def make_lisa_cnn(sess, batch_size, dim): """ Creates a simple sign classification network. Note that the network produced by cnn_model() is fairly weak. For example, on CIFAR-10 it gets 60-something percent accuracy, which substantially below state-of-the-art. Note: it is not required here that dim be the same as the CNN input spatial dimensions. In these cases, the caller is responsible for resizing x to make it compatible with the model (e.g. via random crops). """ num_classes = 48 # usually only use 17 vs 48 classes, but it doesn't hurt to have room for 48 num_channels = 1 x = tf.placeholder(tf.float32, shape=(batch_size, dim, dim, num_channels)) y = tf.placeholder(tf.float32, shape=(batch_size, num_classes)) # XXX: set layer naming convention explicitly? # Otherwise, names depend upon when model was created... model = cnn_model(img_rows=32, img_cols=32, channels=num_channels, nb_classes=num_classes) return model, x, y
def oracle_model(): print("Define oracle model") model = cnn_model(img_rows=FLAGS.nb_rows, img_cols=FLAGS.nb_cols, channels=FLAGS.nb_channels, nb_classes=FLAGS.nb_classes) return model
def prep_bbox(sess, x, y, X_train, Y_train, X_test, Y_test, nb_epochs, batch_size, learning_rate): """ Define and train a model that simulates the "remote" black-box oracle described in the original paper. :param sess: the TF session :param x: the input placeholder for MNIST :param y: the ouput placeholder for MNIST :param X_train: the training data for the oracle :param Y_train: the training labels for the oracle :param X_test: the testing data for the oracle :param Y_test: the testing labels for the oracle :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :return: """ # Define TF model graph (for the black-box model) model = cnn_model() predictions = model(x) print("Defined TensorFlow model graph.") # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate } model_train(sess, x, y, predictions, X_train, Y_train, verbose=False, args=train_params) # Print out the accuracy on legitimate data eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) print('Test accuracy of black-box on legitimate test ' 'examples: ' + str(accuracy)) return model, predictions, accuracy
def test_get_logits_over_interval(self): import tensorflow as tf model = cnn_model() wrap = KerasModelWrapper(model) fgsm_params = {'eps': .5} img = np.ones(shape=(28, 28, 1)) num_points = 21 with tf.Session() as sess: tf.global_variables_initializer().run() logits = utils.get_logits_over_interval(sess, wrap, img, fgsm_params, min_epsilon=-10, max_epsilon=10, num_points=num_points) self.assertEqual(logits.shape[0], num_points)
def prep_bbox(sess, x, y, X_train, Y_train, X_test, Y_test, nb_epochs, batch_size, learning_rate, rng, nb_classes=10, img_rows=28, img_cols=28, nchannels=1): """ Define and train a model that simulates the "remote" black-box oracle described in the original paper. :param sess: the TF session :param x: the input placeholder for MNIST :param y: the ouput placeholder for MNIST :param X_train: the training data for the oracle :param Y_train: the training labels for the oracle :param X_test: the testing data for the oracle :param Y_test: the testing labels for the oracle :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param rng: numpy.random.RandomState :return: """ # Define Keras-based TF model graph (for the black-box model) nb_filters = 64 model = cnn_model(nb_filters=nb_filters, nb_classes=nb_classes) # Wrap the model in KerasModelWrapper model = KerasModelWrapper(model, nb_classes) loss = LossCrossEntropy(model, smoothing=0.1) predictions = model.get_logits(x) print("Defined TensorFlow model graph.") # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate } train(sess, loss, x, y, X_train, Y_train, args=train_params, rng=rng) # Print out the accuracy on legitimate data eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) print('Test accuracy of black-box on legitimate test ' 'examples: ' + str(accuracy)) return model, predictions, accuracy
def main(): keras.backend.set_image_dim_ordering('th') # We can't use argparse in a test because it reads the arguments to nosetests # e.g., nosetests -v passes the -v to the test args = { "batch_size": 128, "nb_epochs": 2, "learning_rate": .5 } # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist() X_train = X_train[:10000] Y_train = Y_train[:10000] X_test = X_test[:2000] Y_test = Y_test[:2000] assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input Theano placeholder x_shape = (None, 1, 28, 28) x = T.tensor4('x') y = T.matrix('y') # Define Theano model graph model = cnn_model() model.build(x_shape) predictions = model(x) print("Defined Theano model graph.") # Train an MNIST model th_model_train(x, y, predictions, model.trainable_weights, X_train, Y_train, args=args) accuracy = th_model_eval(x, y, predictions, X_test, Y_test, args=args) assert accuracy > 0.8, accuracy
def __init__(self, dataset, model_type='cnn_model', label_smoothing=.1): self.x_train, self.y_train = dataset.get_set('train') self.x_test, self.y_test = dataset.get_set('test') # Obtain Image Parameters self.img_rows, self.img_cols, self.nchannels = self.x_train.shape[1:4] self.nb_classes = self.y_train.shape[1] # Label smoothing self.y_train -= label_smoothing * (self.y_train - 1. / self.nb_classes) # Define Keras model self.model = cnn_model(img_rows=self.img_rows, img_cols=self.img_cols, channels=self.nchannels, nb_filters=64, nb_classes=self.nb_classes) print("Defined Keras model.") # To be able to call the model in the custom loss, we need to call it once # before, see https://github.com/tensorflow/tensorflow/issues/23769 self.model(self.model.input)
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, epsilon=0.3, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, testing=False): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Use label smoothing assert Y_train.shape[1] == 10 label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model_BIM() preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params) report.clean_train_clean_eval = acc assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } ckpt = tf.train.get_checkpoint_state(train_dir) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path rng = np.random.RandomState([2017, 8, 30]) if load_model and ckpt_path: saver = tf.train.Saver() saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") model_train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate, args=train_params, save=False, rng=rng) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph wrap = KerasModelWrapper(model) print("FastGradientMethod") fgsm1 = FastGradientMethod(wrap, sess=sess) for epsilon in [0.005, 0.01, 0.05, 0.1, 0.5, 1.0]: print("Epsilon =", epsilon), fgsm_params = {'eps': epsilon, 'clip_min': None, 'clip_max': None} adv_x = fgsm1.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc print("BasicIterativeMethod") bim = BasicIterativeMethod(wrap, sess=sess) for epsilon, order in zip( [0.005, 0.01, 0.05, 0.1, 0.5, 1.0, 0.5, 1.0], [np.inf, np.inf, np.inf, np.inf, np.inf, np.inf, 2, 2]): print("Epsilon =", epsilon), fgsm_params = { 'eps': epsilon, 'clip_min': 0., 'clip_max': 1., 'ord': order } adv_x = bim.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_train, Y_train, args=eval_par) report.train_clean_train_adv_eval = acc return print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model() preds_2 = model_2(x) wrap_2 = KerasModelWrapper(model_2) #fgsm2 = FastGradientMethod(wrap_2, sess=sess) bim2 = BasicIterativeMethod(wrap_2, sess=sess) preds_2_adv = model_2(bim2.generate(x, **fgsm_params)) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: %0.4f' % accuracy) report.adv_train_adv_eval = accuracy # Perform and evaluate adversarial training model_train(sess, x, y, preds_2, X_train, Y_train, predictions_adv=preds_2_adv, evaluate=evaluate_2, args=train_params, save=False, rng=rng) # Calculate training errors if testing: eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, X_train, Y_train, args=eval_params) report.train_adv_train_clean_eval = accuracy accuracy = model_eval(sess, x, y, preds_2_adv, X_train, Y_train, args=eval_params) report.train_adv_train_adv_eval = accuracy return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, testing=False): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") # Image dimensions ordering should follow the Theano convention if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Use label smoothing assert Y_train.shape[1] == 10 label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model() preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params) report.clean_train_clean_eval = acc assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } ckpt = tf.train.get_checkpoint_state(train_dir) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path rng = np.random.RandomState([2017, 8, 30]) if load_model and ckpt_path: saver = tf.train.Saver() saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate, args=train_params, save=True) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph wrap = KerasModelWrapper(model) fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.3} adv_x = fgsm.