Python universal_perturbation Beispiele

Beispiel #1

def generate_universal_perturbation_examples(sess, model, x, y, X, Y, attack_params, verbose, attack_log_fpath):
    """
    Untargeted attack. Y is not needed.
    """

    # TODO: insert a uint8 filter to f.
    f, grad_fs = prepare_attack(sess, model, x, y, X, Y)

    params = {'delta': 0.2,
              'max_iter_uni': np.inf,
              'xi': 10,
              'p': np.inf,
              'num_classes': 10,
              'overshoot': 0.02,
              'max_iter_df': 10,
              }

    params = override_params(params, attack_params)

    if not verbose:
        disablePrint(attack_log_fpath)

    # X is randomly shuffled in unipert.
    X_copy = X.copy()
    v = universal_perturbation(X_copy, f, grad_fs, **params)
    del X_copy

    if not verbose:
        enablePrint()

    return X + v

Beispiel #2

def deepfool_eval(model, imgs, delta=0.2):
    def f(image_input):
        return model.sess.run(model.output, {model.input: image_input})

    def f_grad(image_input, inds):
        return model.sess.run(model.jacobians, {model._input: image_input})

    v = universal_perturbation(imgs, f, f_grad, delta=delta)

Beispiel #3

def generate_adv_exmp(pool_size, dataset_size):
	# 从检查点提取模型路径
	ckpt = tf.train.get_checkpoint_state(FLAGS.model_dir)
	model_path = ckpt.model_checkpoint_path
	#元数据meta路径
	model_meta_path = '.'.join([model_path, 'meta'])

	# 加载模型
	new_saver = tf.train.import_meta_graph(model_meta_path, clear_devices=True)

	with tf.Session() as sess:
		# 恢复模型参数
		new_saver.restore(sess, model_path)

		# 从Graph中提取模型的输入和输出tensor
		# input[50, 28, 28, 1], softmax[50, 10]
		input_op = tf.get_collection('input_op')[0]
		softmax_linear_op = tf.get_collection('softmax_linear_op')[0]

		# gradient计算的是所有输出w.r.t每一个输入特征的导数之和，不能直接得到雅可比矩阵形式的结果，
		# 所以必须每次取出一个输出值，分别计算关于输入的导数，最后组装起来
		scalar_out = [tf.slice(softmax_linear_op, [0, i], [1, 1]) for i in range(10)]
		dydx = [tf.gradients(scalar_out[i], [input_op])[0] for i in range(10)] # why extract [0]?

		def ff(image_inp):
			"""
			前馈导数计算函数
			"""
			return sess.run(softmax_linear_op, feed_dict={
									input_op: np.reshape(image_inp, (-1, 28, 28, 1))})

		def grads(image_inp, inds):
			"""
			梯度计算函数
			"""
			return [sess.run(dydx[i], feed_dict={input_op: image_inp}) for i in inds]

		# 获取样本池（默认500），并随机抽取size_dataset的样本，提供给对抗干扰生成函数
		image_pool, label_pool = generate_fix_data_batch(sess=sess, pool_size=pool_size)
		index_for_pool = np.arange(poolsize)
		np.random.shuffle(index_for_pool)
		images = image_pool[index_for_pool[:dataset_size]]
		labels = label_pool[index_for_pool[:dataset_size]]

		# 根据样本子集构造universal adversarial perturbation
		v = universal_perturbation(images, ff, grads, delta=0.2)

		return v


# def _test_pert(v):
	"""

Beispiel #4

                X = create_imagenet_npy(path_train_imagenet)

                print ">> Saving the pre-processed imagenet data"
                if not os.path.exists('data'):
                    os.makedirs('data')

                # Save the pre-processed images
                # Caution: This can take take a lot of space. Comment this part to discard saving.
                np.save(os.path.join('data', 'imagenet_data.npy'), X)

            else:
                print ">> Pre-processed imagenet data detected"
                X = np.load(datafile)

            # Running universal perturbation
            v = universal_perturbation(X, f, grad_fs, delta=0.2)

            # Saving the universal perturbation
            np.save(os.path.join(file_perturbation), v)

        else:
            print ">> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation
            v = np.load(file_perturbation)

        print ">> Testing the universal perturbation on an image"

        # Test the perturbation on the image
        labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n')

        image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb")
        label_original = np.argmax(f(image_original), axis=1).flatten()

Beispiel #5

                print('>> Saving the pre-processed imagenet data')
                if not os.path.exists('data'):
                    os.makedirs('data')

                # Save the pre-processed images
                # Caution: This can take take a lot of space. Comment this part to discard saving.
                np.save(os.path.join('data', 'imagenet_train_data.npy'), X)

            else:
                print('>> Pre-processed imagenet test data detected')
                X = np.load(datafile)

            # Running universal perturbation
            v = universal_perturbation(X,
                                       f,
                                       grad_fs,
                                       delta=0.2,
                                       num_classes=num_classes)

