784
pr_model_output = tf.one_hot(tf.argmax((tf.matmul(pr_model_x, pr_model_W) + pr_model_b), 2), numColorOutput)
# Merge the random generated output for new image based on the colorCategory
randomColorCategory = []
for i in range(len(colorCategory)):
tmp = []
tmpRandomColorCategory = my_tf_round(
tf.random_uniform(tf.shape(pr_model_x), colorCategory[i][0], colorCategory[i][1], dtype=tf.float32), 2)
tmp.append(tmpRandomColorCategory)
randomColorCategory.append(tf.concat(tmp, 1))
random_merge = tf.reshape(tf.concat(randomColorCategory, -1), [-1, n_input, numColorOutput])
random_color_set = tf.reduce_sum(tf.multiply(pr_model_output, random_merge), 2)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
x = tf.reshape(random_color_set, shape=(-1, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
with sess.as_default():
if hasattr(tf, "global_variables_initializer"):
tf.global_variables_initializer().run()
else:
warnings.warn("Update your copy of tensorflow; future versions of "
"CleverHans may drop support for this version.")
sess.run(tf.initialize_all_variables())
################# color training ####################
print("Trying to load pr model from: " + model_path2)
if os.path.exists(model_path2 + ".meta"):
tf_model_load(sess, model_path2)
c_w, c_b = sess.run([color_W, color_b])
print("Load color trained model in training")
else:
# Training the color
for epoch in range(color_training_epochs):
outputColorY = []
p1 = np.random.random(100)
for i in range(len(p1)):
outputOverlapColorY = []
for j in range(len(colorCategory)):
if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]:
colorIndexSeq = []
for k in range(len(colorCategory)):
if j == k:
colorIndexSeq.append(1)
else:
colorIndexSeq.append(0)
outputOverlapColorY.append(colorIndexSeq)
#break
# Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item
outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))])
inputColorX = p1.reshape(100, 1)
_, c, c_w, c_b = sess.run([color_optimizer, color_cost, color_W, color_b],
feed_dict={color_x: inputColorX, color_y: outputColorY})
avg_cost = c
# Evaluating color model
outputColorY = []
p1 = np.random.random(100)
# Generate output for random color inputs (test case)
for i in range(len(p1)):
for j in range(len(colorCategory)):
outputOverlapColorY = []
if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]:
colorIndexSeq = []
for k in range(len(colorCategory)):
if j == k:
colorIndexSeq.append(1)
else:
colorIndexSeq.append(0)
outputOverlapColorY.append(colorIndexSeq)
break
# Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item
outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))])
inputColorX = p1.reshape(100, 1)
# print(random_xs)
acc, argmax = sess.run([color_accuracy, color_argmax], feed_dict={color_x: inputColorX,
color_y: outputColorY})
print("Epoch:", '%04d' % (epoch + 1) + "/" + str(color_training_epochs) + ", Cost= " + \
"{:.9f}".format(avg_cost) + ", Training Accuracy= " + \
"{:.5f}".format(acc) + " ")
# print(c_w)
with tf.device('/CPU:0'):
saver = tf.train.Saver(tf.global_variables(), max_to_keep=50)
# Since training PR model is fast, we do not have to save multiple sessions for this
save_path = os.path.join(save_dir2, filename2)
saver.save(sess, save_path)
##################### end of color training ------------------------------
################# model training ####################
# Define TF model graph
model = cnn_model(img_rows=32, img_cols=32, channels=3)
# model = vgg_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
print("Defined TensorFlow model graph.")
saveFileNum = 50
# saveFileNum = 500
# saveFileNum = 1000
model_path = os.path.join(save_dir, filename+"-"+str(saveFileNum))
# Craft adversarial examples using Fast Gradient Sign Method (FGSM)
fgsm = FastGradientMethod(model)
fgsm = BasicIterativeMethod(model)
fgsm = MomentumIterativeMethod(model)
adv_x = fgsm.generate(x, eps=8/256)
eval_params = {'batch_size': FLAGS.batch_size, 'n_input': n_input, 'numColorOutput': numColorOutput}
def evaluate():
# Evaluate the accuracy of the CIFAR10 model on legitimate test
# examples
eval_params = {'batch_size': FLAGS.batch_size, 'numColorOutput': numColorOutput}
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test,
args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set,
pr_model_W=pr_model_W, pr_model_b=pr_model_b)
#accuracy_adv = model_eval(sess, x, y, predictions, X_test,
# Y_test, args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set,
# pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True, ae=adv_x)
assert X_test.shape[0] == 10000, X_test.shape
print('Test accuracy on legitimate test examples: ' + str(accuracy))
#print('Test accuracy on adversarial examples: ' + str(accuracy_adv))
# Train an CIFAR10 model
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate,
'train_dir': save_dir,
'filename': filename,
'numColorOutput': numColorOutput
}
print("Trying to load trained model from: " + model_path)
if os.path.exists(model_path + ".meta"):
tf_model_load(sess, model_path)
print("Load trained model")
else:
model_train(sess, x, y, predictions, X_train, Y_train,
evaluate=evaluate, args=train_params, save=True,
c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set,
pr_model_W=pr_model_W, pr_model_b=pr_model_b)
X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params)
# assert X_test_adv.shape[0] == 10000, X_test_adv.shape
# Evaluate the accuracy of the CIFAR10 model on adversarial examples
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test,