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_train, Y_train, args=eval_par) report.train_clean_train_adv_eval = acc print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model() preds_2 = model_2(x) wrap_2 = KerasModelWrapper(model_2) fgsm2 = FastGradientMethod(wrap_2, sess=sess) preds_2_adv = model_2(fgsm2.generate(x, **fgsm_params)) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: %0.4f' % accuracy) report.adv_train_adv_eval = accuracy # Perform and evaluate adversarial training train(sess, x, y, preds_2, X_train, Y_train, predictions_adv=preds_2_adv, evaluate=evaluate_2, args=train_params, save=False) # Get a random slice of the data for linear extrapolation plots random_idx = np.random.randint(0, X_train.shape[0]) X_slice = X_train[random_idx] Y_slice = Y_train[random_idx] # Plot the linear extrapolation plot for clean model log_prob_adv_array = get_logits_over_interval( sess, wrap, X_slice, fgsm_params) linear_extrapolation_plot(log_prob_adv_array, Y_slice, 'lep_clean.png') # Plot the linear extrapolation plot for adv model log_prob_adv_array = get_logits_over_interval( sess, wrap_2, X_slice, fgsm_params) linear_extrapolation_plot(log_prob_adv_array, Y_slice, 'lep_adv.png') # Calculate training errors if testing: eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, X_train, Y_train, args=eval_params) report.train_adv_train_clean_eval = accuracy accuracy = model_eval(sess, x, y, preds_2_adv, X_train, Y_train, args=eval_params) report.train_adv_train_adv_eval = accuracy return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, testing=False): keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session config = tf.ConfigProto() config.gpu_options.allow_growth = True sess = tf.Session(config=config) keras.backend.set_session(sess) # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Use label smoothing assert Y_train.shape[1] == 10 label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model() predictions = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) report.clean_train_clean_eval = acc assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } # Train an MNIST model ckpt = tf.train.get_checkpoint_state(train_dir) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path rng = np.random.RandomState([2017, 8, 30]) if load_model and ckpt_path: saver = tf.train.Saver() saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) else: print("Model was not loaded, training from scratch.") model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True, rng=rng) advGenTimeStart = time.time() wrap = KerasModelWrapper(model) advGenTimeStart = time.time() fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.2, 'clip_min': 0., 'clip_max': 1.} adv_x = fgsm.generate(x, **fgsm_params) adv_x = sess.run(adv_x, feed_dict={x: X_test[4500:5500]}) advGenTimeEnd = time.time() advGenTime = advGenTimeEnd-advGenTimeStart for i in xrange(1000): normalization(adv_x[i:(i+1)]) original_classified_wrong_number = 0 disturbed_failure_number = 0 NbLowEntropy = 0 NbMidEntropy = 0 NbHighEntropy = 0 lowTP = 0 lowFN = 0 lowFP = 0 midTP = 0 midFN = 0 midFP = 0 highTP = 0 highFN = 0 highFP = 0 for i in range(len(adv_x)): current_class = int(np.argmax(Y_test[4500+i])) oriPreTimeStart = time.time() currentXLabel = model_argmax(sess,x,predictions,X_test[i+4500:(i+4501)]) currentXProbList = my_model_argmax(sess,x,predictions,X_test[i+4500:(i+4501)]) oriPreTimeEnd = time.time() oriPreTime = oriPreTimeEnd-oriPreTimeStart if currentXLabel != current_class: original_classified_wrong_number+=1 continue advPreTimeStart = time.time() currentAdvXLabel = model_argmax(sess,x,predictions,adv_x[i:(i+1)]) currentAdvXProbList = my_model_argmax(sess,x,predictions,adv_x[i:(i+1)]) advPreTimeEnd = time.time() advPreTime = advPreTimeEnd-advPreTimeStart if currentAdvXLabel == currentXLabel: disturbed_failure_number+=1 continue tempX = np.reshape(X_test[i+4500:(i+4501)], (28,28)) test_x = np.array(tempX) oriFilteredPreTimeStart = time.time() currentX = np.reshape(X_test[i+4500:(i+4501)], (28,28)) imageEntropy = oneDEntropy(test_x) if imageEntropy < 4: NbLowEntropy+=1 current_x_res = scalarQuantization(currentX,128) current_x_res = np.reshape(current_x_res, X_test[0:1].shape) current_x_res_label = model_argmax(sess,x,predictions,current_x_res) if current_x_res_label != current_class: lowFP+=1 elif imageEntropy < 5: NbMidEntropy+=1 current_x_res = scalarQuantization(currentX,64) current_x_res = np.reshape(current_x_res, X_test[0:1].shape) current_x_res_label = model_argmax(sess,x,predictions,current_x_res) if current_x_res_label != current_class: midFP+=1 else: NbHighEntropy+=1 current_x_res = scalarQuantization(currentX,43) current_x_res = np.reshape(current_x_res, X_test[0:1].shape) current_x_res_label = model_argmax(sess,x,predictions,current_x_res) if current_x_res_label != current_class: highFP+=1 tempX2 = np.reshape(adv_x[i:(i+1)], (28,28)) test_adv_x = np.array(tempX2) currentAdvX = np.reshape(adv_x[i:(i+1)], (28,28)) imageEntropy2 = oneDEntropy(test_adv_x) print('%d: %.2f------%.2f' % (i, imageEntropy,imageEntropy2)) if imageEntropy2 < 4: NbLowEntropy+=1 current_adv_x_res = scalarQuantization(currentAdvX,128) current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape) current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res) if current_adv_x_res_label != currentAdvXLabel: lowTP+=1 else: lowFN+=1 elif imageEntropy2 < 5: NbMidEntropy+=1 current_adv_x_res = scalarQuantization(currentAdvX,64) current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape) current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res) if current_adv_x_res_label != currentAdvXLabel: midTP+=1 else: highFN+=1 else: NbHighEntropy+=1 current_adv_x_res = scalarQuantization(currentAdvX,43) current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape) current_adv_x_res_label = model_argmax(sess,x,predictions,current_adv_x_res) if current_adv_x_res_label != currentAdvXLabel: highTP+=1 else: highFN+=1 str1 = '%d-%d' % (original_classified_wrong_number,disturbed_failure_number) lowstr = '%d : lowTP = %d; lowFN = %d; lowFP = %d' % (NbLowEntropy,lowTP,lowFN,lowFP) midstr = '%d : midTP = %d; midFN = %d; midFP = %d' % (NbMidEntropy,midTP,midFN,midFP) highstr = '%d : highTP = %d; highFN = %d; highFP = %d' % (NbHighEntropy,highTP,highFN,highFP) print(str1) print(lowstr) print(midstr) print(highstr) lowRecall=lowTP*1.0/(lowTP+lowFN) lowPrecision=lowTP*1.0/(lowTP+lowFP) midRecall=midTP*1.0/(midTP+midFN) midPrecision=midTP*1.0/(midTP+midFP) highRecall=highTP*1.0/(highTP+highFN) highPrecision=highTP*1.0/(highTP+highFP) print ("lowRecall: ",lowRecall) print ("lowPrecision: ",lowPrecision) print ("midRecall: ",midRecall) print ("midPrecision: ",midPrecision) print ("highRecall: ",highRecall) print ("highPrecision: ",highPrecision)
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="train_dir", filename="mnist.ckpt", load_model=False, testing=False, label_smoothing=0.1): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data x_train, y_train, x_test, y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") loss = LossCrossEntropy(wrap, smoothing=label_smoothing) train(sess, loss, x, y, x_train, y_train, evaluate=evaluate, args=train_params, save=True, rng=rng) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.3, 'clip_min': 0., 'clip_max': 1.} adv_x = fgsm.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, x_train, y_train, args=eval_par) report.train_clean_train_adv_eval = acc print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) wrap_2 = KerasModelWrapper(model_2) preds_2 = model_2(x) fgsm2 = FastGradientMethod(wrap_2, sess=sess) def attack(x): return fgsm2.generate(x, **fgsm_params) preds_2_adv = model_2(attack(x)) loss_2 = LossCrossEntropy(wrap_2, smoothing=label_smoothing, attack=attack) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, x_test, y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, x_test, y_test, args=eval_params) print('Test accuracy on adversarial examples: %0.4f' % accuracy) report.adv_train_adv_eval = accuracy # Perform and evaluate adversarial training train(sess, loss_2, x, y, x_train, y_train, evaluate=evaluate_2, args=train_params, save=False, rng=rng) # Calculate training errors if testing: eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, x_train, y_train, args=eval_params) report.train_adv_train_clean_eval = accuracy accuracy = model_eval(sess, x, y, preds_2_adv, x_train, y_train, args=eval_params) report.train_adv_train_adv_eval = accuracy return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE, train_dir=TRAIN_DIR, filename=FILENAME, load_model=LOAD_MODEL, testing=True, label_smoothing=0.1): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ tf.keras.backend.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if keras.backend.image_data_format() != 'channels_last': raise NotImplementedError( "this tutorial requires keras to be configured to channels_last format" ) # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data mnist = MNIST(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) x_train, y_train = mnist.get_set('train') x_test, y_test = mnist.get_set('test') # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() eval_params = {'batch_size': batch_size} def eval(xx): acc = model_eval(sess, x, y, preds, xx, y_test, args=eval_params) print(acc) eval(x_test) model = load_modell(str("./autoencoder_bim.h5")) x_test_decoded = model.predict(x_test) eval(x_test_decoded) _, bim_test = pickle.load(open("/data/mnist/bim.pkl")) bim_test = bim_test.astype('float32') / 255. bim_test = np.mean(bim_test, axis=3) bim_test = np.expand_dims(bim_test, axis=3) bim_test_decoded = model.predict(bim_test) eval(bim_test) eval(bim_test_decoded)
