def test_defences_predict(self): clip_values = (0, 1) fs = FeatureSqueezing(clip_values=clip_values, bit_depth=2) jpeg = JpegCompression(clip_values=clip_values, apply_predict=True) smooth = SpatialSmoothing() classifier_ = get_image_classifier_kr_tf() classifier = KerasClassifier(clip_values=clip_values, model=classifier_._model, preprocessing_defences=[fs, jpeg, smooth]) self.assertEqual(len(classifier.preprocessing_defences), 3) predictions_classifier = classifier.predict(self.x_test_mnist) # Apply the same defences by hand x_test_defense = self.x_test_mnist x_test_defense, _ = fs(x_test_defense, self.y_test_mnist) x_test_defense, _ = jpeg(x_test_defense, self.y_test_mnist) x_test_defense, _ = smooth(x_test_defense, self.y_test_mnist) classifier = get_image_classifier_kr_tf() predictions_check = classifier._model.predict(x_test_defense) # Check that the prediction results match np.testing.assert_array_almost_equal(predictions_classifier, predictions_check, decimal=4)
def test_decimals_0_2(self): """ Test with cutoff of 0.2. """ (_, _), (x_test, _) = self.mnist classifier = get_image_classifier_kr_tf() preds = classifier.predict(x_test[0:1]) postprocessor = HighConfidence(cutoff=0.2) post_preds = postprocessor(preds=preds) classifier_prediction_expected = np.asarray( [[ 0.12109935, 0.0498215, 0.0993958, 0.06410096, 0.11366928, 0.04645343, 0.06419807, 0.30685693, 0.07616714, 0.05823757, ]], dtype=np.float32, ) post_classifier_prediction_expected = np.asarray( [[0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.30685693, 0.0, 0.0]], dtype=np.float32) np.testing.assert_array_almost_equal(preds, classifier_prediction_expected, decimal=4) np.testing.assert_array_almost_equal( post_preds, post_classifier_prediction_expected, decimal=4)
def test_fit_image_generator(self): master_seed(seed=1234) labels_test = np.argmax(self.y_test_mnist, axis=1) classifier = get_image_classifier_kr_tf() acc = np.sum(np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels_test) / self.n_test logger.info("Accuracy: %.2f%%", (acc * 100)) keras_gen = ImageDataGenerator( width_shift_range=0.075, height_shift_range=0.075, rotation_range=12, shear_range=0.075, zoom_range=0.05, fill_mode="constant", cval=0, ) keras_gen.fit(self.x_train_mnist) data_gen = KerasDataGenerator( iterator=keras_gen.flow(self.x_train_mnist, self.y_train_mnist, batch_size=self.batch_size), size=self.n_train, batch_size=self.batch_size) classifier.fit_generator(generator=data_gen, nb_epochs=2) acc2 = np.sum(np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels_test) / self.n_test logger.info("Accuracy: %.2f%%", (acc2 * 100)) self.assertEqual(acc, 0.32) self.assertAlmostEqual(acc2, 0.69, delta=0.02)
def test_gaussian_noise(self): """ Test Gaussian noise. """ (_, _), (x_test, _) = self.mnist classifier = get_image_classifier_kr_tf() preds = classifier.predict(x_test[0:1]) postprocessor = GaussianNoise(scale=0.1) post_preds = postprocessor(preds=preds) classifier_prediction_expected = np.asarray( [ [ 0.12109935, 0.0498215, 0.0993958, 0.06410096, 0.11366928, 0.04645343, 0.06419807, 0.30685693, 0.07616714, 0.05823757, ] ], dtype=np.float32, ) post_classifier_prediction_expected = np.asarray( [[0.15412168, 0.0, 0.2222987, 0.03007976, 0.0381179, 0.12382449, 0.13755375, 0.22279163, 0.07121207, 0.0]], dtype=np.float32, ) np.testing.assert_array_almost_equal(preds, classifier_prediction_expected, decimal=4) np.testing.assert_array_almost_equal(post_preds, post_classifier_prediction_expected, decimal=4)
