def test_failure_feature_vectors(self):
attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
"learning_rate": 5.0, "number_of_steps": 5, "batch_size": 10}
attack = AdversarialPatch(classifier=None)
attack.set_params(**attack_params)
data = np.random.rand(10, 4)
# Assert that value error is raised for feature vectors
with self.assertRaises(ValueError) as context:
attack.generate(data)
self.assertIn('Feature vectors detected.', str(context.exception))
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Build KerasClassifier
krc, _ = get_classifier_kr()
# Get MNIST
(x_train, _), (_, _) = self.mnist
# Attack
attack_ap = AdversarialPatch(krc,
rotation_max=22.5,
scale_min=0.1,
scale_max=1.0,
learning_rate=5.0,
patch_shape=(28, 28, 1),
batch_size=10)
patch_adv, _ = attack_ap.generate(x_train)
self.assertTrue(patch_adv[8, 8, 0] - (-3.2501425017774923) < 0.01)
self.assertTrue(patch_adv[14, 14, 0] - 20.48400094881169 < 0.01)
self.assertTrue(np.sum(patch_adv) - 1764.7681744376168 < 0.01)
k.clear_session()
def test_tfclassifier(self):
"""
First test with the TFClassifier.
:return:
"""
# Build TFClassifier
tfc, sess = get_classifier_tf()
# Get MNIST
(x_train, _), (_, _) = self.mnist
# Attack
attack_ap = AdversarialPatch(tfc,
rotation_max=22.5,
scale_min=0.1,
scale_max=1.0,
learning_rate=5.0,
patch_shape=(28, 28, 1),
batch_size=10)
patch_adv, _ = attack_ap.generate(x_train)
self.assertTrue(patch_adv[8, 8, 0] - (-3.1106631027725005) < 0.01)
self.assertTrue(patch_adv[14, 14, 0] - 18.954278294246386 < 0.01)
self.assertTrue(np.sum(patch_adv) - 794.2447019737851 < 0.01)
sess.close()
tf.reset_default_graph()
def test_ptclassifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
# Build PyTorchClassifier
ptc = get_classifier_pt()
# Get MNIST
(x_train, _), (_, _) = self.mnist
x_train = np.swapaxes(x_train, 1, 3)
# Attack
attack_ap = AdversarialPatch(ptc,
rotation_max=22.5,
scale_min=0.1,
scale_max=1.0,
learning_rate=5.0,
patch_shape=(1, 28, 28),
batch_size=10)
patch_adv, _ = attack_ap.generate(x_train)
self.assertTrue(patch_adv[0, 8, 8] - (-3.1423605902784875) < 0.01)
self.assertTrue(patch_adv[0, 14, 14] - 19.790434152473054 < 0.01)
self.assertTrue(np.sum(patch_adv) - 383.5670772794207 < 0.01)
def test_pytorch(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
ptc = get_classifier_pt()
x_train = np.reshape(self.x_train,
(self.x_train.shape[0], 1, 28, 28)).astype(
np.float32)
attack_ap = AdversarialPatch(ptc,
rotation_max=22.5,
scale_min=0.1,
scale_max=1.0,
learning_rate=5.0,
batch_size=10,
max_iter=500)
patch_adv, _ = attack_ap.generate(x_train)
self.assertAlmostEqual(patch_adv[0, 8, 8],
-3.143605902784875,
delta=0.1)
self.assertAlmostEqual(patch_adv[0, 14, 14],
19.790434152473054,
delta=0.1)
self.assertAlmostEqual(float(np.sum(patch_adv)), 383.068, delta=0.1)
def test_keras(self):
"""
Second test with the KerasClassifier.
:return:
"""
krc = get_image_classifier_kr()
attack_ap = AdversarialPatch(
krc, rotation_max=22.5, scale_min=0.1, scale_max=1.0, learning_rate=5.0, batch_size=10, max_iter=500
)
master_seed(seed=1234)
patch_adv, _ = attack_ap.generate(self.x_train_mnist)
self.assertAlmostEqual(patch_adv[8, 8, 0], -3.494, delta=0.2)
self.assertAlmostEqual(patch_adv[14, 14, 0], 18.402, delta=0.2)
self.assertAlmostEqual(float(np.sum(patch_adv)), 1099.293, delta=50)
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
krc = get_classifier_kr()
attack_ap = AdversarialPatch(krc, rotation_max=22.5, scale_min=0.1, scale_max=1.0, learning_rate=5.0,
batch_size=10, max_iter=500)
patch_adv, _ = attack_ap.generate(self.x_train)
self.assertAlmostEqual(patch_adv[8, 8, 0], -3.336, delta=0.1)
self.assertAlmostEqual(patch_adv[14, 14, 0], 18.574, delta=0.1)
self.assertAlmostEqual(float(np.sum(patch_adv)), 1054.587, delta=0.1)
k.clear_session()
def test_tfclassifier(self):
"""
First test with the TensorFlowClassifier.
