def test_generate(fix_get_mnist_subset, image_dl_estimator_for_attack):
classifier_list = image_dl_estimator_for_attack(SquareAttack)
if classifier_list is None:
logging.warning(
"Couldn't perform this test because no classifier is defined")
return
for classifier in classifier_list:
attack = SquareAttack(estimator=classifier,
norm=np.inf,
max_iter=5,
eps=0.3,
p_init=0.8,
nb_restarts=1)
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.053533513,
abs=0.015)
assert np.max(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.3, abs=0.05)
def test_generate(art_warning, fix_get_mnist_subset,
image_dl_estimator_for_attack, norm):
try:
classifier = image_dl_estimator_for_attack(SquareAttack)
attack = SquareAttack(estimator=classifier,
norm=norm,
max_iter=5,
eps=0.3,
p_init=0.8,
nb_restarts=1,
verbose=False)
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
if norm == "inf":
expected_mean = 0.053533513
expected_max = 0.3
elif norm == 2:
expected_mean = 0.00073682
expected_max = 0.25
assert np.mean(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(expected_mean,
abs=0.025)
assert np.max(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(expected_max,
abs=0.05)
except ARTTestException as e:
art_warning(e)
def attackmodel(args, classifier, x_test, y_test, queries):
acc = []
for num_query in queries:
if args['method'] == 'square':
attack = SquareAttack(estimator=classifier,
eps=args['epsilon'],
max_iter=num_query,
norm=2)
elif args['method'] == 'zoo':
attack = ZooAttack(classifier=classifier,
max_iter=num_query,
use_resize=False,
use_importance=False)
elif args['method'] == 'boundary':
attack = BoundaryAttack(estimator=classifier,
targeted=False,
max_iter=num_query)
else:
print("wrong method")
x_test_adv = attack.generate(x=x_test)
predictions = classifier.predict(x_test_adv)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(
y_test)
print("Query:{}, and Accuracy: {:.4f}".format(num_query, accuracy))
acc.append(accuracy)
return acc
def test_generate(art_warning, fix_get_mnist_subset,
image_dl_estimator_for_attack):
try:
classifier = image_dl_estimator_for_attack(SquareAttack)
attack = SquareAttack(estimator=classifier,
norm=np.inf,
max_iter=5,
eps=0.3,
p_init=0.8,
nb_restarts=1)
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.053533513,
abs=0.025)
assert np.max(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.3, abs=0.05)
except ARTTestException as e:
art_warning(e)