def _run_tests( _loss_name, _loss_type, _y_test_pred_expected, _class_gradient_probabilities_expected, _loss_gradient_expected, _from_logits, ): master_seed(1234) classifier = get_image_classifier_kr_tf(loss_name=_loss_name, loss_type=_loss_type, from_logits=_from_logits) y_test_pred = np.argmax(classifier.predict(x=self.x_test_mnist), axis=1) np.testing.assert_array_equal(y_test_pred, _y_test_pred_expected) class_gradient = classifier.class_gradient(self.x_test_mnist, label=5) np.testing.assert_array_almost_equal( class_gradient[99, 0, 14, :, 0], _class_gradient_probabilities_expected) loss_gradient = classifier.loss_gradient(x=self.x_test_mnist, y=self.y_test_mnist) np.testing.assert_array_almost_equal(loss_gradient[99, 14, :, 0], _loss_gradient_expected)
def test_fit(self): labels = np.argmax(self.y_test_mnist, axis=1) classifier = get_image_classifier_kr_tf() acc = np.sum( np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels) / NB_TEST logger.info("Accuracy: %.2f%%", (acc * 100)) classifier.fit(self.x_train_mnist, self.y_train_mnist, batch_size=BATCH_SIZE, nb_epochs=2) acc2 = np.sum( np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels) / NB_TEST logger.info("Accuracy: %.2f%%", (acc2 * 100)) self.assertEqual(acc, 0.32) self.assertEqual(acc2, 0.77) classifier.fit(self.x_train_mnist, y=self.y_train_mnist, batch_size=BATCH_SIZE, nb_epochs=2) classifier.fit(x=self.x_train_mnist, y=self.y_train_mnist, batch_size=BATCH_SIZE, nb_epochs=2)
def test_layers(self): classifier = get_image_classifier_kr_tf() self.assertEqual(len(classifier.layer_names), 3) layer_names = classifier.layer_names for i, name in enumerate(layer_names): act_i = classifier.get_activations(self.x_test_mnist, i, batch_size=128) act_name = classifier.get_activations(self.x_test_mnist, name, batch_size=128) np.testing.assert_array_equal(act_name, act_i)
def test_learning_phase(self): classifier = get_image_classifier_kr_tf() self.assertFalse(hasattr(classifier, "_learning_phase")) classifier.set_learning_phase(False) self.assertFalse(classifier.learning_phase) classifier.set_learning_phase(True) self.assertTrue(classifier.learning_phase) self.assertTrue(hasattr(classifier, "_learning_phase"))
def test_save(self): path = "tmp" filename = "model.h5" classifier = get_image_classifier_kr_tf() classifier.save(filename, path=path) self.assertTrue(os.path.isfile(os.path.join(path, filename))) # Remove saved file os.remove(os.path.join(path, filename))
def test_repr(self): classifier = get_image_classifier_kr_tf() repr_ = repr(classifier) self.assertIn("art.classifiers.keras.KerasClassifier", repr_) self.assertIn("use_logits=False, channel_index=3", repr_) self.assertIn( "clip_values=(0, 1), preprocessing_defences=None, postprocessing_defences=None, " "preprocessing=(0, 1)", repr_, ) self.assertIn("input_layer=0, output_layer=0", repr_)
def _image_dl_estimator(one_classifier=False, functional=False, **kwargs): sess = None wildcard = False classifier_list = None if kwargs.get("wildcard") is not None: if kwargs.get("wildcard") is True: wildcard = True del kwargs["wildcard"] if framework == "keras": if wildcard is False and functional is False: if functional: classifier_list = [ get_image_classifier_kr_functional(**kwargs) ] else: classifier_list = [get_image_classifier_kr(**kwargs)] if framework == "tensorflow": if wildcard is False and functional is False: classifier, sess = get_image_classifier_tf(**kwargs) classifier_list = [classifier] if framework == "pytorch": if wildcard is False and functional is False: classifier_list = [get_image_classifier_pt(**kwargs)] if framework == "scikitlearn": logging.warning( "{0} doesn't have an image classifier