def test_untargeted_Xception(image, label=None):
import keras
from perceptron.models.classification.keras import KerasModel
mean = np.array([0.485, 0.456, 0.406]).reshape((1, 1, 3))
std = np.array([0.229, 0.224, 0.225]).reshape((1, 1, 3))
model_keras = keras.applications.xception.Xception(weights='imagenet')
model = KerasModel(model_keras, bounds=(0, 1), preprocessing=(mean, std))
print(np.argmax(model.predictions(image)))
attack = Attack(model, criterion=Misclassification())
adversarial_obj = attack(image, label, unpack=False, epsilons=10000)
distance = adversarial_obj.distance
adversarial = adversarial_obj.image
return distance, adversarial
def test_untargeted_resnet18(image, label=None):
import torch
import torchvision.models as models
from perceptron.models.classification import PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
resnet18 = models.resnet18(pretrained=True).eval()
if torch.cuda.is_available():
resnet18 = resnet18.cuda()
model = PyTorchModel(
resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std))
print(np.argmax(model.predictions(image)))
attack = Attack(model, criterion=Misclassification())
adversarial = attack(image, label, unpack=True)
def test_untargeted_resnet50(image, label=None):
import torch
import torchvision.models as models
from perceptron.models.classification import PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
model_pyt = models.resnet50(pretrained=True).eval()
if torch.cuda.is_available():
model_pyt = model_pyt.cuda()
model = PyTorchModel(model_pyt,
bounds=(0, 1),
num_classes=1000,
preprocessing=(mean, std))
print(np.argmax(model.predictions(image)))
attack = Attack(model, criterion=Misclassification())
adversarial_obj = attack(image, label, unpack=False, epsilons=10000)
distance = adversarial_obj.distance
adversarial = adversarial_obj.image
return distance, adversarial
std = np.array([0.229, 0.224, 0.225]).reshape((1, 1, 3))
#kmodel = KerasModel(xception, bounds=(0, 1), preprocessing=(mean, std))
kmodel = KerasModelUpload(bounds=(0, 1), preprocessing=(mean, std))
# get source image and label
# the model Xception expects values in [0, 1] with shape (299, 299), and channles_last
image, _ = imagenet_example(shape=(299, 299), data_format='channels_last')
image /= 255.0
# initialize the KerasModel
# keras resnet50 has input bound (0, 255)
# get source image and label
# the model expects values in [0, 255], and channles_last
label = np.argmax(kmodel.predictions(image))
metric = CarliniWagnerL2Metric(kmodel, criterion=Misclassification())
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, label, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
keywords = [
'KerasUserUpload', 'InceptionResnetV2', 'Misclassification',
'CarliniWagnerL2'
]
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
models = ['alexnet', 'vgg16', 'vgg19', 'resnet18', 'resnet34', 'resnet50', 'resnet101',
'resnet152', 'inception_v3', 'squeezenet1_0', 'densenet121']
mse_dict = {}
output_folder = './out/cw2/'
for i in range(10):
image_name = '0%s.jpg' % i
image = load_imagenet_image(image_name, data_format='channels_first')
for model_name in models:
pmodel = load_pytorch_model(model_name)
fmodel = PyTorchModel(
pmodel, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std))
label = np.argmax(fmodel.predictions(image))
################
metric = perceptron.benchmarks.CarliniWagnerL2Metric(fmodel, criterion=Misclassification())
################
adversary = metric(image, label, unpack=False) # set 'unpack' as false so we can access the detailed info of adversary
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC)
continue
if model_name in mse_dict:
mse_dict[model_name] += adversary.distance.value
else:
mse_dict[model_name] = adversary.distance.value
adv_image = adversary.image
output_adv_folder = output_folder + str(i) + '/'
if not os.path.exists(output_adv_folder):
os.makedirs(output_adv_folder)
adv_file_name = os.path.join(output_adv_folder, '%s.jpg' % model_name)
if adv_image.shape[0] == 3 :
resnet18 = models.resnet18(pretrained=True).eval()
if torch.cuda.is_available():
resnet18 = resnet18.cuda()
# initialize the PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
fmodel = PyTorchModel(
resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std))
# get source image and print the predicted label
image, _ = imagenet_example(data_format='channels_first')
image = image / 255. # because our model expects values in [0, 1]
# set the type of noise which will used to generate the adversarial examples
metric = FrostMetric(fmodel, criterion=Misclassification())
# set the label as the predicted one
label = np.argmax(fmodel.predictions(image))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
# set 'unpack' as false so we can access the detailed info of adversary
adversary = metric(image, label, scenario=5, verify=True, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(
bcolors.WARNING +
'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
method=param["model_method"],
train_epsilon=param["train_epsilon"]
).eval()
if torch.cuda.is_available():
net = net.cuda()
fmodel = PyTorchModel(
net, bounds=param["bounds"],
num_classes=param["num_classes"]
)
label = np.argmax(fmodel.predictions(image))
metric1 = NaiveIntervalMetric(fmodel,\
criterion=Misclassification(), threshold=epsilon)
metric2 = SymbolicIntervalMetric(fmodel,\
criterion=Misclassification(), threshold=epsilon)
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
print("Analyze with naive interval analysis")
adversary1 = metric1(image, optimal_bound=param["optimal_bound"],\
epsilon=epsilon, parallel=param["parallel"],\
original_pred=label, unpack=False,\
threshold=param["threshold"],\
normalize=param["normalize"]
)
print("Analyze with symbolic interval analysis")
adversary2 = metric2(image, optimal_bound=param["optimal_bound"],\
# initialize the PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
fmodel = PyTorchModel(vgg11,
bounds=(0, 1),
num_classes=1000,
preprocessing=(mean, std))
# get source image
image, label = imagenet_example(data_format='channels_first')
image = image / 255. # because our model expects values in [0, 1]
# set the label as the predicted one
true_label = np.argmax(fmodel.predictions(image))
# set the type of noise which will used to generate the adversarial examples
metric = SaltAndPepperNoiseMetric(fmodel, criterion=Misclassification())
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(
image, true_label, unpack=False
) # set 'unpack' as false so we can access the detailed info of adversary
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
keywords = ['PyTorch', 'Vgg11', 'Misclassification', 'SaltAndPepper']
resnet18 = resnet18.cuda()
# initialize the PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
fmodel = PyTorchModel(resnet18,
bounds=(0, 1),
num_classes=1000,
preprocessing=(mean, std))
# get source image and print the predicted label
image, _ = imagenet_example(data_format='channels_first')
image = image / 255. # because our model expects values in [0, 1]
# set the type of noise which will used to generate the adversarial examples
metric = SnowMetric(fmodel, criterion=Misclassification())
# set the label as the predicted one
label = np.argmax(fmodel.predictions(image))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
# set 'unpack' as false so we can access the detailed info of adversary
adversary = metric(image, label, verify=True, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
from perceptron.utils.tools import bcolors
from perceptron.models.classification.pytorchmodelupload import PyModelUpload
# initialize the PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
fmodel = PyModelUpload(bounds=(0, 1),
num_classes=1000,
preprocessing=(mean, std))
# get source image and print the predicted label
image, _ = imagenet_example(data_format='channels_first')
image = image / 255. # because our model expects values in [0, 1]
# set the type of noise which will used to generate the adversarial examples
metric = BrightnessMetric(fmodel, criterion=Misclassification())
# set the label as the predicted one
label = np.argmax(fmodel.predictions(image))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(
image, label, verify=True, unpack=False
) # set 'unpack' as false so we can access the detailed info of adversary
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)