:return:
"""
tfc, sess = get_classifier_tf()
attack_ap = AdversarialPatch(tfc, rotation_max=22.5, scale_min=0.1, scale_max=1.0, learning_rate=5.0,
batch_size=10, max_iter=500)
patch_adv, _ = attack_ap.generate(self.x_train)
self.assertAlmostEqual(patch_adv[8, 8, 0], -3.1106631027725005, delta=0.1)
self.assertAlmostEqual(patch_adv[14, 14, 0], 18.101, delta=0.1)
self.assertAlmostEqual(float(np.sum(patch_adv)), 624.867, delta=0.1)
sess.close()
def GetAttackers(classifier, x_test, attacker_name):
"""
Function:
Load classifier and generate adversarial samples
"""
t_start = time.time()
if attacker_name == "AdversarialPatch":
attacker = AdversarialPatch(classifier=classifier, max_iter=10)
elif attacker_name == "Attack":
attacker = Attack(classifier=classifier)
elif attacker_name == "BoundaryAttack":
attacker = BoundaryAttack(classifier=classifier,
targeted=False,
epsilon=0.05,
max_iter=10) #, max_iter=20
else:
raise ValueError("Please get the right attacker's name for the input.")
test_adv = attacker.generate(x_test)
dt = time.time() - t_start
return test_adv, dt
def test_ptclassifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
# Build PyTorchClassifier
ptc = get_classifier_pt()
# Get MNIST
(x_train, _), (_, _) = self.mnist
x_train = np.swapaxes(x_train, 1, 3)
# Attack
attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
"learning_rate": 5.0, "number_of_steps": 5, "patch_shape": (1, 28, 28), "batch_size": 10}
attack_ap = AdversarialPatch(ptc)
patch_adv, _ = attack_ap.generate(x_train, **attack_params)
self.assertTrue(patch_adv[0, 8, 8] - (-3.1423605902784875) < 0.01)
self.assertTrue(patch_adv[0, 14, 14] - 19.790434152473054 < 0.01)
self.assertTrue(np.sum(patch_adv) - 383.5670772794207 < 0.01)
def test_krclassifier(self):
"""
Second test with the KerasClassifier.
:return:
"""
# Build KerasClassifier
krc, _ = get_classifier_kr()
# Get MNIST
(x_train, _), (_, _) = self.mnist
# Attack
attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
"learning_rate": 5.0, "number_of_steps": 5, "patch_shape": (28, 28, 1), "batch_size": 10}
attack_ap = AdversarialPatch(krc)
patch_adv, _ = attack_ap.generate(x_train, **attack_params)
self.assertTrue(patch_adv[8, 8, 0] - (-3.2501425017774923) < 0.01)
self.assertTrue(patch_adv[14, 14, 0] - 20.48400094881169 < 0.01)
self.assertTrue(np.sum(patch_adv) - 1764.7681744376168 < 0.01)
k.clear_session()
def test_tfclassifier(self):
"""
First test with the TFClassifier.
:return:
"""
# Build TFClassifier
tfc, sess = get_classifier_tf()
# Get MNIST
(x_train, _), (_, _) = self.mnist
# Attack
attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
"learning_rate": 5.0, "number_of_steps": 5, "patch_shape": (28, 28, 1), "batch_size": 10}
attack_ap = AdversarialPatch(tfc)
patch_adv, _ = attack_ap.generate(x_train, **attack_params)
self.assertTrue(patch_adv[8, 8, 0] - (-3.1106631027725005) < 0.01)
self.assertTrue(patch_adv[14, 14, 0] - 18.954278294246386 < 0.01)
self.assertTrue(np.sum(patch_adv) - 794.2447019737851 < 0.01)
sess.close()
tf.reset_default_graph()
import numpy as np
from art.classifiers import KerasClassifier
from art.attacks import AdversarialPatch
from dataset import load_carla_test_dataset
from keras.models import load_model
test_data = load_carla_test_dataset()
x_test = np.array([i[0] for i in test_data], dtype='float32').reshape(
(-1, 64, 64, 1))
y_test = np.array([i[1] for i in test_data])
model = load_model('model.h5')
classifier = KerasClassifier(model=model, clip_values=(0, 255))
model.summary()
predictions = classifier.predict(x_test)
acc = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on bening test examples: {}%".format(accuracy * 100))
attack = AdversarialPatch(classifier)
adv = attack.generate(x_test, y_test)
predictions = classifier.predict(adv)
accuracy = np.sum(
np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on adversarial test examples: {}%".format(accuracy * 100))
target=NUM,
scale_min=scale_min,
scale_max=scale_max,
learning_rate=learning_rate,
max_iter=max_iter,
batch_size=batch_size,
clip_patch=[(-mean[0]/std[0], (1.0 - mean[0])/std[0]),
(-mean[1]/std[1], (1.0 - mean[1])/std[1]),
(-mean[2]/std[2], (1.0 - mean[2])/std[2])]
)
label = NUM
y_one_hot = np.zeros(45)
y_one_hot[NUM] = 1.0
y_target = np.tile(y_one_hot, (images.shape[0], 1))
patch, patch_mask = ap.generate(x=images, y=y_target)
PATCH = (patch * patch_mask).astype(np.uint8)
IMAGE = Image.fromarray(PATCH)
IMAGE.save('patch.png')
print("Patch Generated and saved")
patched_images = ap.apply_patch(images, scale=SCALE)
print("Patch Applied")
PRED_NO_PATCH = []
PRED = []
def predict_model(model, image0, ind, og0):
image = np.copy(image0)
og = np.copy(og0)
image = np.expand_dims(image, axis=0)
og = np.expand_dims(og, axis=0)