defined yet".format( framework)) classifier_list = None if framework == "kerastf": if wildcard: classifier_list = [ get_image_classifier_kr_tf_with_wildcard(**kwargs) ] else: if functional: classifier_list = [ get_image_classifier_kr_tf_functional(**kwargs) ] else: classifier_list = [get_image_classifier_kr_tf(**kwargs)] if framework == "mxnet": if wildcard is False and functional is False: classifier_list = [get_image_classifier_mx_instance(**kwargs)] if classifier_list is None: return None, None if one_classifier: return classifier_list[0], sess return classifier_list, sess
def _image_dl_estimator(functional=False, **kwargs): sess = None wildcard = False classifier = None if kwargs.get("wildcard") is not None: if kwargs.get("wildcard") is True: wildcard = True del kwargs["wildcard"] if framework == "keras": if wildcard is False and functional is False: if functional: classifier = get_image_classifier_kr_functional(**kwargs) else: try: classifier = get_image_classifier_kr(**kwargs) except NotImplementedError: raise ARTTestFixtureNotImplemented( "This combination of loss function options is currently not supported.", image_dl_estimator.__name__, framework, ) if framework == "tensorflow1" or framework == "tensorflow2": if wildcard is False and functional is False: classifier, sess = get_image_classifier_tf(**kwargs) return classifier, sess if framework == "pytorch": if not wildcard: if functional: classifier = get_image_classifier_pt_functional(**kwargs) else: classifier = get_image_classifier_pt(**kwargs) if framework == "kerastf": if wildcard: classifier = get_image_classifier_kr_tf_with_wildcard(**kwargs) else: if functional: classifier = get_image_classifier_kr_tf_functional( **kwargs) else: classifier = get_image_classifier_kr_tf(**kwargs) if framework == "mxnet": if wildcard is False and functional is False: classifier = get_image_classifier_mx_instance(**kwargs) if classifier is None: raise ARTTestFixtureNotImplemented( "no test deep learning estimator available", image_dl_estimator.__name__, framework) return classifier, sess
def test_shapes(self): classifier = get_image_classifier_kr_tf() predictions = classifier.predict(self.x_test_mnist) self.assertEqual(predictions.shape, self.y_test_mnist.shape) self.assertEqual(classifier.nb_classes(), 10) class_gradients = classifier.class_gradient(self.x_test_mnist[:11]) self.assertEqual(class_gradients.shape, tuple([11, 10] + list(self.x_test_mnist[1].shape))) loss_gradients = classifier.loss_gradient(self.x_test_mnist[:11], self.y_test_mnist[:11]) self.assertEqual(loss_gradients.shape, self.x_test_mnist[:11].shape)
def test_fit_generator(self): labels = np.argmax(self.y_test_mnist, axis=1) classifier = get_image_classifier_kr_tf() acc = np.sum(np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels) / self.n_test logger.info("Accuracy: %.2f%%", (acc * 100)) gen = generator_fit(self.x_train_mnist, self.y_train_mnist, batch_size=self.batch_size) data_gen = KerasDataGenerator(iterator=gen, size=self.n_train, batch_size=self.batch_size) classifier.fit_generator(generator=data_gen, nb_epochs=2) acc2 = np.sum(np.argmax(classifier.predict(self.x_test_mnist), axis=1) == labels) / self.n_test logger.info("Accuracy: %.2f%%", (acc2 * 100)) self.assertEqual(acc, 0.32) self.assertAlmostEqual(acc2, 0.70, delta=0.15)
def test_repr(self): classifier = get_image_classifier_kr_tf() repr_ = repr(classifier) self.assertIn("art.estimators.classification.keras.KerasClassifier", repr_) self.assertIn( f"use_logits=False, channel_index={Deprecated}, channels_first=False", repr_) self.assertIn( "clip_values=array([0., 1.], dtype=float32), preprocessing_defences=None, postprocessing_defences=None, " "preprocessing=(0, 1)", repr_, ) self.assertIn("input_layer=0, output_layer=0", repr_)