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, testing=False): keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session config = tf.ConfigProto() config.gpu_options.allow_growth = True sess = tf.Session(config=config) keras.backend.set_session(sess) # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Use label smoothing assert Y_train.shape[1] == 10 label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model() predictions = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) report.clean_train_clean_eval = acc assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } # Train an MNIST model ckpt = tf.train.get_checkpoint_state(train_dir) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path rng = np.random.RandomState([2017, 8, 30]) if load_model and ckpt_path: saver = tf.train.Saver() saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) else: print("Model was not loaded, training from scratch.") model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True, rng=rng) advGenTimeStart = time.time() wrap = KerasModelWrapper(model) advGenTimeStart = time.time() fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.3, 'clip_min': 0., 'clip_max': 1.} adv_x = fgsm.generate(x, **fgsm_params) adv_x = sess.run(adv_x, feed_dict={x: X_test[5500:]}) advGenTimeEnd = time.time() advGenTime = advGenTimeEnd - advGenTimeStart for i in xrange(4500): normalization(adv_x[i:(i + 1)]) original_classified_wrong_number = 0 disturbed_failure_number = 0 test_number = 0 TTP = 0 TP = 0 FN = 0 FP = 0 for i in range(len(adv_x)): current_class = int(np.argmax(Y_test[i + 5500])) oriPreTimeStart = time.time() currentXLabel = model_argmax(sess, x, predictions, X_test[i + 5500:(i + 5501)]) currentXProbList = my_model_argmax(sess, x, predictions, X_test[i + 5500:(i + 5501)]) oriPreTimeEnd = time.time() oriPreTime = oriPreTimeEnd - oriPreTimeStart if currentXLabel != current_class: original_classified_wrong_number += 1 continue advPreTimeStart = time.time() currentAdvXLabel = model_argmax(sess, x, predictions, adv_x[i:(i + 1)]) currentAdvXProbList = my_model_argmax(sess, x, predictions, adv_x[i:(i + 1)]) advPreTimeEnd = time.time() advPreTime = advPreTimeEnd - advPreTimeStart if currentAdvXLabel == currentXLabel: disturbed_failure_number += 1 continue # fig = plt.figure('test') # picOne = fig.add_subplot(121) # picOne.imshow(X_test[i+5500:(i+5501)].reshape((28,28)), cmap='gray') # picTwo = fig.add_subplot(122) # picTwo.imshow(adv_x[i:(i+1)].reshape((28,28)), cmap='gray') # plt.show() test_number += 1 print('probabilities = %.4f ; %.4f' % (currentXProbList[currentXLabel], currentAdvXProbList[currentAdvXLabel])) tempX = np.reshape(X_test[i + 5500:(i + 5501)], (28, 28)) test_x = np.array(tempX) oriFilteredPreTimeStart = time.time() currentX = np.reshape(X_test[i + 5500:(i + 5501)], (28, 28)) imageEntropy = oneDEntropy(test_x) if imageEntropy < 4: current_x_res = scalarQuantization(currentX, 128) elif imageEntropy < 5: current_x_res = scalarQuantization(currentX, 64) else: current_x_ASQ = scalarQuantization(currentX, 43) current_x_ASQ_AMF = crossMeanFilterOperations( current_x_ASQ, 3, 25, 13) current_x_res = chooseCloserFilter(currentX, current_x_ASQ, current_x_ASQ_AMF) current_x_res = np.reshape(current_x_res, X_test[0:1].shape) current_x_res_label = model_argmax(sess, x, predictions, current_x_res) current_x_res_prob = my_model_argmax(sess, x, predictions, current_x_res) tempX2 = np.reshape(adv_x[i:(i + 1)], (28, 28)) test_adv_x = np.array(tempX2) currentAdvX = np.reshape(adv_x[i:(i + 1)], (28, 28)) imageEntropy2 = oneDEntropy(test_adv_x) print('%d: %.2f------%.2f' % (i, imageEntropy, imageEntropy2)) if imageEntropy2 < 4: current_adv_x_res = scalarQuantization(currentAdvX, 128) elif imageEntropy2 < 5: current_adv_x_res = scalarQuantization(currentAdvX, 64) else: current_adv_x_ASQ = scalarQuantization(currentAdvX, 43) current_adv_x_ASQ_AMF = crossMeanFilterOperations( current_adv_x_ASQ, 3, 25, 13) current_adv_x_res = chooseCloserFilter(currentAdvX, current_adv_x_ASQ, current_adv_x_ASQ_AMF) current_adv_x_res = np.reshape(current_adv_x_res, X_test[0:1].shape) current_adv_x_res_label = model_argmax(sess, x, predictions, current_adv_x_res) current_adv_x_res_prob = my_model_argmax(sess, x, predictions, current_adv_x_res) print('filtered Probs = %.4f ; %.4f' % (current_x_res_prob[current_x_res_label], current_adv_x_res_prob[current_adv_x_res_label])) if current_adv_x_res_label != currentAdvXLabel: TP += 1 if current_adv_x_res_label == current_class: TTP += 1 else: FN += 1 if current_x_res_label != currentXLabel: FP += 1 str1 = '%d-%d-%d: TP = %d; FN = %d; FP = %d; TTP = %d' % ( test_number, original_classified_wrong_number, disturbed_failure_number, TP, FN, FP, TTP) print(str1) Recall = TP / (TP + FN) Precision = TP / (TP + FP) tempStarStr = '********************************************************' recallStr = 'Recall = %.4f' % (Recall) precisionStr = 'Precision = %.4f' % (Precision) print(tempStarStr) print(recallStr) print(precisionStr) print(tempStarStr)
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, testing=False): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data # X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, # train_end=train_end, # test_start=test_start, # test_end=test_end) # # Use label smoothing # assert Y_train.shape[1] == 10 # label_smooth = .1 # Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # # Define input TF placeholder # x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) # y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model() print(type(model)) print(model) # preds = model(x) # print("Defined TensorFlow model graph.") # def evaluate(): # # Evaluate the accuracy of the MNIST model on legitimate test examples # eval_params = {'batch_size': batch_size} # acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params) # report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape # print('Test accuracy on legitimate examples: %0.4f' % acc) # # Train an MNIST model # train_params = { # 'nb_epochs': nb_epochs, # 'batch_size': batch_size, # 'learning_rate': learning_rate, # 'train_dir': train_dir, # 'filename': filename # } # ckpt = tf.train.get_checkpoint_state(train_dir) # ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path # rng = np.random.RandomState([2017, 8, 30]) # if load_model and ckpt_path: # saver = tf.train.Saver() # saver.restore(sess, ckpt_path) # print("Model loaded from: {}".format(ckpt_path)) # evaluate() # else: # print("Model was not loaded, training from scratch.") # model_train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate, # args=train_params, save=True, rng=rng) # # Calculate training error # if testing: # eval_params = {'batch_size': batch_size} # acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params) # report.train_clean_train_clean_eval = acc # # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph wrap = KerasModelWrapper(model) print(wrap) print(type(wrap))
def main(argv=None): tf.set_random_seed(1234) sess = tf.Session() keras.backend.set_session(sess) X_train, Y_train, X_test, Y_test = data_lmrc() Y_train = Y_train.clip(.1 / 9., 1. - .1) x = tf.placeholder(tf.float32, shape=(None, 128, 128, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) model = cnn_model(img_rows=128, img_cols=128, channels=3) predictions = model(x) def evaluate(): eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate test examples: ' + str(accuracy)) train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate, 'train_dir': FLAGS.train_dir, 'filename': FLAGS.filename } model_path = os.path.join(FLAGS.train_dir, FLAGS.filename) if os.path.exists(model_path + ".meta"): tf_model_load(sess, model_path) else: model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True) wrap = KerasModelWrapper(model) nb_classes = 10 targeted = False nb_adv_per_sample = str(nb_classes - 1) if targeted else '1' n_adv = 1000 cw = CarliniWagnerL2(model, back='tf', sess=sess) adv_inputs = X_test[:n_adv] adv_ys = None yname = "y" cw_params = { 'binary_search_steps': 1, yname: adv_ys, 'max_iterations': 100, 'learning_rate': 0.1, 'batch_size': 10, 'initial_const': 10, } adv = cw.generate_np(adv_inputs, **cw_params) #nFeatures = np.ndarray(shape=(n_adv,3)) #for i in range(0,n_adv): # img = adv_inputs[i] # fast = cv2.FastFeatureDetector_create() # kp = fast.detect(img,None) # nFeatures[i][0] = len(kp) # img = adv[i] # fast = cv2.FastFeatureDetector_create() # kp = fast.detect(img,None) # nFeatures[i][1] = len(kp) # nFeatures[i][2] = int(np.argmax(Y_test[i])) #print('Format: Mean(Std)') #for i in range(0,10): # pdb.set_trace() # rows = np.where(nFeatures[:,2] == i) # data = np.delete(nFeatures[rows], 2, 1) # mean = np.mean(data, 0) # std = np.std(data, 0) # print('Class{0} : Original Image {1:.2f}({2:.2f}) Adversarial Image {3:.2f}({4:.2f})'.format(i, mean[0], std[0], mean[1], std[1])) adv_den = np.zeros(adv.shape) for i in range(0, n_adv): img = adv[i] * 255 img = img.astype('uint8') dst = cv2.fastNlMeansDenoisingColored(img, None, 10, 10, 7, 21) dst = dst.astype('float32') dst /= 255 adv_den[i] = dst eval_params = {'batch_size': np.minimum(nb_classes, 10)} original_accuracy = model_eval(sess, x, y, predictions, adv_inputs, Y_test[:n_adv], args=eval_params) adv_accuracy = model_eval(sess, x, y, predictions, adv, Y_test[:n_adv], args=eval_params) print('Accuracy on original images {0:.4f}'.format(original_accuracy)) print('Accuracy on adversarial images {0:.4f}'.format(adv_accuracy)) adv_accuracy = model_eval(sess, x, y, predictions, adv_den, Y_test[:n_adv], args=eval_params) print( 'Accuracy on denoised adversarial images {0:.4f}'.format(adv_accuracy)) percent_perturbed = np.mean( np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of perturbations adversarial samples {0:.4f}'.format( percent_perturbed)) percent_perturbed = np.mean( np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of denoised perturbations {0:.4f}'.format( percent_perturbed)) sess.close()