args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set,
pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True, ae=adv_x)
print('Test accuracy on adversarial examples: ' + str(accuracy))
tra_images,tra_labels,val_images,val_labels = get_files(0.2)
imgs = []
for fname in tra_images:
imgs.append(load_norm_img_from_source(fname))
# Convert the images and labels from list to array
TrnLabels = np.array(tra_labels)
Img = np.array(imgs)
labels = np.zeros((6004,26), dtype=int)
for i in range(6004):
labels[i,TrnLabels[i]] = 1
# Define model
model = cnn_model(img_rows=FLAGS.img_rows, img_cols=FLAGS.img_cols, channels=FLAGS.nb_channels, nb_classes=FLAGS.nb_classes)
model.summary()
# will hold the placeholders so that they can be returned
placeholders = {}
img_rows = FLAGS.img_rows
img_cols = FLAGS.img_cols
placeholders['image_in'] = tf.placeholder(tf.float32, shape = (None, img_rows, img_cols, FLAGS.nb_channels))
placeholders['True_labels'] = tf.placeholder(tf.float32, shape = (None, FLAGS.nb_classes))
# will hold the variables and operations defined from now on
varops = {}
varops['pred'] = model(placeholders['image_in'])
varops['loss'] = model_loss(placeholders['True_labels'], varops['pred'], mean=True)
feed_dict = {placeholders['image_in']: imgs,
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=6,
batch_size=128,
learning_rate=0.001,
train_dir="/tmp",
filename="mnist.ckpt",
load_model=False,
model_dir="",
model_name=""):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved checkpoint
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param model_name/model_dir: describes location and name of model used
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
# Use label smoothing
assert Y_train.shape[1] == 10
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model()
preds = model(x) #predictions
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params)
report.clean_train_clean_eval = acc
assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
ckpt = tf.train.get_checkpoint_state(train_dir)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
rng = np.random.RandomState([2017, 8, 30])
if load_model and ckpt_path:
saver = tf.train.Saver()
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
model_train(sess,
x,
y,
preds,
X_train,
Y_train,
evaluate=evaluate,
args=train_params,
save=True,
rng=rng)
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Save model in .h5 format (for Keras)
filepath = model_dir + model_name
model.save(filepath)
print("Model saved to:")
print(filepath)
return report
def cifar10_cw(train_start=0, train_end=60000, test_start=0,
test_end=10000, viz_enabled=True, nb_epochs=6,
batch_size=128, source_samples=10,
learning_rate=0.001, attack_iterations=100,
model_path=os.path.join("models", "mnist"),
targeted=True):
"""
CIFAR10 CleverHans tutorial
:return:
"""
global numColorOutput
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
# Set logging level to see debug information
set_log_level(logging.DEBUG)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get CIFAR10 test data
X_train, Y_train, X_test, Y_test = data_cifar10()
# Obtain Image Parameters
img_rows, img_cols, nchannels = X_train.shape[1:4]
nb_classes = Y_train.shape[1]
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
################ color training initialization ####################
color_training_epochs = 10000
color_learning_rate = 0.1
accepted_range = np.round(1/numColorOutput, 4)
colorCategory = [
[0.0, 0.4], # Black
[0.3, 0.7], # Grey
[0.6, 1.0] # White
]
#for i in range(numColorOutput):
# colorCategory.append([np.round((i*accepted_range), 4), np.round(((i+1)*accepted_range), 4)])
print(colorCategory)
save_dir2 = '/home/labiai/Jiacang/Experiments/tmp/pr/'+type+'/prmodel_'+str(FLAGS.nb_epochs)+'_'+str(numColorOutput)+'_output_model/'
filename2 = 'network'
model_path2 = os.path.join(save_dir2, filename2)
numOfPRModel = 20
minColorEpoch = 300
maxColorEpoch = 3000
numColorInput = 1
numColorOutput = len(colorCategory)
color_x = tf.placeholder(tf.float32, [None, numColorInput]) # mnist data image of shape 28*28=784
color_y = tf.placeholder(tf.float32, [None, numColorOutput]) # 0-9 digits recognition => 10 classes
# Set multiple models' weights and biases
color_W = {}
color_b = {}
color_pred_out = {}
color_cost = {}
color_optimizer = {}
color_argmax = {}
color_correct_prediction = {}
color_accuracy = {}
for i in range(numOfPRModel):
color_W["w" + str(i)] = tf.Variable(tf.random_normal([numColorInput, numColorOutput]))
color_b["b" + str(i)] = tf.Variable(tf.random_normal([numColorOutput]))
color_pred_out["out" + str(i)] = tf.matmul(color_x, color_W["w" + str(i)]) + color_b["b" + str(i)] # Softmax
color_cost["cost" + str(i)] = tf.reduce_mean(
tf.nn.softmax_cross_entropy_with_logits(logits=color_pred_out["out" + str(i)], labels=color_y))
# Gradient Descent
color_optimizer["opt" + str(i)] = tf.train.GradientDescentOptimizer(color_learning_rate).minimize(
color_cost["cost" + str(i)])
# Test model
color_argmax["argmax" + str(i)] = tf.argmax(color_pred_out["out" + str(i)], 1)
color_correct_prediction["pred" + str(i)] = tf.equal(tf.argmax(color_pred_out["out" + str(i)], 1),
tf.argmax(color_y, 1))
# Calculate accuracy
color_accuracy["acc" + str(i)] = tf.reduce_mean(tf.cast(color_correct_prediction["pred" + str(i)], tf.float32))
# Graph for re-generating the original image into a new image by using trained color model
pr_model_x = tf.placeholder(tf.float32, [None, n_input, numColorInput]) # mnist data image of shape 28*28=784
