def _test_evasion_multiclass(self, expected_x):
# EVASION
self.multiclass.verbose = 2
if self.normalizer is not None:
lb = self.normalizer.feature_range[0]
ub = self.normalizer.feature_range[1]
else:
lb = None
ub = None
dmax = 2
self.solver_params = {'eta': 1e-1, 'eta_min': 1.0}
eva = CAttackEvasionPGDLS(classifier=self.multiclass,
surrogate_classifier=self.multiclass,
surrogate_data=self.ds,
distance='l2',
dmax=dmax,
lb=lb,
ub=ub,
solver_params=self.solver_params,
y_target=self.y_target)
eva.verbose = 0 # 2
# Points from class 2 region
# p_idx = 0
# Points from class 1 region
# p_idx = 68
# Points from class 3 region
p_idx = 1 # Wrong classified point
# p_idx = 53 # Evasion goes up usually
# Points from class 0 region
# p_idx = 49 # Wrong classified point
# p_idx = 27 # Correctly classified point
x0 = self.ds.X[p_idx, :]
y0 = self.ds.Y[p_idx].item()
x_seq = CArray.empty((0, x0.shape[1]))
scores = CArray([])
f_seq = CArray([])
x = x0
for d_idx, d in enumerate(range(0, dmax + 1)):
self.logger.info("Evasion at dmax: " + str(d))
eva.dmax = d
x, f_opt = eva._run(x0=x0, y0=y0, x_init=x)
y_pred, score = self.multiclass.predict(
x, return_decision_function=True)
f_seq = f_seq.append(f_opt)
# not considering all iterations, just values at dmax
# for all iterations, you should bring eva.x_seq and eva.f_seq
x_seq = x_seq.append(x, axis=0)
s = score[:, y0 if self.y_target is None else self.y_target]
scores = scores.append(s)
self.logger.info("Predicted label after evasion: " + str(y_pred))
self.logger.info("Score after evasion: {:}".format(s))
self.logger.info("Objective function after evasion: {:}".format(f_opt))
# Compare optimal point with expected
self.assert_array_almost_equal(eva.x_opt.todense().ravel(),
expected_x,
decimal=4)
self._make_plots(x_seq, dmax, eva, x0, scores, f_seq)
def _test_evasion_multiclass(self, expected_x):
# EVASION
self.multiclass.verbose = 2
if self.normalizer is not None:
lb = self.normalizer.feature_range[0]
ub = self.normalizer.feature_range[1]
else:
lb = None
ub = None
dmax = 3
self.solver_params = {'eta': 0.5, 'max_iter': 3}
eva = CAttackEvasionPGDLS(classifier=self.multiclass,
double_init_ds=self.ds,
distance='l2',
dmax=dmax,
lb=lb,
ub=ub,
solver_params=self.solver_params,
y_target=self.y_target)
eva.verbose = 0 # 2
# Points from class 2 region
# p_idx = 0
# Points from class 1 region
# p_idx = 68
# Points from class 3 region
p_idx = 1 # Wrong classified point
# p_idx = 53 # Evasion goes up usually
# Points from class 0 region
# p_idx = 49 # Wrong classified point
# p_idx = 27 # Correctly classified point
x0 = self.ds.X[p_idx, :]
y0 = self.ds.Y[p_idx].item()
self.logger.info("Evasion at dmax: " + str(dmax))
eva.dmax = dmax
x_opt, f_opt = eva._run(x0=x0, y0=y0, x_init=x0)
y_pred, score = self.multiclass.predict(x_opt,
return_decision_function=True)
s = score[:, y0 if self.y_target is None else self.y_target]
self.logger.info(
"Number of objective function evaluations: {:}".format(eva.f_eval))
self.logger.info("Number of gradient function evaluations: {:}".format(
eva.grad_eval))
self.logger.info("Predicted label after evasion: {:}".format(y_pred))
self.logger.info("Score after evasion: {:}".format(s))
self.logger.info("Objective function after evasion: {:}".format(f_opt))
# Compare optimal point with expected
self.assert_array_almost_equal(eva.x_opt.todense().ravel(),
expected_x,
decimal=4)
if self.y_target:
s_ytarget_x0 = self.multiclass.decision_function(x0, self.y_target)
s_ytarget_xopt = self.multiclass.decision_function(
x_opt, self.y_target)
self.logger.info(
"Discriminat function w.r.t the target class first: {:} "
"and after evasion: {:}".format(s_ytarget_x0, s_ytarget_xopt))
self.assertLess(s_ytarget_x0, s_ytarget_xopt)
else: # indiscriminate attack
s_ytrue_x0 = self.multiclass.decision_function(x0, y0)
s_ytrue_xopt = self.multiclass.decision_function(x_opt, y0)
self.logger.info(
"Discriminat function w.r.t the true class first: {:} "
"and after evasion: {:}".format(s_ytrue_x0, s_ytrue_xopt))
self.assertGreater(s_ytrue_x0, s_ytrue_xopt)
self._make_plot(p_idx, eva, dmax)