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="train_dir", filename="mnist.ckpt", load_model=False, testing=False, label_smoothing=True): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data x_train, y_train, x_test, y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] if label_smoothing: label_smooth = .1 y_train = y_train.clip(label_smooth / (nb_classes-1), 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") loss = LossCrossEntropy(wrap, smoothing=0.1) train(sess, loss, x, y, x_train, y_train, evaluate=evaluate, args=train_params, save=True, rng=rng) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.3, 'clip_min': 0., 'clip_max': 1.} adv_x = fgsm.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, x_train, y_train, args=eval_par) report.train_clean_train_adv_eval = acc print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) wrap_2 = KerasModelWrapper(model_2) preds_2 = model_2(x) fgsm2 = FastGradientMethod(wrap_2, sess=sess) def attack(x): return fgsm2.generate(x, **fgsm_params) preds_2_adv = model_2(attack(x)) loss_2 = LossCrossEntropy(wrap_2, smoothing=0.1, attack=attack) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, x_test, y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, x_test, y_test, args=eval_params) print('Test accuracy on adversarial examples: %0.4f' % accuracy) report.adv_train_adv_eval = accuracy # Perform and evaluate adversarial training train(sess, loss_2, x, y, x_train, y_train, evaluate=evaluate_2, args=train_params, save=False, rng=rng) # Calculate training errors if testing: eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, x_train, y_train, args=eval_params) report.train_adv_train_clean_eval = accuracy accuracy = model_eval(sess, x, y, preds_2_adv, x_train, y_train, args=eval_params) report.train_adv_train_adv_eval = accuracy return report
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE, train_dir=TRAIN_DIR, filename=FILENAME, load_model=LOAD_MODEL, testing=True, label_smoothing=0.1): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ tf.keras.backend.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if keras.backend.image_data_format() != 'channels_last': raise NotImplementedError("this tutorial requires keras to be configured to channels_last format") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data mnist = MNIST(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) [x_adv_train, x_adv_test] = pickle.load(open(PKLDATA+'.pkl')) x_train, y_train = mnist.get_set('train') x_train = x_adv_train x_test, y_test = mnist.get_set('test') x_test = x_adv_test # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc print('Test accuracy on adversarial examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") loss = CrossEntropy(wrap, smoothing=label_smoothing) train(sess, loss, x_train, y_train, evaluate=evaluate, args=train_params, rng=rng) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph filter_x = binary_filter(x) batch = 1000 def convert(x_input): x_output = None for i in tqdm(range(int(len(x_input) / batch))): tmp = sess.run(filter_x, feed_dict={x: x_input[i * batch:(i + 1) * batch]}) if x_output is None: x_output = tmp else: x_output = np.concatenate((x_output, tmp)) return x_output x_filter_test = convert(x_test) x_filter_train = convert(x_train) def evaluate_adv(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_filter_test, y_test, args=eval_params) report.clean_train_clean_eval = acc print('Test accuracy on filtered examples: %0.4f' % acc) evaluate_adv()
def main(): """ MNIST CleverHans tutorial :return: """ if not hasattr(backend, "theano"): raise RuntimeError("This tutorial requires keras to be configured" " to use the Theano backend.") # Image dimensions ordering should follow the Theano convention if keras.backend.image_dim_ordering() != 'th': keras.backend.set_image_dim_ordering('th') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'tf', temporarily setting to 'th'") parser = argparse.ArgumentParser() parser.add_argument('--batch_size', '-b', default=128, help='Size of training batches') parser.add_argument('--train_dir', '-d', default='/tmp', help='Directory storing the saved model.') parser.add_argument('--filename', '-f', default='mnist.ckpt', help='Filename to save model under.') parser.add_argument('--nb_epochs', '-e', default=6, type=int, help='Number of epochs to train model') parser.add_argument('--learning_rate', '-lr', default=0.5, type=float, help='Learning rate for training') args = parser.parse_args() # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist() print("Loaded MNIST test data.") assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input Theano placeholder x_shape = (None, 1, 28, 28) x = T.tensor4('x') y = T.matrix('y') # Define Theano model graph model = cnn_model() model.build(x_shape) predictions = model(x) print("Defined Theano model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples accuracy = th_model_eval(x, y, predictions, X_test, Y_test, args=args) assert X_test.shape[0] == 10000, X_test.shape print('Test accuracy on legitimate test examples: ' + str(accuracy)) pass # Train an MNIST model th_model_train(x, y, predictions, model.trainable_weights, X_train, Y_train, evaluate=evaluate, args=args) # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph fgsm = FastGradientMethod(model, back='th') adv_x = fgsm.generate(x, params={'eps': 0.3}) # Evaluate the accuracy of the MNIST model on adversarial examples accuracy = th_model_eval(x, y, model(adv_x), X_test, Y_test, args=args) print('Test accuracy on adversarial examples: ' + str(accuracy)) print("Repeating the process, using adversarial training") # Redefine Theano model graph model_2 = cnn_model() model_2.build(x_shape) preds_2 = model_2(x) fgsm = FastGradientMethod(model_2, back='th') preds_2_adv = model_2(fgsm.generate(x, params={'eps': 0.3})) def evaluate_2(): # Evaluate the accuracy of the adversarialy trained MNIST model on # legitimate test examples accuracy = th_model_eval(x, y, preds_2, X_test, Y_test, args=args) print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Evaluate the accuracy of the adversarially trained MNIST model on # adversarial examples acc_adv = th_model_eval(x, y, preds_2_adv, X_test, Y_test, args=args) print('Test accuracy on adversarial examples: ' + str(acc_adv)) # Perform adversarial training th_model_train(x, y, preds_2, model_2.trainable_weights, X_train, Y_train, predictions_adv=preds_2_adv, evaluate=evaluate_2, args=args)
def mnist_tutorial( train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE, train_dir=TRAIN_DIR, filename=FILENAME, load_model=LOAD_MODEL, testing=False, label_smoothing=0.1, ): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ tf.keras.backend.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if keras.backend.image_data_format() != "channels_last": raise NotImplementedError( "this tutorial requires keras to be configured to channels_last format" ) # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data mnist = MNIST( train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end, ) x_train, y_train = mnist.get_set("train") x_test, y_test = mnist.get_set("test") # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model( img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes, ) preds = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {"batch_size": batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape print("Test accuracy on legitimate examples: %0.4f" % acc) # Train an MNIST model train_params = { "nb_epochs": nb_epochs, "batch_size": batch_size, "learning_rate": learning_rate, "train_dir": train_dir, "filename": filename, } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") loss = CrossEntropy(wrap, smoothing=label_smoothing) train( sess, loss, x_train, y_train, evaluate=evaluate, args=train_params, rng=rng ) # Calculate training error if testing: eval_params = {"batch_size": batch_size} acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {"eps": 0.3, "clip_min": 0.0, "clip_max": 1.0} adv_x = fgsm.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {"batch_size": batch_size} acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par) print("Test accuracy on adversarial examples: %0.4f\n" % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {"batch_size": batch_size} acc = model_eval(sess, x, y, preds_adv, x_train, y_train, args=eval_par) report.train_clean_train_adv_eval = acc print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model( img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes, ) wrap_2 = KerasModelWrapper(model_2) preds_2 = model_2(x) fgsm2 = FastGradientMethod(wrap_2, sess=sess) def attack(x): return fgsm2.generate(x, **fgsm_params) preds_2_adv = model_2(attack(x)) loss_2 = CrossEntropy(wrap_2, smoothing=label_smoothing, attack=attack) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {"batch_size": batch_size} accuracy = model_eval(sess, x, y, preds_2, x_test, y_test, args=eval_params) print("Test accuracy on legitimate examples: %0.4f" % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, x_test, y_test, args=eval_params) print("Test accuracy on adversarial examples: %0.4f" % accuracy) report.adv_train_adv_eval = accuracy # Perform and evaluate adversarial training train( sess, loss_2, x_train, y_train, evaluate=evaluate_2, args=train_params, rng=rng ) # Calculate training errors if testing: eval_params = {"batch_size": batch_size} accuracy = model_eval(sess, x, y, preds_2, x_train, y_train, args=eval_params) report.train_adv_train_clean_eval = accuracy accuracy = model_eval( sess, x, y, preds_2_adv, x_train, y_train, args=eval_params ) report.train_adv_train_adv_eval = accuracy return report
