def test_iris_clipped(self):
(_, _), (x_test, y_test) = self.iris
def t(x):
return x
def transformation():
while True:
yield t
classifier = get_iris_classifier_kr()
classifier = ExpectationOverTransformations(
classifier, sample_size=1, transformation=transformation)
# Test untargeted attack
attack = FastGradientMethod(classifier, eps=.1)
x_test_adv = attack.generate(x_test)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv <= 1).all())
self.assertTrue((x_test_adv >= 0).all())
preds_adv = np.argmax(classifier.predict(x_test_adv), axis=1)
self.assertFalse((np.argmax(y_test, axis=1) == preds_adv).all())
acc = np.sum(preds_adv == np.argmax(y_test, axis=1)) / y_test.shape[0]
logger.info('Accuracy on Iris with limited query info: %.2f%%',
(acc * 100))
def test_krclassifier(self):
"""
Test with a KerasClassifier.
:return:
"""
# Build KerasClassifier
krc = get_classifier_kr()
# Get MNIST
(_, _), (x_test, y_test) = self.mnist
# First attack (without EoT):
fgsm = FastGradientMethod(classifier=krc, targeted=True)
params = {'y': random_targets(y_test, krc.nb_classes())}
x_test_adv = fgsm.generate(x_test, **params)
# Second attack (with EoT):
def t(x):
return x
def transformation():
while True:
yield t
eot = ExpectationOverTransformations(classifier=krc,
sample_size=1,
transformation=transformation)
fgsm_with_eot = FastGradientMethod(classifier=eot, targeted=True)
x_test_adv_with_eot = fgsm_with_eot.generate(x_test, **params)
self.assertTrue(
(np.abs(x_test_adv - x_test_adv_with_eot) < 0.001).all())
def test_iris_unbounded(self):
(_, _), (x_test, y_test) = self.iris
classifier = get_iris_classifier_kr()
def t(x):
return x
def transformation():
while True:
yield t
# Recreate a classifier without clip values
classifier = KerasClassifier(model=classifier._model,
use_logits=False,
channel_index=1)
classifier = ExpectationOverTransformations(
classifier, sample_size=1, transformation=transformation)
attack = FastGradientMethod(classifier, eps=1)
x_test_adv = attack.generate(x_test)
self.assertFalse((x_test == x_test_adv).all())
self.assertTrue((x_test_adv > 1).any())
self.assertTrue((x_test_adv < 0).any())
preds_adv = np.argmax(classifier.predict(x_test_adv), axis=1)
self.assertFalse((np.argmax(y_test, axis=1) == preds_adv).all())
acc = np.sum(preds_adv == np.argmax(y_test, axis=1)) / y_test.shape[0]
logger.info('Accuracy on Iris with limited query info: %.2f%%',
(acc * 100))