pr_model_W = tf.placeholder(tf.float32,
[None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784
pr_model_b = tf.placeholder(tf.float32,
[None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784
pr_model_output = tf.one_hot(tf.argmax((tf.matmul(pr_model_x, pr_model_W) + pr_model_b), 2), numColorOutput)
# Merge the random generated output for new image based on the colorCategory
randomColorCategory = []
for i in range(len(colorCategory)):
tmp = []
tmpRandomColorCategory = my_tf_round(
tf.random_uniform(tf.shape(pr_model_x), colorCategory[i][0], colorCategory[i][1],
dtype=tf.float32), 2)
tmp.append(tmpRandomColorCategory)
randomColorCategory.append(tf.concat(tmp, 1))
random_merge = tf.reshape(tf.concat(randomColorCategory, -1), [-1, n_input, numColorOutput])
random_color_set = tf.reduce_sum(tf.multiply(pr_model_output, random_merge), 2)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
x = tf.reshape(random_color_set, shape=(-1, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
with sess.as_default():
if hasattr(tf, "global_variables_initializer"):
tf.global_variables_initializer().run()
else:
warnings.warn("Update your copy of tensorflow; future versions of "
"CleverHans may drop support for this version.")
sess.run(tf.initialize_all_variables())
################# color training ####################
if os.path.exists(model_path2 + ".meta"):
tf_model_load(sess, model_path2)
c_w, c_b = sess.run([color_W, color_b])
print("Load color trained model in training")
else:
# Training the PR model
c_w = {}
c_b = {}
for modelcount in range(numOfPRModel):
color_training_epochs = np.random.randint(minColorEpoch, maxColorEpoch)
for epoch in range(color_training_epochs):
outputColorY = []
p1 = np.random.random(100)
for i in range(len(p1)):
outputOverlapColorY = []
for j in range(len(colorCategory)):
if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]:
colorIndexSeq = []
for k in range(len(colorCategory)):
if j == k:
colorIndexSeq.append(1)
else:
colorIndexSeq.append(0)
outputOverlapColorY.append(colorIndexSeq)
# break
# Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item
outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))])
inputColorX = p1.reshape(100, 1)
_, c, _c_w, _c_b = sess.run(
[color_optimizer["opt" + str(modelcount)], color_cost["cost" + str(modelcount)],
color_W["w" + str(modelcount)], color_b["b" + str(modelcount)]],
feed_dict={color_x: inputColorX, color_y: outputColorY})
avg_cost = c
# Evaluating color model
outputColorY = []
p1 = np.random.random(100)
# Generate output for random color inputs (test case)
for i in range(len(p1)):
for j in range(len(colorCategory)):
outputOverlapColorY = []
if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]:
colorIndexSeq = []
for k in range(len(colorCategory)):
if j == k:
colorIndexSeq.append(1)
else:
colorIndexSeq.append(0)
outputOverlapColorY.append(colorIndexSeq)
break
# Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item
outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))])
inputColorX = p1.reshape(100, 1)
# print(random_xs)
acc, argmax = sess.run(
[color_accuracy["acc" + str(modelcount)], color_argmax["argmax" + str(modelcount)]],
feed_dict={color_x: inputColorX, color_y: outputColorY})
print(str(modelcount + 1) + ") Epoch:",
'%04d' % (epoch + 1) + "/" + str(color_training_epochs) + ", Cost= " + \
"{:.9f}".format(avg_cost) + ", Training Accuracy= " + \
"{:.5f}".format(acc) + " ")
c_w["w" + str(modelcount)] = _c_w
c_b["b" + str(modelcount)] = _c_b
# print(c_w)
save_path = os.path.join(save_dir2, filename2)
saver = tf.train.Saver()
saver.save(sess, save_path)
##################### end of color training ------------------------------
# Define TF model graph
model = cnn_model(img_rows=32, img_cols=32, channels=3)
# model = vgg_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the CIFAR10 model on legitimate test
# examples
eval_params = {'batch_size': FLAGS.batch_size, 'n_input': n_input, 'numColorOutput': numColorOutput}
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test,
args=eval_params, pred2=predictions, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x,
random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b
)
assert X_test.shape[0] == 10000, X_test.shape
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Train an CIFAR10 model
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate,
'n_input': n_input,
'train_dir': save_dir,
'filename': filename,
'numColorOutput': numColorOutput
}
saveFileNum = 50
# saveFileNum = 500
# saveFileNum = 1000
model_path = os.path.join(save_dir, filename+"-"+str(saveFileNum))
print("Trying to load trained model from: " + model_path)
if os.path.exists(model_path + ".meta"):
tf_model_load(sess, model_path)
print("Load trained model")
else:
model_train(sess, x, y, predictions, X_train, Y_train,
evaluate=evaluate, args=train_params, save=True,
c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set,
pr_model_W=pr_model_W, pr_model_b=pr_model_b)
###########################################################################
# Craft adversarial examples using Carlini and Wagner's approach
###########################################################################
nb_adv_per_sample = str(nb_classes - 1) if targeted else '1'
print('Crafting ' + str(source_samples) + ' * ' + nb_adv_per_sample +
' adversarial examples')
print("This could take some time ...")
