def test_failure_augmentation_fit_predict(self):
# Assert that value error is raised
with self.assertRaises(ValueError) as context:
_ = GaussianAugmentation(augmentation=True, apply_fit=True, apply_predict=True)
self.assertTrue('If `augmentation` is `True`, then `apply_fit` must be `True` and `apply_predict`'
' must be `False`.' in str(context.exception))
def def_GaussianAugmentation(x_raw, x_raw_test, y_raw, y_raw_test, x_train_adv,
x_test_adv, y_train, y_test, min_, max_):
ga = GaussianAugmentation(sigma=150)
x_train_aug, y_train_aug = ga(x_raw, y_raw)
x_test_aug, y_test_aug = ga(x_raw_test, y_raw_test)
x_train_aug, y_train_aug = preprocess(x_train_aug, y_train_aug)
x_test_aug, y_test_aug = preprocess(x_test_aug, y_test_aug)
x_train_aug = x_train_aug.reshape(120000, 784)
x_test_aug = x_test_aug.reshape(20000, 784)
# train network
classifier = create_Neural_Network(min_, max_)
classifier.fit(x_train_aug, y_train_aug, nb_epochs=5, batch_size=50)
# print result
print("After Defense\n")
preds = np.argmax(classifier.predict(x_train_aug), axis=1)
acc = np.sum(
preds == np.argmax(y_train_aug, axis=1)) / y_train_aug.shape[0]
print("TRAIN: %.2f%% \n" % (acc * 100))
preds = np.argmax(classifier.predict(x_train_adv), axis=1)
acc = np.sum(preds == np.argmax(y_train, axis=1)) / y_train.shape[0]
print("TRAIN-ADVERSARY: %.2f%% \n" % (acc * 100))
preds = np.argmax(classifier.predict(x_test_aug), axis=1)
acc = np.sum(preds == np.argmax(y_test_aug, axis=1)) / y_test_aug.shape[0]
print("TEST: %.2f%% \n" % (acc * 100))
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
print('TEST-ADVERSARY: %.2f%% \n' % (acc * 100))
def test_multiple_size(self):
x = np.arange(12).reshape((4, 3))
x_original = x.copy()
ga = GaussianAugmentation(ratio=3.5)
x_new, _ = ga(x)
self.assertEqual(int(4.5 * x.shape[0]), x_new.shape[0])
# Check that x has not been modified by attack and classifier
self.assertAlmostEqual(float(np.max(np.abs(x_original - x))), 0.0, delta=0.00001)
def test_labels(self):
x = np.arange(12).reshape((4, 3))
y = np.arange(8).reshape((4, 2))
ga = GaussianAugmentation()
x_new, new_y = ga(x, y)
self.assertTrue(x_new.shape[0] == new_y.shape[0] == 8)
self.assertEqual(x_new.shape[1:], x.shape[1:])
self.assertEqual(new_y.shape[1:], y.shape[1:])
def def_GaussianAugmentation(x_raw, x_raw_test, y_raw, y_raw_test, x_train_adv, x_test_adv, y_train, y_test, min_, max_, file):
train_num = 60000
test_num = 10000
# gaussian augmentation
ga = GaussianAugmentation(sigma=150)
x_train_aug, y_train_aug = ga(x_raw, y_raw)
x_test_aug, y_test_aug = ga(x_raw_test, y_raw_test)
x_train_aug, y_train_aug = preprocess(x_train_aug, y_train_aug)
x_test_aug, y_test_aug = preprocess(x_test_aug, y_test_aug)
x_train_aug = x_train_aug.reshape(2*train_num, 784)
x_test_aug = x_test_aug.reshape(2*test_num, 784)
# train network
classifier = create_Neural_Network(min_, max_)
classifier.fit(x_train_aug, y_train_aug, nb_epochs=5, batch_size=50)
# print result
print("After GaussianAugmentation Defense\n")
file.write("==== GaussianAugmentation Defense==== \n")
for k in range (5):
file.write("==== Attack %i ====\n" % (k))
evaluate(x_train_aug, x_test_aug, y_train_aug, y_test_aug, x_train_adv[k*train_num:(k+1)*train_num], x_test_adv[k*test_num:(k+1)*test_num], y_train, y_test, classifier, file)
def test_no_augmentation(self):
x = np.arange(12).reshape((4, 3))
ga = GaussianAugmentation(augmentation=False)
x_new, _ = ga(x)
self.assertEqual(x.shape, x_new.shape)
self.assertFalse((x == x_new).all())
def test_multiple_size(self):
x = np.arange(12).reshape((4, 3))
ga = GaussianAugmentation(ratio=3.5)
x_new, _ = ga(x)
self.assertEqual(int(4.5 * x.shape[0]), x_new.shape[0])
def test_double_size(self):
x = np.arange(12).reshape((4, 3))
ga = GaussianAugmentation()
x_new, _ = ga(x)
self.assertEqual(x_new.shape[0], 2 * x.shape[0])
def test_small_size(self):
x = np.arange(15).reshape((5, 3))
ga = GaussianAugmentation(ratio=0.4)
x_new, _ = ga(x)
self.assertEqual(x_new.shape, (7, 3))
# 2.2 构造和训练一个神经网络
# classifier = cnn_mnist(x_train.shape[1:], min_, max_)
# classifier.fit(x_train, y_train, nb_epochs=num_epochs, batch_size=128)
# import trained model to save time :)
path = get_file('mnist_cnn_original.h5', extract=False, path=DATA_PATH,
url='https://www.dropbox.com/s/p2nyzne9chcerid/mnist_cnn_original.h5?dl=1')
classifier_model = load_model(path)
classifier = KerasClassifier(clip_values=(min_, max_), model=classifier_model, use_logits=False)
# 2.3 添加高斯噪声并训练两个分类器
sigma1 = 0.25
sigma2 = 0.5
ga = GaussianAugmentation(sigma=sigma1, augmentation=False)
x_new1, _ = ga(x_train)
classifier_ga1 = cnn_mnist(x_train.shape[1:], min_, max_)
classifier_ga1.fit(x_new1, y_train, nb_epochs=num_epochs, batch_size=128)
ga = GaussianAugmentation(sigma=sigma2, augmentation=False)
x_new2, _ = ga(x_train)
classifier_ga2 = cnn_mnist(x_train.shape[1:], min_, max_)
classifier_ga2.fit(x_new2, y_train, nb_epochs=num_epochs, batch_size=128)
# 2.4 创建平滑的分类器
classifier_rs = RandomizedSmoothing(classifier, sample_size=100, scale=0.25, alpha=0.001)
classifier_rs1 = RandomizedSmoothing(classifier_ga1, sample_size=100, scale=sigma1, alpha=0.001)
classifier_rs2 = RandomizedSmoothing(classifier_ga2, sample_size=100, scale=sigma2, alpha=0.001)