def main(argv=None): """ CIFAR10 CleverHans tutorial :return: """ # Set TF random seed to improve reproducibility tf.set_random_seed(1234) # Set logging level to see debug information set_log_level(logging.DEBUG) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get CIFAR10 test data X_train, Y_train, X_test, Y_test = data_cifar10() assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) ################ color training initialization #################### color_training_epochs = 10000 color_learning_rate = 0.1 accepted_range = np.round(1/numColorOutput, 4) colorCategory = [ [0.0, 0.4], # Black [0.3, 0.7], # Grey [0.6, 1.0] # White ] #for i in range(numColorOutput): # colorCategory.append([np.round((i*accepted_range), 4), np.round(((i+1)*accepted_range), 4)]) print(colorCategory) save_dir2 = '/home/labiai/Jiacang/Experiments/tmp/pr/'+type+'/prmodel_'+str(FLAGS.nb_epochs)+'_'+str(numColorOutput)+'_output_model/' filename2 = 'network' model_path2 = os.path.join(save_dir2, filename2) numColorInput = 1 color_x = tf.placeholder(tf.float32, [None, numColorInput]) # mnist data image of shape 28*28=784 color_y = tf.placeholder(tf.float32, [None, numColorOutput]) # 0-9 digits recognition => 10 classes # Set model weights color_W = tf.Variable(tf.zeros([numColorInput, numColorOutput])) color_b = tf.Variable(tf.zeros([numColorOutput])) color_pred_out = tf.matmul(color_x, color_W) + color_b # Softmax color_cost = tf.reduce_mean(tf.nn.softmax_cross_entropy_with_logits(logits=color_pred_out, labels=color_y)) # Gradient Descent color_optimizer = tf.train.GradientDescentOptimizer(color_learning_rate).minimize(color_cost) # Test model color_argmax = tf.argmax(color_pred_out, 1) color_correct_prediction = tf.equal(tf.argmax(color_pred_out, 1), tf.argmax(color_y, 1)) # Calculate accuracy color_accuracy = tf.reduce_mean(tf.cast(color_correct_prediction, tf.float32)) # Graph for re-generating the original image into a new image by using trained color model pr_model_x = tf.placeholder(tf.float32, [None, n_input, numColorInput]) # mnist data image of shape 28*28=784 pr_model_W = tf.placeholder(tf.float32, [None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784 pr_model_b = tf.placeholder(tf.float32, [None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784 pr_model_output = tf.one_hot(tf.argmax((tf.matmul(pr_model_x, pr_model_W) + pr_model_b), 2), numColorOutput) # Merge the random generated output for new image based on the colorCategory randomColorCategory = [] for i in range(len(colorCategory)): tmp = [] tmpRandomColorCategory = my_tf_round( tf.random_uniform(tf.shape(pr_model_x), colorCategory[i][0], colorCategory[i][1], dtype=tf.float32), 2) tmp.append(tmpRandomColorCategory) randomColorCategory.append(tf.concat(tmp, 1)) random_merge = tf.reshape(tf.concat(randomColorCategory, -1), [-1, n_input, numColorOutput]) random_color_set = tf.reduce_sum(tf.multiply(pr_model_output, random_merge), 2) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) x = tf.reshape(random_color_set, shape=(-1, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) with sess.as_default(): if hasattr(tf, "global_variables_initializer"): tf.global_variables_initializer().run() else: warnings.warn("Update your copy of tensorflow; future versions of " "CleverHans may drop support for this version.") sess.run(tf.initialize_all_variables()) ################# color training #################### print("Trying to load pr model from: " + model_path2) if os.path.exists(model_path2 + ".meta"): tf_model_load(sess, model_path2) c_w, c_b = sess.run([color_W, color_b]) print("Load color trained model in training") else: # Training the color for epoch in range(color_training_epochs): outputColorY = [] p1 = np.random.random(100) for i in range(len(p1)): outputOverlapColorY = [] for j in range(len(colorCategory)): if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]: colorIndexSeq = [] for k in range(len(colorCategory)): if j == k: colorIndexSeq.append(1) else: colorIndexSeq.append(0) outputOverlapColorY.append(colorIndexSeq) #break # Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))]) inputColorX = p1.reshape(100, 1) _, c, c_w, c_b = sess.run([color_optimizer, color_cost, color_W, color_b], feed_dict={color_x: inputColorX, color_y: outputColorY}) avg_cost = c # Evaluating color model outputColorY = [] p1 = np.random.random(100) # Generate output for random color inputs (test case) for i in range(len(p1)): for j in range(len(colorCategory)): outputOverlapColorY = [] if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]: colorIndexSeq = [] for k in range(len(colorCategory)): if j == k: colorIndexSeq.append(1) else: colorIndexSeq.append(0) outputOverlapColorY.append(colorIndexSeq) break # Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))]) inputColorX = p1.reshape(100, 1) # print(random_xs) acc, argmax = sess.run([color_accuracy, color_argmax], feed_dict={color_x: inputColorX, color_y: outputColorY}) print("Epoch:", '%04d' % (epoch + 1) + "/" + str(color_training_epochs) + ", Cost= " + \ "{:.9f}".format(avg_cost) + ", Training Accuracy= " + \ "{:.5f}".format(acc) + " ") # print(c_w) with tf.device('/CPU:0'): saver = tf.train.Saver(tf.global_variables(), max_to_keep=50) # Since training PR model is fast, we do not have to save multiple sessions for this save_path = os.path.join(save_dir2, filename2) saver.save(sess, save_path) ##################### end of color training ------------------------------ ################# model training #################### # Define TF model graph model = cnn_model(img_rows=32, img_cols=32, channels=3) # model = vgg_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) print("Defined TensorFlow model graph.") saveFileNum = 50 # saveFileNum = 500 # saveFileNum = 1000 model_path = os.path.join(save_dir, filename+"-"+str(saveFileNum)) # Craft adversarial examples using Fast Gradient Sign Method (FGSM) fgsm = FastGradientMethod(model) fgsm = BasicIterativeMethod(model) fgsm = MomentumIterativeMethod(model) adv_x = fgsm.generate(x, eps=8/256) eval_params = {'batch_size': FLAGS.batch_size, 'n_input': n_input, 'numColorOutput': numColorOutput} def evaluate(): # Evaluate the accuracy of the CIFAR10 model on legitimate test # examples eval_params = {'batch_size': FLAGS.batch_size, 'numColorOutput': numColorOutput} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b) #accuracy_adv = model_eval(sess, x, y, predictions, X_test, # Y_test, args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, # pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True, ae=adv_x) assert X_test.shape[0] == 10000, X_test.shape print('Test accuracy on legitimate test examples: ' + str(accuracy)) #print('Test accuracy on adversarial examples: ' + str(accuracy_adv)) # Train an CIFAR10 model train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate, 'train_dir': save_dir, 'filename': filename, 'numColorOutput': numColorOutput } print("Trying to load trained model from: " + model_path) if os.path.exists(model_path + ".meta"): tf_model_load(sess, model_path) print("Load trained model") else: model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b) X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params) # assert X_test_adv.shape[0] == 10000, X_test_adv.shape # Evaluate the accuracy of the CIFAR10 model on adversarial examples accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True, ae=adv_x) print('Test accuracy on adversarial examples: ' + str(accuracy))
tra_images,tra_labels,val_images,val_labels = get_files(0.2) imgs = [] for fname in tra_images: imgs.append(load_norm_img_from_source(fname)) # Convert the images and labels from list to array TrnLabels = np.array(tra_labels) Img = np.array(imgs) labels = np.zeros((6004,26), dtype=int) for i in range(6004): labels[i,TrnLabels[i]] = 1 # Define model model = cnn_model(img_rows=FLAGS.img_rows, img_cols=FLAGS.img_cols, channels=FLAGS.nb_channels, nb_classes=FLAGS.nb_classes) model.summary() # will hold the placeholders so that they can be returned placeholders = {} img_rows = FLAGS.img_rows img_cols = FLAGS.img_cols placeholders['image_in'] = tf.placeholder(tf.float32, shape = (None, img_rows, img_cols, FLAGS.nb_channels)) placeholders['True_labels'] = tf.placeholder(tf.float32, shape = (None, FLAGS.nb_classes)) # will hold the variables and operations defined from now on varops = {} varops['pred'] = model(placeholders['image_in']) varops['loss'] = model_loss(placeholders['True_labels'], varops['pred'], mean=True) feed_dict = {placeholders['image_in']: imgs,
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=6, batch_size=128, learning_rate=0.001, train_dir="/tmp", filename="mnist.ckpt", load_model=False, model_dir="", model_name=""): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved checkpoint :param filename: Filename to save model under :param load_model: True for load, False for not load :param model_name/model_dir: describes location and name of model used :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data X_train, Y_train, X_test, Y_test = data_mnist(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) # Use label smoothing assert Y_train.shape[1] == 10 label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model() preds = model(x) #predictions print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_test, Y_test, args=eval_params) report.clean_train_clean_eval = acc assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } ckpt = tf.train.get_checkpoint_state(train_dir) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path rng = np.random.RandomState([2017, 8, 30]) if load_model and ckpt_path: saver = tf.train.Saver() saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") model_train(sess, x, y, preds, X_train, Y_train, evaluate=evaluate, args=train_params, save=True, rng=rng) eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, X_train, Y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Save model in .h5 format (for Keras) filepath = model_dir + model_name model.save(filepath) print("Model saved to:") print(filepath) return report