# Instantiate a CW attack object
cw = CarliniWagnerL2(model, back='tf', sess=sess)
if viz_enabled:
assert source_samples == nb_classes
idxs = [np.where(np.argmax(Y_test, axis=1) == i)[0][0]
for i in range(nb_classes)]
if targeted:
if viz_enabled:
# Initialize our array for grid visualization
grid_shape = (nb_classes, nb_classes, img_rows, img_cols,
nchannels)
grid_viz_data = np.zeros(grid_shape, dtype='f')
adv_inputs = np.array(
[[instance] * nb_classes for instance in X_test[idxs]],
dtype=np.float32)
else:
adv_inputs = np.array(
[[instance] * nb_classes for
instance in X_test[:source_samples]], dtype=np.float32)
one_hot = np.zeros((nb_classes, nb_classes))
one_hot[np.arange(nb_classes), np.arange(nb_classes)] = 1
adv_inputs = adv_inputs.reshape(
(source_samples * nb_classes, img_rows, img_cols, nchannels))
adv_ys = np.array([one_hot] * source_samples,
dtype=np.float32).reshape((source_samples *
nb_classes, nb_classes))
yname = "y_target"
else:
if viz_enabled:
# Initialize our array for grid visualization
grid_shape = (nb_classes, 2, img_rows, img_cols, nchannels)
grid_viz_data = np.zeros(grid_shape, dtype='f')
adv_inputs = X_test[idxs]
adv_inputs = X_test
else:
adv_inputs = X_test[:source_samples]
adv_inputs = X_test
adv_ys = None
yname = "y"
cw_params = {'binary_search_steps': 1,
'max_iterations': attack_iterations,
'learning_rate': 0.1,
'batch_size': source_samples * nb_classes if
targeted else source_samples,
'initial_const': 10}
adv2 = cw.generate(x, **cw_params)
cw_params[yname] = adv_ys
adv = None
adv = cw.generate_np(adv_inputs, **cw_params)
eval_params = {'batch_size': np.minimum(nb_classes, source_samples), 'numColorOutput': numColorOutput}
if targeted:
adv_accuracy = model_eval(
sess, x, y, predictions, adv, adv_ys, args=eval_params)
else:
if viz_enabled:
adv_accuracy = model_eval(sess, x, y, predictions, X_test, Y_test[
idxs], args=eval_params)
else:
# adv_accuracy = model_eval(sess, x, y, preds, adv, y_test[
# :source_samples], args=eval_params)
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params,
c_w=c_w, c_b=c_b, pr_model_x=pr_model_x,
random_color_set=random_color_set,
pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True,
ae=adv2
)
print('Test accuracy on adversarial examples: ' + str(accuracy))
# if viz_enabled:
# for j in range(nb_classes):
# if targeted:
# for i in range(nb_classes):
# grid_viz_data[i, j] = adv[i * nb_classes + j]
# else:
# grid_viz_data[j, 0] = adv_inputs[j]
# grid_viz_data[j, 1] = adv[j]
#
# print(grid_viz_data.shape)
#
#
# # Compute the average distortion introduced by the algorithm
# percent_perturbed = np.mean(np.sum((adv - adv_inputs) ** 2,
# axis=(1, 2, 3)) ** .5)
# print('Avg. L_2 norm of perturbations {0:.4f}'.format(percent_perturbed))
# Close TF session
sess.close()
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
import keras
import tensorflow as tf
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) # channel is the last element in tensorflow
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
from cleverhans.utils_keras import cnn_model
model = cnn_model()
predictions = model(x)
# Get MNIST data
from cleverhans.utils_mnist import data_mnist
X_train, Y_train, X_test, Y_test = data_mnist()
# Train an MNIST model
from cleverhans.utils_tf import model_train, model_eval
sess = tf.Session()
train_params = {
'nb_epochs': 6,
'batch_size': 128,
'learning_rate': 0.001,
def main(argv=None):
"""
CIFAR10 CleverHans tutorial
:return:
"""
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get CIFAR10 test data
X_train, Y_train, X_test, Y_test = data_cifar10()
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the CIFAR10 model on legitimate test
# examples
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
assert X_test.shape[0] == 10000, X_test.shape
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Train an CIFAR10 model
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate
}
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
evaluate=evaluate,
args=train_params)
# Craft adversarial examples using Fast Gradient Sign Method (FGSM)
adv_x = fgsm(x, predictions, eps=0.3)
eval_params = {'batch_size': FLAGS.batch_size}
X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params)
assert X_test_adv.shape[0] == 10000, X_test_adv.shape