def test_fit_kwargs(self): def get_lr(_): return 0.01 # Test a valid callback classifier = get_image_classifier_kr_tf() kwargs = {"callbacks": [LearningRateScheduler(get_lr)]} classifier.fit(self.x_train_mnist, self.y_train_mnist, batch_size=self.batch_size, nb_epochs=1, **kwargs) # Test failure for invalid parameters kwargs = {"epochs": 1} with self.assertRaises(TypeError) as context: classifier.fit(self.x_train_mnist, self.y_train_mnist, batch_size=self.batch_size, nb_epochs=1, **kwargs) self.assertIn("multiple values for keyword argument", str(context.exception))
def test_reverse_sigmoid_gamma(self): """ Test reverse sigmoid parameter gamma. """ (_, _), (x_test, _) = self.mnist classifier = get_image_classifier_kr_tf() preds = classifier.predict(x_test[0:1]) postprocessor = ReverseSigmoid(beta=1.0, gamma=0.5) post_preds = postprocessor(preds=preds) classifier_prediction_expected = np.asarray( [ [ 0.12109935, 0.0498215, 0.0993958, 0.06410096, 0.11366928, 0.04645343, 0.06419807, 0.30685693, 0.07616714, 0.05823757, ] ], dtype=np.float32, ) post_classifier_prediction_expected = np.asarray( [ [ 0.09699764, 0.10062696, 0.09689676, 0.09873781, 0.0968849, 0.10121989, 0.0987279, 0.11275949, 0.09774373, 0.09940492, ] ], dtype=np.float32, ) np.testing.assert_array_almost_equal(preds, classifier_prediction_expected, decimal=4) np.testing.assert_array_almost_equal(post_preds, post_classifier_prediction_expected, decimal=4)
def test_reverse_sigmoid(self): """ Test reverse sigmoid. """ (_, _), (x_test, _) = self.mnist classifier = get_image_classifier_kr_tf() preds = classifier.predict(x_test[0:1]) postprocessor = ReverseSigmoid(beta=1.0, gamma=0.1) post_preds = postprocessor(preds=preds) classifier_prediction_expected = np.asarray( [ [ 0.12109935, 0.0498215, 0.0993958, 0.06410096, 0.11366928, 0.04645343, 0.06419807, 0.30685693, 0.07616714, 0.05823757, ] ], dtype=np.float32, ) post_classifier_prediction_expected = np.asarray( [ [ 0.10733664, 0.07743666, 0.09712707, 0.08230411, 0.10377649, 0.0764482, 0.08234023, 0.20600921, 0.08703023, 0.08019119, ] ], dtype=np.float32, ) np.testing.assert_array_almost_equal(preds, classifier_prediction_expected, decimal=4) np.testing.assert_array_almost_equal(post_preds, post_classifier_prediction_expected, decimal=4)
def test_reverse_sigmoid_beta(self): """ Test reverse sigmoid parameter beta. """ (_, _), (x_test, _) = self.mnist classifier = get_image_classifier_kr_tf() preds = classifier.predict(x_test[0:1]) postprocessor = ReverseSigmoid(beta=0.75, gamma=0.1) post_preds = postprocessor(preds=preds) classifier_prediction_expected = np.asarray( [ [ 0.12109935, 0.0498215, 0.0993958, 0.06410096, 0.11366928, 0.04645343, 0.06419807, 0.30685693, 0.07616714, 0.05823757, ] ], dtype=np.float32, ) post_classifier_prediction_expected = np.asarray( [ [ 0.1097239, 0.07264659, 0.09752058, 0.07914664, 0.10549247, 0.07124537, 0.07919333, 0.22350204, 0.08514594, 0.07638316, ] ], dtype=np.float32, ) np.testing.assert_array_almost_equal(preds, classifier_prediction_expected, decimal=4) np.testing.assert_array_almost_equal(post_preds, post_classifier_prediction_expected, decimal=4)