def cifar10_cw(train_start=0, train_end=60000, test_start=0, test_end=10000, viz_enabled=True, nb_epochs=6, batch_size=128, source_samples=10, learning_rate=0.001, attack_iterations=100, model_path=os.path.join("models", "mnist"), targeted=True): """ CIFAR10 CleverHans tutorial :return: """ global numColorOutput # Set TF random seed to improve reproducibility tf.set_random_seed(1234) # Set logging level to see debug information set_log_level(logging.DEBUG) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get CIFAR10 test data X_train, Y_train, X_test, Y_test = data_cifar10() # Obtain Image Parameters img_rows, img_cols, nchannels = X_train.shape[1:4] nb_classes = Y_train.shape[1] assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) ################ color training initialization #################### color_training_epochs = 10000 color_learning_rate = 0.1 accepted_range = np.round(1/numColorOutput, 4) colorCategory = [ [0.0, 0.4], # Black [0.3, 0.7], # Grey [0.6, 1.0] # White ] #for i in range(numColorOutput): # colorCategory.append([np.round((i*accepted_range), 4), np.round(((i+1)*accepted_range), 4)]) print(colorCategory) save_dir2 = '/home/labiai/Jiacang/Experiments/tmp/pr/'+type+'/prmodel_'+str(FLAGS.nb_epochs)+'_'+str(numColorOutput)+'_output_model/' filename2 = 'network' model_path2 = os.path.join(save_dir2, filename2) numOfPRModel = 20 minColorEpoch = 300 maxColorEpoch = 3000 numColorInput = 1 numColorOutput = len(colorCategory) color_x = tf.placeholder(tf.float32, [None, numColorInput]) # mnist data image of shape 28*28=784 color_y = tf.placeholder(tf.float32, [None, numColorOutput]) # 0-9 digits recognition => 10 classes # Set multiple models' weights and biases color_W = {} color_b = {} color_pred_out = {} color_cost = {} color_optimizer = {} color_argmax = {} color_correct_prediction = {} color_accuracy = {} for i in range(numOfPRModel): color_W["w" + str(i)] = tf.Variable(tf.random_normal([numColorInput, numColorOutput])) color_b["b" + str(i)] = tf.Variable(tf.random_normal([numColorOutput])) color_pred_out["out" + str(i)] = tf.matmul(color_x, color_W["w" + str(i)]) + color_b["b" + str(i)] # Softmax color_cost["cost" + str(i)] = tf.reduce_mean( tf.nn.softmax_cross_entropy_with_logits(logits=color_pred_out["out" + str(i)], labels=color_y)) # Gradient Descent color_optimizer["opt" + str(i)] = tf.train.GradientDescentOptimizer(color_learning_rate).minimize( color_cost["cost" + str(i)]) # Test model color_argmax["argmax" + str(i)] = tf.argmax(color_pred_out["out" + str(i)], 1) color_correct_prediction["pred" + str(i)] = tf.equal(tf.argmax(color_pred_out["out" + str(i)], 1), tf.argmax(color_y, 1)) # Calculate accuracy color_accuracy["acc" + str(i)] = tf.reduce_mean(tf.cast(color_correct_prediction["pred" + str(i)], tf.float32)) # Graph for re-generating the original image into a new image by using trained color model pr_model_x = tf.placeholder(tf.float32, [None, n_input, numColorInput]) # mnist data image of shape 28*28=784 pr_model_W = tf.placeholder(tf.float32, [None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784 pr_model_b = tf.placeholder(tf.float32, [None, numColorInput, numColorOutput]) # mnist data image of shape 28*28=784 pr_model_output = tf.one_hot(tf.argmax((tf.matmul(pr_model_x, pr_model_W) + pr_model_b), 2), numColorOutput) # Merge the random generated output for new image based on the colorCategory randomColorCategory = [] for i in range(len(colorCategory)): tmp = [] tmpRandomColorCategory = my_tf_round( tf.random_uniform(tf.shape(pr_model_x), colorCategory[i][0], colorCategory[i][1], dtype=tf.float32), 2) tmp.append(tmpRandomColorCategory) randomColorCategory.append(tf.concat(tmp, 1)) random_merge = tf.reshape(tf.concat(randomColorCategory, -1), [-1, n_input, numColorOutput]) random_color_set = tf.reduce_sum(tf.multiply(pr_model_output, random_merge), 2) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) x = tf.reshape(random_color_set, shape=(-1, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) with sess.as_default(): if hasattr(tf, "global_variables_initializer"): tf.global_variables_initializer().run() else: warnings.warn("Update your copy of tensorflow; future versions of " "CleverHans may drop support for this version.") sess.run(tf.initialize_all_variables()) ################# color training #################### if os.path.exists(model_path2 + ".meta"): tf_model_load(sess, model_path2) c_w, c_b = sess.run([color_W, color_b]) print("Load color trained model in training") else: # Training the PR model c_w = {} c_b = {} for modelcount in range(numOfPRModel): color_training_epochs = np.random.randint(minColorEpoch, maxColorEpoch) for epoch in range(color_training_epochs): outputColorY = [] p1 = np.random.random(100) for i in range(len(p1)): outputOverlapColorY = [] for j in range(len(colorCategory)): if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]: colorIndexSeq = [] for k in range(len(colorCategory)): if j == k: colorIndexSeq.append(1) else: colorIndexSeq.append(0) outputOverlapColorY.append(colorIndexSeq) # break # Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))]) inputColorX = p1.reshape(100, 1) _, c, _c_w, _c_b = sess.run( [color_optimizer["opt" + str(modelcount)], color_cost["cost" + str(modelcount)], color_W["w" + str(modelcount)], color_b["b" + str(modelcount)]], feed_dict={color_x: inputColorX, color_y: outputColorY}) avg_cost = c # Evaluating color model outputColorY = [] p1 = np.random.random(100) # Generate output for random color inputs (test case) for i in range(len(p1)): for j in range(len(colorCategory)): outputOverlapColorY = [] if p1[i] >= colorCategory[j][0] and p1[i] <= colorCategory[j][1]: colorIndexSeq = [] for k in range(len(colorCategory)): if j == k: colorIndexSeq.append(1) else: colorIndexSeq.append(0) outputOverlapColorY.append(colorIndexSeq) break # Randomly choose the output for color Y if the outputOverlapColorY has more than 1 item outputColorY.append(outputOverlapColorY[np.random.randint(0, len(outputOverlapColorY))]) inputColorX = p1.reshape(100, 1) # print(random_xs) acc, argmax = sess.run( [color_accuracy["acc" + str(modelcount)], color_argmax["argmax" + str(modelcount)]], feed_dict={color_x: inputColorX, color_y: outputColorY}) print(str(modelcount + 1) + ") Epoch:", '%04d' % (epoch + 1) + "/" + str(color_training_epochs) + ", Cost= " + \ "{:.9f}".format(avg_cost) + ", Training Accuracy= " + \ "{:.5f}".format(acc) + " ") c_w["w" + str(modelcount)] = _c_w c_b["b" + str(modelcount)] = _c_b # print(c_w) save_path = os.path.join(save_dir2, filename2) saver = tf.train.Saver() saver.save(sess, save_path) ##################### end of color training ------------------------------ # Define TF model graph model = cnn_model(img_rows=32, img_cols=32, channels=3) # model = vgg_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the CIFAR10 model on legitimate test # examples eval_params = {'batch_size': FLAGS.batch_size, 'n_input': n_input, 'numColorOutput': numColorOutput} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params, pred2=predictions, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b ) assert X_test.shape[0] == 10000, X_test.shape print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Train an CIFAR10 model train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate, 'n_input': n_input, 'train_dir': save_dir, 'filename': filename, 'numColorOutput': numColorOutput } saveFileNum = 50 # saveFileNum = 500 # saveFileNum = 1000 model_path = os.path.join(save_dir, filename+"-"+str(saveFileNum)) print("Trying to load trained model from: " + model_path) if os.path.exists(model_path + ".meta"): tf_model_load(sess, model_path) print("Load trained model") else: model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b) ########################################################################### # Craft adversarial examples using Carlini and Wagner's approach ########################################################################### nb_adv_per_sample = str(nb_classes - 1) if targeted else '1' print('Crafting ' + str(source_samples) + ' * ' + nb_adv_per_sample + ' adversarial examples') print("This could take some time ...") # Instantiate a CW attack object cw = CarliniWagnerL2(model, back='tf', sess=sess) if viz_enabled: assert source_samples == nb_classes idxs = [np.where(np.argmax(Y_test, axis=1) == i)[0][0] for i in range(nb_classes)] if targeted: if viz_enabled: # Initialize our array for grid visualization grid_shape = (nb_classes, nb_classes, img_rows, img_cols, nchannels) grid_viz_data = np.zeros(grid_shape, dtype='f') adv_inputs = np.array( [[instance] * nb_classes for instance in X_test[idxs]], dtype=np.float32) else: adv_inputs = np.array( [[instance] * nb_classes for instance in X_test[:source_samples]], dtype=np.float32) one_hot = np.zeros((nb_classes, nb_classes)) one_hot[np.arange(nb_classes), np.arange(nb_classes)] = 1 adv_inputs = adv_inputs.reshape( (source_samples * nb_classes, img_rows, img_cols, nchannels)) adv_ys = np.array([one_hot] * source_samples, dtype=np.float32).reshape((source_samples * nb_classes, nb_classes)) yname = "y_target" else: if viz_enabled: # Initialize our array for grid visualization grid_shape = (nb_classes, 2, img_rows, img_cols, nchannels) grid_viz_data = np.zeros(grid_shape, dtype='f') adv_inputs = X_test[idxs] adv_inputs = X_test else: adv_inputs = X_test[:source_samples] adv_inputs = X_test adv_ys = None yname = "y" cw_params = {'binary_search_steps': 1, 'max_iterations': attack_iterations, 'learning_rate': 0.1, 'batch_size': source_samples * nb_classes if targeted else source_samples, 'initial_const': 10} adv2 = cw.generate(x, **cw_params) cw_params[yname] = adv_ys adv = None adv = cw.generate_np(adv_inputs, **cw_params) eval_params = {'batch_size': np.minimum(nb_classes, source_samples), 'numColorOutput': numColorOutput} if targeted: adv_accuracy = model_eval( sess, x, y, predictions, adv, adv_ys, args=eval_params) else: if viz_enabled: adv_accuracy = model_eval(sess, x, y, predictions, X_test, Y_test[ idxs], args=eval_params) else: # adv_accuracy = model_eval(sess, x, y, preds, adv, y_test[ # :source_samples], args=eval_params) accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params, c_w=c_w, c_b=c_b, pr_model_x=pr_model_x, random_color_set=random_color_set, pr_model_W=pr_model_W, pr_model_b=pr_model_b, is_adv=True, ae=adv2 ) print('Test accuracy on adversarial examples: ' + str(accuracy)) # if viz_enabled: # for j in range(nb_classes): # if targeted: # for i in range(nb_classes): # grid_viz_data[i, j] = adv[i * nb_classes + j] # else: # grid_viz_data[j, 0] = adv_inputs[j] # grid_viz_data[j, 1] = adv[j] # # print(grid_viz_data.shape) # # # # Compute the average distortion introduced by the algorithm # percent_perturbed = np.mean(np.sum((adv - adv_inputs) ** 2, # axis=(1, 2, 3)) ** .5) # print('Avg. L_2 norm of perturbations {0:.4f}'.format(percent_perturbed)) # Close TF session sess.close()