# Evaluate the accuracy of the CIFAR10 model on adversarial examples
accuracy = model_eval(sess,
x,
y,
predictions,
X_test_adv,
Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy))
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions_2 = model_2(x)
adv_x_2 = fgsm(x, predictions_2, eps=0.3)
predictions_2_adv = model_2(adv_x_2)
def evaluate_2():
# Evaluate the accuracy of the adversarialy trained CIFAR10 model on
# legitimate test examples
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess,
x,
y,
predictions_2,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Evaluate the accuracy of the adversarially trained CIFAR10 model on
# adversarial examples
accuracy_adv = model_eval(sess,
x,
y,
predictions_2_adv,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy_adv))
# Perform adversarial training
model_train(sess,
x,
y,
predictions_2,
X_train,
Y_train,
predictions_adv=predictions_2_adv,
evaluate=evaluate_2,
args=train_params)
# Evaluate the accuracy of the CIFAR10 model on adversarial examples
accuracy = model_eval(sess,
x,
y,
predictions_2_adv,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy))
def mnist_tutorial(train_start=0,
train_end=60000,
test_start=0,
test_end=10000,
nb_epochs=NB_EPOCHS,
batch_size=BATCH_SIZE,
learning_rate=LEARNING_RATE,
train_dir=TRAIN_DIR,
filename=FILENAME,
load_model=LOAD_MODEL,
testing=False,
label_smoothing=0.1):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param train_dir: Directory storing the saved model
:param filename: Filename to save model under
:param load_model: True for load, False for not load
:param testing: if true, test error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
keras.layers.core.K.set_learning_phase(0)
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get MNIST test data
mnist = MNIST(train_start=train_start,
train_end=train_end,
test_start=test_start,
test_end=test_end)
x_train, y_train = mnist.get_set('train')
x_test, y_test = mnist.get_set('test')
stream = generate_cipher_stream(KEY)
x_train_defense = x_train.copy()
x_test_defense = x_test.copy()
for i in range(len(x_train)):
x_train_defense[i] = xor(x_train[i], stream)
for i in range(len(x_test)):
x_test_defense[i] = xor(x_test[i], stream)
# Obtain Image Parameters
img_rows, img_cols, nchannels = x_train.shape[1:4]
nb_classes = y_train.shape[1]
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels))
y = tf.placeholder(tf.float32, shape=(None, nb_classes))
# Define TF model graph
model = cnn_model(img_rows=img_rows,
img_cols=img_cols,
channels=nchannels,
nb_filters=64,
nb_classes=nb_classes)
model_defense = cnn_model(img_rows=img_rows,
img_cols=img_cols,
channels=nchannels,
nb_filters=64,
nb_classes=nb_classes)
preds = model(x)
preds_defense = model_defense(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params)
report.clean_train_clean_eval = acc
# assert X_test.shape[0] == test_end - test_start, X_test.shape
print('Test accuracy on legitimate examples: %0.4f' % acc)
def evaluate_defense():
# Evaluate the accuracy of the MNIST model on legitimate test examples
eval_params = {'batch_size': batch_size}
acc = model_eval(sess,
x,
y,
preds_defense,
x_test_defense,
y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % acc)
# Train an MNIST model
train_params = {
'nb_epochs': nb_epochs,
'batch_size': batch_size,
'learning_rate': learning_rate,
'train_dir': train_dir,
'filename': filename
}
rng = np.random.RandomState([2017, 8, 30])
if not os.path.exists(train_dir):
os.mkdir(train_dir)
ckpt = tf.train.get_checkpoint_state(train_dir)
print(train_dir, ckpt)
ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path
wrap = KerasModelWrapper(model)
wrap_defense = KerasModelWrapper(model_defense)
if load_model and ckpt_path:
saver = tf.train.Saver()
print(ckpt_path)
saver.restore(sess, ckpt_path)
print("Model loaded from: {}".format(ckpt_path))
evaluate()
else:
print("Model was not loaded, training from scratch.")
loss = CrossEntropy(wrap, smoothing=label_smoothing)
train(sess,
loss,
x_train,
y_train,
evaluate=evaluate,
args=train_params,
rng=rng)
# training defense model
# Train an MNIST model
train_params_defense = {
'nb_epochs': 10,
'batch_size': batch_size,
'learning_rate': 0.001,
'train_dir': train_dir,
'filename': filename
}
print("Defense model is trained.")