def test_keras(self): """ Test with a KerasClassifier. :return: """ # Build KerasClassifier krc = get_image_classifier_kr_tf(loss_type="label") # Get MNIST (x_train, y_train), (_, _) = self.mnist target_idx = 9 target = np.zeros(10) target[target_idx] = 1 target2 = np.zeros(10) target2[(target_idx + 1) % 10] = 1 backdoor = PoisoningAttackBackdoor(add_pattern_bd) emb_attack = PoisoningAttackAdversarialEmbedding( krc, backdoor, 2, target) classifier = emb_attack.poison_estimator(x_train, y_train, nb_epochs=NB_EPOCHS) data, labels, bd = emb_attack.get_training_data() self.assertEqual(x_train.shape, data.shape) self.assertEqual(y_train.shape, labels.shape) self.assertEqual(bd.shape, (len(x_train), 2)) # Assert successful cloning of classifier model self.assertTrue(classifier is not krc) emb_attack2 = PoisoningAttackAdversarialEmbedding( krc, backdoor, 2, [(target, target2)]) _ = emb_attack2.poison_estimator(x_train, y_train, nb_epochs=NB_EPOCHS) data, labels, bd = emb_attack2.get_training_data() self.assertEqual(x_train.shape, data.shape) self.assertEqual(y_train.shape, labels.shape) self.assertEqual(bd.shape, (len(x_train), 2)) _ = PoisoningAttackAdversarialEmbedding(krc, backdoor, 2, [(target, target2)], pp_poison=[0.4])
def _image_dl_estimator_defended(one_classifier=False, **kwargs): sess = None classifier = None clip_values = (0, 1) fs = FeatureSqueezing(bit_depth=2, clip_values=clip_values) defenses = [] if kwargs.get("defenses") is None: defenses.append(fs) else: if "FeatureSqueezing" in kwargs.get("defenses"): defenses.append(fs) if "JpegCompression" in kwargs.get("defenses"): defenses.append( JpegCompression(clip_values=clip_values, apply_predict=True)) if "SpatialSmoothing" in kwargs.get("defenses"): defenses.append(SpatialSmoothing()) del kwargs["defenses"] if framework == "tensorflow2": classifier, _ = get_image_classifier_tf(**kwargs) if framework == "keras": classifier = get_image_classifier_kr(**kwargs) if framework == "kerastf": classifier = get_image_classifier_kr_tf(**kwargs) if framework == "pytorch": classifier = get_image_classifier_pt(**kwargs) for i, defense in enumerate(defenses): if "channels_first" in defense.params: defenses[i].channels_first = classifier.channels_first if classifier is not None: classifier.set_params(preprocessing_defences=defenses) else: raise ARTTestFixtureNotImplemented( "no defended image estimator", image_dl_estimator_defended.__name__, framework, {"defenses": defenses}) return classifier, sess
def _image_dl_estimator_defended(one_classifier=False, **kwargs): sess = None classifier = None clip_values = (0, 1) fs = FeatureSqueezing(bit_depth=2, clip_values=clip_values) defenses = [] if kwargs.get("defenses") is None: defenses.append(fs) else: if "FeatureSqueezing" in kwargs.get("defenses"): defenses.append(fs) if "JpegCompression" in kwargs.get("defenses"): defenses.append( JpegCompression(clip_values=clip_values, apply_predict=True)) if "SpatialSmoothing" in kwargs.get("defenses"): defenses.append(SpatialSmoothing()) del kwargs["defenses"] if framework == "keras": kr_classifier = get_image_classifier_kr(**kwargs) # Get the ready-trained Keras model classifier = KerasClassifier(model=kr_classifier._model, clip_values=(0, 1), preprocessing_defences=defenses) if framework == "kerastf": kr_tf_classifier = get_image_classifier_kr_tf(**kwargs) classifier = KerasClassifier(model=kr_tf_classifier._model, clip_values=(0, 1), preprocessing_defences=defenses) if classifier is None: raise ARTTestFixtureNotImplemented( "no defended image estimator", image_dl_estimator_defended.__name__, framework, {"defenses": defenses}) return classifier, sess