from __future__ import division from __future__ import print_function from __future__ import unicode_literals import keras import tensorflow as tf # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 28, 28, 1)) # channel is the last element in tensorflow y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph from cleverhans.utils_keras import cnn_model model = cnn_model() predictions = model(x) # Get MNIST data from cleverhans.utils_mnist import data_mnist X_train, Y_train, X_test, Y_test = data_mnist() # Train an MNIST model from cleverhans.utils_tf import model_train, model_eval sess = tf.Session() train_params = { 'nb_epochs': 6, 'batch_size': 128, 'learning_rate': 0.001,
def main(argv=None): """ CIFAR10 CleverHans tutorial :return: """ # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get CIFAR10 test data X_train, Y_train, X_test, Y_test = data_cifar10() assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the CIFAR10 model on legitimate test # examples eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) assert X_test.shape[0] == 10000, X_test.shape print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Train an CIFAR10 model train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate } model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params) # Craft adversarial examples using Fast Gradient Sign Method (FGSM) adv_x = fgsm(x, predictions, eps=0.3) eval_params = {'batch_size': FLAGS.batch_size} X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params) assert X_test_adv.shape[0] == 10000, X_test_adv.shape # Evaluate the accuracy of the CIFAR10 model on adversarial examples accuracy = model_eval(sess, x, y, predictions, X_test_adv, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy)) print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model(img_rows=32, img_cols=32, channels=3) predictions_2 = model_2(x) adv_x_2 = fgsm(x, predictions_2, eps=0.3) predictions_2_adv = model_2(adv_x_2) def evaluate_2(): # Evaluate the accuracy of the adversarialy trained CIFAR10 model on # legitimate test examples eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions_2, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Evaluate the accuracy of the adversarially trained CIFAR10 model on # adversarial examples accuracy_adv = model_eval(sess, x, y, predictions_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy_adv)) # Perform adversarial training model_train(sess, x, y, predictions_2, X_train, Y_train, predictions_adv=predictions_2_adv, evaluate=evaluate_2, args=train_params) # Evaluate the accuracy of the CIFAR10 model on adversarial examples accuracy = model_eval(sess, x, y, predictions_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy))
def mnist_tutorial(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE, train_dir=TRAIN_DIR, filename=FILENAME, load_model=LOAD_MODEL, testing=False, label_smoothing=0.1): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param train_dir: Directory storing the saved model :param filename: Filename to save model under :param load_model: True for load, False for not load :param testing: if true, test error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ keras.layers.core.K.set_learning_phase(0) # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get MNIST test data mnist = MNIST(train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) x_train, y_train = mnist.get_set('train') x_test, y_test = mnist.get_set('test') stream = generate_cipher_stream(KEY) x_train_defense = x_train.copy() x_test_defense = x_test.copy() for i in range(len(x_train)): x_train_defense[i] = xor(x_train[i], stream) for i in range(len(x_test)): x_test_defense[i] = xor(x_test[i], stream) # Obtain Image Parameters img_rows, img_cols, nchannels = x_train.shape[1:4] nb_classes = y_train.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(None, nb_classes)) # Define TF model graph model = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) model_defense = cnn_model(img_rows=img_rows, img_cols=img_cols, channels=nchannels, nb_filters=64, nb_classes=nb_classes) preds = model(x) preds_defense = model_defense(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_test, y_test, args=eval_params) report.clean_train_clean_eval = acc # assert X_test.shape[0] == test_end - test_start, X_test.shape print('Test accuracy on legitimate examples: %0.4f' % acc) def evaluate_defense(): # Evaluate the accuracy of the MNIST model on legitimate test examples eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_defense, x_test_defense, y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % acc) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate, 'train_dir': train_dir, 'filename': filename } rng = np.random.RandomState([2017, 8, 30]) if not os.path.exists(train_dir): os.mkdir(train_dir) ckpt = tf.train.get_checkpoint_state(train_dir) print(train_dir, ckpt) ckpt_path = False if ckpt is None else ckpt.model_checkpoint_path wrap = KerasModelWrapper(model) wrap_defense = KerasModelWrapper(model_defense) if load_model and ckpt_path: saver = tf.train.Saver() print(ckpt_path) saver.restore(sess, ckpt_path) print("Model loaded from: {}".format(ckpt_path)) evaluate() else: print("Model was not loaded, training from scratch.") loss = CrossEntropy(wrap, smoothing=label_smoothing) train(sess, loss, x_train, y_train, evaluate=evaluate, args=train_params, rng=rng) # training defense model # Train an MNIST model train_params_defense = { 'nb_epochs': 10, 'batch_size': batch_size, 'learning_rate': 0.001, 'train_dir': train_dir, 'filename': filename } print("Defense model is trained.") loss_defense = CrossEntropy(wrap_defense, smoothing=label_smoothing) train(sess, loss_defense, x_train_defense, y_train, evaluate=evaluate_defense, args=train_params_defense, rng=rng) # Calculate training error if testing: eval_params = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds, x_train, y_train, args=eval_params) report.train_clean_train_clean_eval = acc # Initialize the Fast Gradient Sign Method (FGSM) attack object and graph fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.2, 'clip_min': 0., 'clip_max': 1.} adv_x = fgsm.generate(x, **fgsm_params) # Consider the attack to be constant adv_x = tf.stop_gradient(adv_x) preds_adv = model(adv_x) # Evaluate the accuracy of the MNIST model on adversarial examples print("Evaluate the accuracy of target model on adversarial examples. ") eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, x_test, y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Evaluate the accuracy of the MNIST defense model on adversarial examples print("Evaluate the accuracy of defense model on adversarial examples. ") eval_par = {'batch_size': batch_size} adv_x_trans = tf.py_func(tensor_xor, [adv_x, stream], tf.float32) preds_adv_defense = model_defense(adv_x_trans) acc = model_eval(sess, x, y, preds_adv_defense, x_test, y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc)
def main(argv=None): tf.set_random_seed(1234) sess = tf.Session() keras.backend.set_session(sess) X_train, Y_train, X_test, Y_test = data_cifar10() Y_train = Y_train.clip(.1 / 9., 1. - .1) x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) model = cnn_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) def evaluate(): eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate test examples: ' + str(accuracy)) train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate, 'train_dir': FLAGS.train_dir, 'filename': FLAGS.filename } model_path = os.path.join(FLAGS.train_dir, FLAGS.filename) if os.path.exists(model_path + ".meta"): tf_model_load(sess, model_path) else: model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params, save=True) wrap = KerasModelWrapper(model) nb_classes = 10 targeted = False nb_adv_per_sample = str(nb_classes - 1) if targeted else '1' cw = CarliniWagnerL2(model, back='tf', sess=sess) adv_inputs = X_test[:10] adv_ys = None yname = "y" edges = edgeDetect(adv_inputs) print('Length of edges of adv samples: ') print(edges[:10]) cw_params = { 'binary_search_steps': 1, yname: adv_ys, 'max_iterations': 100, 'learning_rate': 0.1, 'batch_size': 10, 'initial_const': 10, } adv = cw.generate_np(adv_inputs, **cw_params) edges = edgeDetect(adv) print('Length of edges of adv samples: ') print(edges[:10]) sigma = 16.0 / 255 gamma = 0.00061 * 255 * 255 alpha = 0.00061 * 255 * 255 n_clusters = 10 n_samples = 50 noise = np.random.normal(0.0, sigma, adv.shape) adv_gauss = adv + noise i1 = np.repeat(np.arange(0, 10), n_samples) i2 = np.random.randint(32, size=10 * n_samples) i3 = np.random.randint(32, size=10 * n_samples) sample = adv[i1, i2, i3] noise = np.random.normal(0.0, sigma, sample.shape) noisy_samples = sample + noise noisy_samples = np.reshape(noisy_samples, (10, n_samples, 3)) noise = np.random.normal(0.0, sigma, adv.shape) adv_rdesc = np.zeros(adv.shape) adv_rmix = np.zeros(adv.shape) for