loss_defense = CrossEntropy(wrap_defense, smoothing=label_smoothing)
train(sess,
loss_defense,
x_train_defense,
y_train,
evaluate=evaluate_defense,
args=train_params_defense,
rng=rng)
# Calculate training error
if testing:
eval_params = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params)
report.train_clean_train_clean_eval = acc
# Initialize the Fast Gradient Sign Method (FGSM) attack object and graph
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.2, 'clip_min': 0., 'clip_max': 1.}
adv_x = fgsm.generate(x, **fgsm_params)
# Consider the attack to be constant
adv_x = tf.stop_gradient(adv_x)
preds_adv = model(adv_x)
# Evaluate the accuracy of the MNIST model on adversarial examples
print("Evaluate the accuracy of target model on adversarial examples. ")
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Evaluate the accuracy of the MNIST defense model on adversarial examples
print("Evaluate the accuracy of defense model on adversarial examples. ")
eval_par = {'batch_size': batch_size}
adv_x_trans = tf.py_func(tensor_xor, [adv_x, stream], tf.float32)
preds_adv_defense = model_defense(adv_x_trans)
acc = model_eval(sess,
x,
y,
preds_adv_defense,
x_test,
y_test,
args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
def main(argv=None):
tf.set_random_seed(1234)
sess = tf.Session()
keras.backend.set_session(sess)
X_train, Y_train, X_test, Y_test = data_cifar10()
Y_train = Y_train.clip(.1 / 9., 1. - .1)
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
model = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
def evaluate():
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
print('Test accuracy on legitimate test examples: ' + str(accuracy))
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate,
'train_dir': FLAGS.train_dir,
'filename': FLAGS.filename
}
model_path = os.path.join(FLAGS.train_dir, FLAGS.filename)
if os.path.exists(model_path + ".meta"):
tf_model_load(sess, model_path)
else:
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
evaluate=evaluate,
args=train_params,
save=True)
wrap = KerasModelWrapper(model)
nb_classes = 10
targeted = False
nb_adv_per_sample = str(nb_classes - 1) if targeted else '1'
cw = CarliniWagnerL2(model, back='tf', sess=sess)
adv_inputs = X_test[:10]
adv_ys = None
yname = "y"
edges = edgeDetect(adv_inputs)
print('Length of edges of adv samples: ')
print(edges[:10])
cw_params = {
'binary_search_steps': 1,
yname: adv_ys,
'max_iterations': 100,
'learning_rate': 0.1,
'batch_size': 10,
'initial_const': 10,
}
adv = cw.generate_np(adv_inputs, **cw_params)
edges = edgeDetect(adv)
print('Length of edges of adv samples: ')
print(edges[:10])
sigma = 16.0 / 255
gamma = 0.00061 * 255 * 255
alpha = 0.00061 * 255 * 255
n_clusters = 10
n_samples = 50
noise = np.random.normal(0.0, sigma, adv.shape)
adv_gauss = adv + noise
i1 = np.repeat(np.arange(0, 10), n_samples)
i2 = np.random.randint(32, size=10 * n_samples)
i3 = np.random.randint(32, size=10 * n_samples)
sample = adv[i1, i2, i3]
noise = np.random.normal(0.0, sigma, sample.shape)
noisy_samples = sample + noise
noisy_samples = np.reshape(noisy_samples, (10, n_samples, 3))
noise = np.random.normal(0.0, sigma, adv.shape)
adv_rdesc = np.zeros(adv.shape)
adv_rmix = np.zeros(adv.shape)
for img_no, img_samples in enumerate(noisy_samples):
clusters = np.zeros((n_clusters, 3))
clusters[0] = img_samples[0]
for c_j in range(1, n_clusters):
prob_cj = np.zeros(n_samples)
for pix_no, pix in enumerate(img_samples):
l2_min = 100000
for c_l in range(0, c_j):
l2_norm_sq = np.inner(pix - clusters[c_l],
pix - clusters[c_l])
if l2_norm_sq < l2_min:
l2_min = l2_norm_sq
prob_cj[pix_no] = math.exp(gamma * l2_min)
prob_cj /= prob_cj.sum()
clusters[c_j] = img_samples[np.random.choice(n_samples,
1,
p=prob_cj)]
for pix_i in range(0, 32):
for pix_j in range(0, 32):
c_dist_min = 100000
c_min = np.zeros(3)
c_sum = np.zeros(3)
weight_sum = 0
for c_j in clusters:
c_dist = np.linalg.norm(adv_gauss[img_no][pix_i][pix_j] -
c_j)
weight_j = math.exp(-1 * alpha * c_dist * c_dist)
weight_sum = weight_sum + weight_j
c_sum = c_sum + weight_j * c_j
if c_dist < c_dist_min:
c_dist_min = c_dist
c_min = c_j
adv_rdesc[img_no][pix_i][pix_j] = c_min
adv_rmix[img_no][pix_i][pix_j] = c_sum / weight_sum
eval_params = {'batch_size': np.minimum(nb_classes, 10)}
adv_accuracy = 1 - model_eval(
sess, x, y, predictions, adv, Y_test[:10], args=eval_params)
print('Avg. rate of successful adv. examples without noise {0:.4f}'.format(
adv_accuracy))
percent_perturbed = np.mean(
np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of perturbations without noise {0:.4f}'.format(
percent_perturbed))
adv_accuracy = 1 - model_eval(
sess, x, y, predictions, adv_gauss, Y_test[:10], args=eval_params)
print('Avg. rate of successful adv. examples with Gaussian noise {0:.4f}'.
format(adv_accuracy))
percent_perturbed = np.mean(
np.sum((adv_gauss - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of perturbations with Gaussian noise {0:.4f}'.format(
percent_perturbed))
adv_accuracy = 1 - model_eval(
sess, x, y, predictions, adv_rdesc, Y_test[:10], args=eval_params)
print('Avg. rate of successful adv. examples with random descent {0:.4f}'.
format(adv_accuracy))
percent_perturbed = np.mean(
np.sum((adv_rdesc - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of perturbations with random descent {0:.4f}'.format(
percent_perturbed))
adv_accuracy = 1 - model_eval(
sess, x, y, predictions, adv_rmix, Y_test[:10], args=eval_params)
print('Avg. rate of successful adv. examples with random mixture {0:.4f}'.
