def _parse_defences(self, defences):
self.defences = defences
if defences:
import re
pattern = re.compile("featsqueeze[1-8]?")
for d in defences:
if pattern.match(d):
try:
from art.defences import FeatureSqueezing
bit_depth = int(d[-1])
self.feature_squeeze = FeatureSqueezing(bit_depth=bit_depth)
except:
raise ValueError('You must specify the bit depth for feature squeezing: featsqueeze[1-8]')
# Add label smoothing
if d == 'labsmooth':
from art.defences import LabelSmoothing
self.label_smooth = LabelSmoothing()
# Add spatial smoothing
if d == 'smooth':
from art.defences import SpatialSmoothing
self.smooth = SpatialSmoothing()
def test_default(self):
m, n = 1000, 20
y = np.zeros((m, n))
y[(range(m), np.random.choice(range(n), m))] = 1.0
ls = LabelSmoothing()
_, y_smooth = ls(None, y)
self.assertTrue(np.isclose(np.sum(y_smooth, axis=1), np.ones(m)).all())
self.assertTrue((np.max(y_smooth, axis=1) == np.ones(m) * 0.9).all())
def test_customizing(self):
m, n = 1000, 20
y = np.zeros((m, n))
y[(range(m), np.random.choice(range(n), m))] = 1.0
ls = LabelSmoothing(max_value=1.0 / n)
_, y_smooth = ls(None, y)
self.assertTrue(np.isclose(np.sum(y_smooth, axis=1), np.ones(m)).all())
self.assertTrue((np.max(y_smooth, axis=1) == np.ones(m) / n).all())
self.assertTrue(np.isclose(y_smooth, np.ones((m, n)) / n).all())
def def_LabelSmoothing(x_train, x_test, y_train, y_test, x_train_adv,
x_test_adv, min_, max_):
labelsmoother = LabelSmoothing()
x_train, y_train_smooth = labelsmoother(x_train, y_train, max_value=.8)
x_test, y_test_smooth = labelsmoother(x_test, y_test, max_value=.8)
# train network
classifier = create_Neural_Network(min_, max_)
classifier.fit(x_train, y_train_smooth, nb_epochs=5, batch_size=50)
# print result
print("After Defense\n")
evaluate(x_train, x_test, y_train_smooth, y_test_smooth, x_train_adv,
x_test_adv, classifier)
def def_LabelSmoothing(x_train, x_test, y_train, y_test, x_train_adv, x_test_adv, min_, max_, file):
labelsmoother = LabelSmoothing()
x_train, y_train_smooth = labelsmoother(x_train, y_train, max_value=.8)
x_test, y_test_smooth = labelsmoother(x_test, y_test, max_value=.8)
# train network
classifier = create_Neural_Network(min_, max_)
classifier.fit(x_train, y_train_smooth, nb_epochs=5, batch_size=50)
# print result
print("After LabelSmoothing Defense\n")
file.write("==== LabelSmoothing Defense==== \n")
train_num = 60000
test_num = 10000
for k in range (5):
file.write("==== Attack %i ====\n" % (k))
evaluate(x_train, x_test, y_train_smooth, y_test_smooth, x_train_adv[k*train_num:(k+1)*train_num], x_test_adv[k*test_num:(k+1)*test_num], y_train, y_test, classifier, file)
preds = np.argmax(classifier.predict(x_test), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print("Accuracy on legit samples: %.2f%% \n" % (acc * 100))
# Evaluate the classifier on the adversarial samples
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print('Accuracy on adversarial samples: %.2f%% \n' % (acc * 100))
from defense import Defense
print("Starting defense.")
d = Defense(x_train_adv, x_test_adv)
d.adversarial_training()
## LabelSmoothing
labelsmoother = LabelSmoothing()
x_train, y_train = labelsmoother(x_train, y_train, max_value=.8)
x_test, y_test = labelsmoother(x_test, y_test, max_value=.8)
## Create simple 2 hidden layer 64 nodes neural network
model = Sequential()
model.add(Dense(64, input_dim=784, activation='relu'))
model.add(Dense(64, activation='relu'))
model.add(Dense(10, activation='softmax'))
model.compile(loss='mse', optimizer='adam', metrics=['accuracy'])
classifier = KerasClassifier((min_, max_), model=model)
classifier.fit(x_train, y_train, nb_epochs=5, batch_size=50)
print("After LabelSmoothing \n")
# Evaluate the classifier on the test set
preds = np.argmax(classifier.predict(x_test), axis=1)