            # Saving the universal perturbation
            np.save(os.path.join(file_perturbation), v)

        else:
            print(
                '>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation'
            )
            v = np.load(file_perturbation)

        print('>> Testing the universal perturbation on an image')

        # Test the perturbation on the image

Beispiel #6

Datei: perturbation.py Projekt: RichardChangCA/An-Exploration-of-Universal-Adversarial-Perturbation-in-Deep-Learning

# =============================================================================
#         if os.path.isfile(file_perturbation) == 0:
# =============================================================================
        if True:
            # TODO: Optimize this construction part!
            print('>> Compiling the gradient tensorflow functions. This might take some time...')
            y_flat = tf.reshape(persisted_output, (-1,))
            inds = tf.placeholder(tf.int32, shape=(num_classes,))
            dydx = jacobian(y_flat,persisted_input,inds)

            print('>> Computing gradient function...')
            def grad_fs(image_inp, indices): return persisted_sess.run(dydx, feed_dict={persisted_input: image_inp, inds: indices}).squeeze(axis=1)

            # Running universal perturbation
            v = universal_perturbation(x_train, f, grad_fs, delta=delta, xi=xi, max_iter_uni=max_iter_uni, num_classes=num_classes)
            # Saving the universal perturbation
            np.save(os.path.join(file_perturbation), v)

        else:
            print('>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation')
            v = np.load(file_perturbation)

        print('>> Testing the universal perturbation on an image')

        # Test the perturbation on the image
        image_original = x_train[k:k+1]
        label_original = np.argmax(f(image_original))
# =============================================================================
#         # Clip the perturbation to make sure images fit in uint8
#         clipped_v = np.clip(image_original[0,:,:,:]+v[0,:,:,:], 0, 255) - np.clip(image_original[0,:,:,:], 0, 255)

Beispiel #7

Datei: target_universal.py Projekt: YiZeng623/frequency-backdoor

    if os.path.isfile(file_perturbation) == 0:

        # TODO: Optimize this construction part!
        print('>> Compiling the gradient tensorflow functions. This might take some time...')
        y_flat = tf.reshape(persisted_output, (-1,))
        inds = tf.placeholder(tf.int32, shape=(num_classes,))
        dydx = jacobian(y_flat,persisted_input,inds)

        print('>> Computing gradient function...')
        def grad_fs(image_inp, indices): return persisted_sess.run(dydx, feed_dict={persisted_input: image_inp, inds: indices}).squeeze(axis=1)

        # Load training data
        X = x_train[:100]

        # Running universal perturbation
        v,new_target = universal_perturbation(X, f, grad_fs, target=target, delta=0.8, max_iter_uni=np.inf, num_classes=num_classes, overshoot=0.02)

        # Saving the universal perturbation
        print('the final target label is:', new_target)
        np.save(os.path.join(file_perturbation), v)

    else:
        print('>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation')
        v = np.load(file_perturbation)

    print('>> Testing the universal perturbation on an image')


    image_original = x_test[0:1]
    label_original = np.argmax(f(image_original), axis=1)
    str_label_original = classes[np.int(label_original)]

Beispiel #8

Datei: demo_inception.py Projekt: nushrathumaira/robust_physical_attack

                print('>> Saving the pre-processed imagenet data')
                if not os.path.exists('data'):
                    os.makedirs('data')

                # Save the pre-processed images
                # Caution: This can take take a lot of space. Comment this part to discard saving.
                np.save(os.path.join('data', 'imagenet_data.npy'), X)

            else:
                print('>> Pre-processed imagenet data detected')
                X = np.load(datafile)

            # Running universal perturbation
            #v = universal_perturbation(X, f, grad_fs, delta=0.2,num_classes=num_classes)
            v2 = universal_perturbation(X, f, grad_fs, delta=212.8,num_classes=num_classes)

            # Saving the universal perturbation
            np.save(os.path.join(file_perturbation), v2)
                        
        else:
            print('>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation')
            v2 = np.load(file_perturbation)

        print('>> Testing the universal perturbation on an image')

        # Test the perturbation on the image
        labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n')

        image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb")
        label_original = np.argmax(f(image_original), axis=1).flatten()

Beispiel #9

Datei: search.py Projekt: qilong-zhang/Pytorch_Universal-adversarial-perturbation

print('loader data')
X = ImagetNet(training_data_path, 1000, 10, transforms = transform)

# X = torch.utils.data.DataLoader(
#     ImageFolder(training_data_path, transforms.Compose([
#         transforms.Resize((330, 330)),
#         transforms.CenterCrop(299),
#         transforms.ToTensor(),
#         ])),
#         batch_size = 1, shuffle=True,
#         pin_memory=True)

val_loader = torch.utils.data.DataLoader(
    ImageFolder(testing_data_path, transforms = transform,
        batch_size = 50, shuffle=False,
        num_workers = 8, pin_memory=True)


print('Computation')
v = universal_perturbation(X, val_loader, net, epsilon)