format(adv_accuracy))
percent_perturbed = np.mean(
np.sum((adv_rmix - adv_inputs)**2, axis=(1, 2, 3))**.5)
print('Avg. L_2 norm of perturbations with random mixture {0:.4f}'.format(
percent_perturbed))
sess.close()
# Evaluate the accuracy of the MNIST model on adversarial examples
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par)
print('Test accuracy on adversarial examples: %0.4f\n' % acc)
report.clean_train_adv_eval = acc
# Calculating train error
if testing:
eval_par = {'batch_size': batch_size}
acc = model_eval(sess, x, y, preds_adv, X_train,
Y_train, args=eval_par)
report.train_clean_train_adv_eval = acc
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model()
preds_2 = model_2(x)
wrap_2 = KerasModelWrapper(model_2)
fgsm2 = FastGradientMethod(wrap_2, sess=sess)
preds_2_adv = model_2(fgsm2.generate(x, **fgsm_params))
def evaluate_2():
# Accuracy of adversarially trained model on legitimate test inputs
eval_params = {'batch_size': batch_size}
accuracy = model_eval(sess, x, y, preds_2, X_test, Y_test,
args=eval_params)
print('Test accuracy on legitimate examples: %0.4f' % accuracy)
report.adv_train_clean_eval = accuracy
# Accuracy of the adversarially trained model on adversarial examples
accuracy = model_eval(sess, x, y, preds_2_adv, X_test,
def run_attack(train_start=0, train_end=60000, test_start=0,
test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE,
learning_rate=LEARNING_RATE, testing=False,
label_smoothing=0.1):
"""
MNIST CleverHans tutorial
:param train_start: index of first training set example
:param train_end: index of last training set example
:param test_start: index of first test set example
:param test_end: index of last test set example
:param nb_epochs: number of epochs to train model
:param batch_size: size of training batches
:param learning_rate: learning rate for training
:param testing: if true, training error is calculated
:param label_smoothing: float, amount of label smoothing for cross entropy
:return: an AccuracyReport object
"""
# Object used to keep track of (and return) key accuracies
report = AccuracyReport()
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
# Force TensorFlow to use single thread to improve reproducibility
config = tf.ConfigProto(intra_op_parallelism_threads=1,
inter_op_parallelism_threads=1)
if keras.backend.image_data_format() != 'channels_last':
raise NotImplementedError("this tutorial requires keras to be configured to channels_last format")
# Create TF session and set as Keras backend session
sess = tf.Session(config=config)
keras.backend.set_session(sess)
# Define Keras model
model = cnn_model(img_rows=32, img_cols=32,
channels=1, nb_filters=64,
nb_classes=3)
print("Defined Keras model.")
# To be able to call the model in the custom loss, we need to call it once
# before, see https://github.com/tensorflow/tensorflow/issues/23769
model(model.input)
# Initialize the Fast Gradient Sign Method (FGSM) attack object
wrap = KerasModelWrapper(model)
fgsm = FastGradientMethod(wrap, sess=sess)
fgsm_params = {'eps': 0.3,
'clip_min': 0.,
'clip_max': 1.}
adv_acc_metric = get_adversarial_acc_metric(model, fgsm, fgsm_params)
model.compile(
optimizer=keras.optimizers.Adam(learning_rate),
loss='categorical_crossentropy',
metrics=['accuracy', keras.losses.mean_squared_error, adv_acc_metric]
)
# Train the model
model.fit(X_train, y_train,
batch_size=batch_size,
epochs=nb_epochs,
validation_data=(X_test, y_test),
verbose=1)
# Evaluate the accuracy on legitimate and adversarial test examples
_, acc, adv_acc = model.evaluate(X_test, y_test,
batch_size=batch_size,
verbose=1)
report.clean_train_clean_eval = acc
report.clean_train_adv_eval = adv_acc
print('Test accuracy on legitimate examples: %0.4f' % acc)
print('Test accuracy on adversarial examples: %0.4f\n' % adv_acc)
# Calculate training error
if testing:
_, train_acc, train_adv_acc = model.evaluate(X_train, y_train,
batch_size=batch_size,
verbose=1)
report.train_clean_train_clean_eval = train_acc
report.train_clean_train_adv_eval = train_adv_acc
print("Repeating the process, using adversarial training")
# Redefine Keras model
model_2 = cnn_model(img_rows=32, img_cols=32,
channels=1, nb_filters=64,
nb_classes=3)
model_2(model_2.input)
wrap_2 = KerasModelWrapper(model_2)
fgsm_2 = FastGradientMethod(wrap_2, sess=sess)
# Use a loss function based on legitimate and adversarial examples
adv_loss_2 = get_adversarial_loss(model_2, fgsm_2, fgsm_params)
adv_acc_metric_2 = get_adversarial_acc_metric(model_2, fgsm_2, fgsm_params)
model_2.compile(
optimizer=keras.optimizers.Adam(learning_rate),
loss=adv_loss_2,
metrics=['accuracy', adv_acc_metric_2]
)
def main(argv=None):
"""
CIFAR10 CleverHans tutorial
:return:
"""
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get CIFAR10 test data
X_train, Y_train, X_test, Y_test = data_cifar10()
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
print "Defined TensorFlow model graph."