def test_errors(self): krc = get_image_classifier_kr_tf(loss_type="function") krc_valid = get_image_classifier_kr_tf(loss_type="label") backdoor = PoisoningAttackBackdoor(add_pattern_bd) target_idx = 9 target = np.zeros(10) target[target_idx] = 1 target2 = np.zeros(10) target2[(target_idx + 1) % 10] = 1 # invalid loss function with self.assertRaises(TypeError): _ = PoisoningAttackAdversarialEmbedding(krc, backdoor, 2, target) # feature layer not real name with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, "not a layer", target) # feature layer out of range with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, target) # target misshaped with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding( krc_valid, backdoor, 20, np.expand_dims(target, axis=0)) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, [target]) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, target, regularization=-1) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, target, discriminator_layer_1=-1) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, target, discriminator_layer_2=-1) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, target, pp_poison=-1) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, [(target, target2)], pp_poison=[]) with self.assertRaises(ValueError): _ = PoisoningAttackAdversarialEmbedding(krc_valid, backdoor, 20, [(target, target2)], pp_poison=[-1])
def test_class_gradient(self): classifier = get_image_classifier_kr_tf() # Test all gradients label gradients = classifier.class_gradient(self.x_test_mnist) self.assertTrue(gradients.shape == (NB_TEST, 10, 28, 28, 1)) expected_gradients_1 = np.asarray([ -1.0557447e-03, -1.0079544e-03, -7.7426434e-04, 1.7387432e-03, 2.1773507e-03, 5.0880699e-05, 1.6497371e-03, 2.6113100e-03, 6.0904310e-03, 4.1080985e-04, 2.5268078e-03, -3.6661502e-04, -3.0568996e-03, -1.1665225e-03, 3.8904310e-03, 3.1726385e-04, 1.3203260e-03, -1.1720930e-04, -1.4315104e-03, -4.7676818e-04, 9.7251288e-04, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, ]) np.testing.assert_array_almost_equal(gradients[0, 5, 14, :, 0], expected_gradients_1, decimal=4) expected_gradients_2 = np.asarray([ -0.00367321, -0.0002892, 0.00037825, -0.00053344, 0.00192121, 0.00112047, 0.0023135, 0.0, 0.0, -0.00391743, -0.0002264, 0.00238103, -0.00073711, 0.00270405, 0.00389043, 0.00440818, -0.00412769, -0.00441794, 0.00081916, -0.00091284, 0.00119645, -0.00849089, 0.00547925, 0.0, 0.0, 0.0, 0.0, 0.0, ]) np.testing.assert_array_almost_equal(gradients[0, 5, :, 14, 0], expected_gradients_2, decimal=4) # Test 1 gradient label = 5 gradients = classifier.class_gradient(self.x_test_mnist, label=5) self.assertTrue(gradients.shape == (NB_TEST, 1, 28, 28, 1)) expected_gradients_1 = np.asarray([ -1.0557447e-03, -1.0079544e-03, -7.7426434e-04, 1.7387432e-03, 2.1773507e-03, 5.0880699e-05, 1.6497371e-03, 2.6113100e-03, 6.0904310e-03, 4.1080985e-04, 2.5268078e-03, -3.6661502e-04, -3.0568996e-03, -1.1665225e-03, 3.8904310e-03, 3.1726385e-04, 1.3203260e-03, -1.1720930e-04, -1.4315104e-03, -4.7676818e-04, 9.7251288e-04, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, ]) np.testing.assert_array_almost_equal(gradients[0, 0, 14, :, 0], expected_gradients_1, decimal=4) expected_gradients_2 = np.asarray([ -0.00367321, -0.0002892, 0.00037825, -0.00053344, 0.00192121, 0.00112047, 0.0023135, 0.0, 0.0, -0.00391743, -0.0002264, 0.00238103, -0.00073711, 0.00270405, 0.00389043, 0.00440818, -0.00412769, -0.00441794, 0.00081916, -0.00091284, 0.00119645, -0.00849089, 0.00547925, 0.0, 0.0, 0.0, 0.0, 0.0, ]) np.testing.assert_array_almost_equal(gradients[0, 0, :, 14, 0], expected_gradients_2, decimal=4) # Test a set of gradients label = array label = np.random.randint(5, size=NB_TEST) gradients = classifier.class_gradient(self.x_test_mnist, label=label) self.assertTrue(gradients.shape == (NB_TEST, 1, 28, 28, 1)) expected_gradients_1 = np.asarray([ 5.0867125e-03, 4.8564528e-03, 6.1040390e-03, 8.6531248e-03, -6.0958797e-03, -1.4114540e-02, -7.1085989e-04, -5.0330814e-04, 1.2943064e-02, 8.2416134e-03, -1.9859476e-04, -9.8109958e-05, -3.8902222e-03, -1.2945873e-03, 7.5137997e-03, 1.7720886e-03, 3.1399424e-04, 2.3657181e-04, -3.0891625e-03, -1.0211229e-03, 2.0828887e-03, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, 0.0000000e00, ]) np.testing.assert_array_almost_equal(gradients[0, 0, 14, :, 0], expected_gradients_1, decimal=4) expected_gradients_2 = np.asarray([ -0.00195835, -0.00134457, -0.00307221, -0.00340564, 0.00175022, -0.00239714, -0.00122619, 0.0, 0.0, -0.00520899, -0.00046105, 0.00414874, -0.00171095, 0.00429184, 0.0075138, 0.00792442, 0.0019566, 0.00035517, 0.00504575, -0.00037397, 0.00022343, -0.00530034, 0.0020528, 0.0, 0.0, 0.0, 0.0, 0.0, ]) np.testing.assert_array_almost_equal(gradients[0, 0, :, 14, 0], expected_gradients_2, decimal=4)
def test_loss_gradient(self): classifier = get_image_classifier_kr_tf() # Test gradient gradients = classifier.loss_gradient(x=self.x_test_mnist, y=self.y_test_mnist) self.assertTrue(gradients.shape == (NB_TEST, 28, 28, 1)) expected_gradients_1 = np.asarray([ 0.0559206, 0.05338925, 0.0648919, 0.07925165, -0.04029291, -0.11281465, 0.01850601, 0.00325054, 0.08163195, 0.03333949, 0.031766, -0.02420463, -0.07815556, -0.04698735, 0.10711591, 0.04086434, -0.03441073, 0.01071284, -0.04229195, -0.01386157, 0.02827487, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, ]) np.testing.assert_array_almost_equal(gradients[0, 14, :, 0], expected_gradients_1, decimal=4) expected_gradients_2 = np.asarray([ 0.00210803, 0.00213919, 0.00520981, 0.00548001, -0.0023059, 0.00432077, 0.00274945, 0.0, 0.0, -0.0583441, -0.00616604, 0.0526219, -0.02373985, 0.05273106, 0.10711591, 0.12773865, 0.0689289, 0.01337799, 0.10032021, 0.01681096, -0.00028647, -0.05588859, 0.01474165, 0.0, 0.0, 0.0, 0.0, 0.0, ]) np.testing.assert_array_almost_equal(gradients[0, :, 14, 0], expected_gradients_2, decimal=4)
def _image_dl_estimator_defended(one_classifier=False, **kwargs): sess = None classifier_list = None clip_values = (0, 1) fs = FeatureSqueezing(bit_depth=2, clip_values=clip_values) defenses = [] if kwargs.get("defenses") is None: defenses.append(fs) else: if "FeatureSqueezing" in kwargs.get("defenses"): defenses.append(fs) if "JpegCompression" in kwargs.get("defenses"): defenses.append( JpegCompression(clip_values=clip_values, apply_predict=True)) if "SpatialSmoothing" in kwargs.get("defenses"): defenses.append(SpatialSmoothing()) del kwargs["defenses"] if framework == "keras": classifier = get_image_classifier_kr(**kwargs) # Get the ready-trained Keras model classifier_list = [ KerasClassifier(model=classifier._model, clip_values=(0, 1), preprocessing_defences=defenses) ] if framework == "tensorflow": logging.warning( "{0} doesn't have a defended image classifier defined yet". format(framework)) if framework == "pytorch": logging.warning( "{0} doesn't have a defended image classifier defined yet". format(framework)) if framework == "scikitlearn": logging.warning( "{0} doesn't have a defended image classifier defined yet". format(framework)) if framework == "kerastf": classifier = get_image_classifier_kr_tf(**kwargs) classifier_list = [ KerasClassifier(model=classifier._model, clip_values=(0, 1), preprocessing_defences=defenses) ] if classifier_list is None: return None, None if one_classifier: return classifier_list[0], sess return classifier_list, sess