def evaluate():
# Evaluate the accuracy of the CIFAR10 model on legitimate test
# examples
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess,
x,
y,
predictions,
X_test,
Y_test,
args=eval_params)
assert X_test.shape[0] == 10000, X_test.shape
print 'Test accuracy on legitimate test examples: ' + str(accuracy)
# Train an CIFAR10 model
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate
}
model_train(sess,
x,
y,
predictions,
X_train,
Y_train,
evaluate=evaluate,
args=train_params)
# Craft adversarial examples using Fast Gradient Sign Method (FGSM)
# adv_x = fgsm(x, predictions, eps=0.3)
mim = MIM(model, back='tf', sess=sess)
mim_params = {
'eps_iter': 0.06,
'eps': 0.3,
'nb_iter': 10,
'ord': 2,
'decay_factor': 1.0
}
adv_x = mim.generate(x, **mim_params)
eval_params = {'batch_size': FLAGS.batch_size}
X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params)
assert X_test_adv.shape[0] == 10000, X_test_adv.shape
accuracy = model_eval(sess,
x,
y,
predictions,
X_test_adv,
Y_test,
args=eval_params)
print 'Test accuracy on adversarial examples: ' + str(accuracy)
from scipy.misc import imsave
path = '/home/neale/repos/adversarial-toolbox/images/adversarials/mim/cifar/symmetric/'
"""
for i, (real, adv) in enumerate(zip(X_test, X_test_adv)):
imsave(path+'adv/adv_{}.png'.format(i), adv)
"""
preds = model_argmax(sess, x, predictions, X_test_adv)
print Y_test.shape
print preds.shape
count = 0
for i in range(len(preds)):
if np.argmax(Y_test[i]) == preds[i]:
# imsave(path+'real/im_{}.png'.format(i), X_test[i])
# imsave(path+'adv/adv_{}.png'.format(i), X_test_adv[i])
count += 1
print "saved ", count
def cnn_model(*args, **kwargs):
from cleverhans.utils_keras import cnn_model
warnings.warn("utils.cnn_model is deprecated and may be removed on or"
" after 2018-01-05. Switch to utils_keras.cnn_model.")
return cnn_model(*args, **kwargs)
def main(argv=None):
"""
CIFAR10 CleverHans tutorial
:return:
"""
# Set TF random seed to improve reproducibility
tf.set_random_seed(1234)
if not hasattr(backend, "tf"):
raise RuntimeError("This tutorial requires keras to be configured"
" to use the TensorFlow backend.")
if keras.backend.image_dim_ordering() != 'tf':
keras.backend.set_image_dim_ordering('tf')
print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to "
"'th', temporarily setting to 'tf'")
# Create TF session and set as Keras backend session
sess = tf.Session()
keras.backend.set_session(sess)
# Get CIFAR10 test data
X_train, Y_train, X_test, Y_test = data_cifar10()
assert Y_train.shape[1] == 10.
label_smooth = .1
Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth)
# Define input TF placeholder
x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3))
y = tf.placeholder(tf.float32, shape=(None, 10))
# Define TF model graph
model = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions = model(x)
print("Defined TensorFlow model graph.")
def evaluate():
# Evaluate the accuracy of the CIFAR10 model on legitimate test
# examples
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess, x, y, predictions, X_test, Y_test,
args=eval_params)
assert X_test.shape[0] == 10000, X_test.shape
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Train an CIFAR10 model
train_params = {
'nb_epochs': FLAGS.nb_epochs,
'batch_size': FLAGS.batch_size,
'learning_rate': FLAGS.learning_rate
}
model_train(sess, x, y, predictions, X_train, Y_train,
evaluate=evaluate, args=train_params)
# Craft adversarial examples using Fast Gradient Sign Method (FGSM)
fgsm = FastGradientMethod(model)
adv_x = fgsm.generate(x, eps=0.3)
eval_params = {'batch_size': FLAGS.batch_size}
X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params)
assert X_test_adv.shape[0] == 10000, X_test_adv.shape
# Evaluate the accuracy of the CIFAR10 model on adversarial examples
accuracy = model_eval(sess, x, y, predictions, X_test_adv, Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy))
print("Repeating the process, using adversarial training")
# Redefine TF model graph
model_2 = cnn_model(img_rows=32, img_cols=32, channels=3)
predictions_2 = model_2(x)
fgsm_2 = FastGradientMethod(model_2)
adv_x_2 = fgsm_2.generate(x, eps=0.3)
predictions_2_adv = model_2(adv_x_2)
def evaluate_2():
# Evaluate the accuracy of the adversarialy trained CIFAR10 model on
# legitimate test examples
eval_params = {'batch_size': FLAGS.batch_size}
accuracy = model_eval(sess, x, y, predictions_2, X_test, Y_test,
args=eval_params)
print('Test accuracy on legitimate test examples: ' + str(accuracy))
# Evaluate the accuracy of the adversarially trained CIFAR10 model on
# adversarial examples
accuracy_adv = model_eval(sess, x, y, predictions_2_adv, X_test,
Y_test, args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy_adv))
# Perform adversarial training
model_train(sess, x, y, predictions_2, X_train, Y_train,
predictions_adv=predictions_2_adv, evaluate=evaluate_2,
args=train_params)
# Evaluate the accuracy of the CIFAR10 model on adversarial examples
accuracy = model_eval(sess, x, y, predictions_2_adv, X_test, Y_test,
args=eval_params)
print('Test accuracy on adversarial examples: ' + str(accuracy))