img_no, img_samples in enumerate(noisy_samples): clusters = np.zeros((n_clusters, 3)) clusters[0] = img_samples[0] for c_j in range(1, n_clusters): prob_cj = np.zeros(n_samples) for pix_no, pix in enumerate(img_samples): l2_min = 100000 for c_l in range(0, c_j): l2_norm_sq = np.inner(pix - clusters[c_l], pix - clusters[c_l]) if l2_norm_sq < l2_min: l2_min = l2_norm_sq prob_cj[pix_no] = math.exp(gamma * l2_min) prob_cj /= prob_cj.sum() clusters[c_j] = img_samples[np.random.choice(n_samples, 1, p=prob_cj)] for pix_i in range(0, 32): for pix_j in range(0, 32): c_dist_min = 100000 c_min = np.zeros(3) c_sum = np.zeros(3) weight_sum = 0 for c_j in clusters: c_dist = np.linalg.norm(adv_gauss[img_no][pix_i][pix_j] - c_j) weight_j = math.exp(-1 * alpha * c_dist * c_dist) weight_sum = weight_sum + weight_j c_sum = c_sum + weight_j * c_j if c_dist < c_dist_min: c_dist_min = c_dist c_min = c_j adv_rdesc[img_no][pix_i][pix_j] = c_min adv_rmix[img_no][pix_i][pix_j] = c_sum / weight_sum eval_params = {'batch_size': np.minimum(nb_classes, 10)} adv_accuracy = 1 - model_eval( sess, x, y, predictions, adv, Y_test[:10], args=eval_params) print('Avg. rate of successful adv. examples without noise {0:.4f}'.format( adv_accuracy)) percent_perturbed = np.mean( np.sum((adv - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of perturbations without noise {0:.4f}'.format( percent_perturbed)) adv_accuracy = 1 - model_eval( sess, x, y, predictions, adv_gauss, Y_test[:10], args=eval_params) print('Avg. rate of successful adv. examples with Gaussian noise {0:.4f}'. format(adv_accuracy)) percent_perturbed = np.mean( np.sum((adv_gauss - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of perturbations with Gaussian noise {0:.4f}'.format( percent_perturbed)) adv_accuracy = 1 - model_eval( sess, x, y, predictions, adv_rdesc, Y_test[:10], args=eval_params) print('Avg. rate of successful adv. examples with random descent {0:.4f}'. format(adv_accuracy)) percent_perturbed = np.mean( np.sum((adv_rdesc - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of perturbations with random descent {0:.4f}'.format( percent_perturbed)) adv_accuracy = 1 - model_eval( sess, x, y, predictions, adv_rmix, Y_test[:10], args=eval_params) print('Avg. rate of successful adv. examples with random mixture {0:.4f}'. format(adv_accuracy)) percent_perturbed = np.mean( np.sum((adv_rmix - adv_inputs)**2, axis=(1, 2, 3))**.5) print('Avg. L_2 norm of perturbations with random mixture {0:.4f}'.format( percent_perturbed)) sess.close()
# Evaluate the accuracy of the MNIST model on adversarial examples eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_test, Y_test, args=eval_par) print('Test accuracy on adversarial examples: %0.4f\n' % acc) report.clean_train_adv_eval = acc # Calculating train error if testing: eval_par = {'batch_size': batch_size} acc = model_eval(sess, x, y, preds_adv, X_train, Y_train, args=eval_par) report.train_clean_train_adv_eval = acc print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model() preds_2 = model_2(x) wrap_2 = KerasModelWrapper(model_2) fgsm2 = FastGradientMethod(wrap_2, sess=sess) preds_2_adv = model_2(fgsm2.generate(x, **fgsm_params)) def evaluate_2(): # Accuracy of adversarially trained model on legitimate test inputs eval_params = {'batch_size': batch_size} accuracy = model_eval(sess, x, y, preds_2, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate examples: %0.4f' % accuracy) report.adv_train_clean_eval = accuracy # Accuracy of the adversarially trained model on adversarial examples accuracy = model_eval(sess, x, y, preds_2_adv, X_test,
def run_attack(train_start=0, train_end=60000, test_start=0, test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE, testing=False, label_smoothing=0.1): """ MNIST CleverHans tutorial :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param testing: if true, training error is calculated :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ # Object used to keep track of (and return) key accuracies report = AccuracyReport() # Set TF random seed to improve reproducibility tf.set_random_seed(1234) # Force TensorFlow to use single thread to improve reproducibility config = tf.ConfigProto(intra_op_parallelism_threads=1, inter_op_parallelism_threads=1) if keras.backend.image_data_format() != 'channels_last': raise NotImplementedError("this tutorial requires keras to be configured to channels_last format") # Create TF session and set as Keras backend session sess = tf.Session(config=config) keras.backend.set_session(sess) # Define Keras model model = cnn_model(img_rows=32, img_cols=32, channels=1, nb_filters=64, nb_classes=3) print("Defined Keras model.") # To be able to call the model in the custom loss, we need to call it once # before, see https://github.com/tensorflow/tensorflow/issues/23769 model(model.input) # Initialize the Fast Gradient Sign Method (FGSM) attack object wrap = KerasModelWrapper(model) fgsm = FastGradientMethod(wrap, sess=sess) fgsm_params = {'eps': 0.3, 'clip_min': 0., 'clip_max': 1.} adv_acc_metric = get_adversarial_acc_metric(model, fgsm, fgsm_params) model.compile( optimizer=keras.optimizers.Adam(learning_rate), loss='categorical_crossentropy', metrics=['accuracy', keras.losses.mean_squared_error, adv_acc_metric] ) # Train the model model.fit(X_train, y_train, batch_size=batch_size, epochs=nb_epochs, validation_data=(X_test, y_test), verbose=1) # Evaluate the accuracy on legitimate and adversarial test examples _, acc, adv_acc = model.evaluate(X_test, y_test, batch_size=batch_size, verbose=1) report.clean_train_clean_eval = acc report.clean_train_adv_eval = adv_acc print('Test accuracy on legitimate examples: %0.4f' % acc) print('Test accuracy on adversarial examples: %0.4f\n' % adv_acc) # Calculate training error if testing: _, train_acc, train_adv_acc = model.evaluate(X_train, y_train, batch_size=batch_size, verbose=1) report.train_clean_train_clean_eval = train_acc report.train_clean_train_adv_eval = train_adv_acc print("Repeating the process, using adversarial training") # Redefine Keras model model_2 = cnn_model(img_rows=32, img_cols=32, channels=1, nb_filters=64, nb_classes=3) model_2(model_2.input) wrap_2 = KerasModelWrapper(model_2) fgsm_2 = FastGradientMethod(wrap_2, sess=sess) # Use a loss function based on legitimate and adversarial examples adv_loss_2 = get_adversarial_loss(model_2, fgsm_2, fgsm_params) adv_acc_metric_2 = get_adversarial_acc_metric(model_2, fgsm_2, fgsm_params) model_2.compile( optimizer=keras.optimizers.Adam(learning_rate), loss=adv_loss_2, metrics=['accuracy', adv_acc_metric_2] )
def main(argv=None): """ CIFAR10 CleverHans tutorial :return: """ # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get CIFAR10 test data X_train, Y_train, X_test, Y_test = data_cifar10() assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) print "Defined TensorFlow model graph." def evaluate(): # Evaluate the accuracy of the CIFAR10 model on legitimate test # examples eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) assert X_test.shape[0] == 10000, X_test.shape print 'Test accuracy on legitimate test examples: ' + str(accuracy) # Train an CIFAR10 model train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate } model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params) # Craft adversarial examples using Fast Gradient Sign Method (FGSM) # adv_x = fgsm(x, predictions, eps=0.3) mim = MIM(model, back='tf', sess=sess) mim_params = { 'eps_iter': 0.06, 'eps': 0.3, 'nb_iter': 10, 'ord': 2, 'decay_factor': 1.0 } adv_x = mim.generate(x, **mim_params) eval_params = {'batch_size': FLAGS.batch_size} X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params) assert X_test_adv.shape[0] == 10000, X_test_adv.shape accuracy = model_eval(sess, x, y, predictions, X_test_adv, Y_test, args=eval_params) print 'Test accuracy on adversarial examples: ' + str(accuracy) from scipy.misc import imsave path = '/home/neale/repos/adversarial-toolbox/images/adversarials/mim/cifar/symmetric/' """ for i, (real, adv) in enumerate(zip(X_test, X_test_adv)): imsave(path+'adv/adv_{}.png'.format(i), adv) """ preds = model_argmax(sess, x, predictions, X_test_adv) print Y_test.shape print preds.shape count = 0 for i in range(len(preds)): if np.argmax(Y_test[i]) == preds[i]: # imsave(path+'real/im_{}.png'.format(i), X_test[i]) # imsave(path+'adv/adv_{}.png'.format(i), X_test_adv[i]) count += 1 print "saved ", count
def cnn_model(*args, **kwargs): from cleverhans.utils_keras import cnn_model warnings.warn("utils.cnn_model is deprecated and may be removed on or" " after 2018-01-05. Switch to utils_keras.cnn_model.") return cnn_model(*args, **kwargs)
def main(argv=None): """ CIFAR10 CleverHans tutorial :return: """ # Set TF random seed to improve reproducibility tf.set_random_seed(1234) if not hasattr(backend, "tf"): raise RuntimeError("This tutorial requires keras to be configured" " to use the TensorFlow backend.") if keras.backend.image_dim_ordering() != 'tf': keras.backend.set_image_dim_ordering('tf') print("INFO: '~/.keras/keras.json' sets 'image_dim_ordering' to " "'th', temporarily setting to 'tf'") # Create TF session and set as Keras backend session sess = tf.Session() keras.backend.set_session(sess) # Get CIFAR10 test data X_train, Y_train, X_test, Y_test = data_cifar10() assert Y_train.shape[1] == 10. label_smooth = .1 Y_train = Y_train.clip(label_smooth / 9., 1. - label_smooth) # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) # Define TF model graph model = cnn_model(img_rows=32, img_cols=32, channels=3) predictions = model(x) print("Defined TensorFlow model graph.") def evaluate(): # Evaluate the accuracy of the CIFAR10 model on legitimate test # examples eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions, X_test, Y_test, args=eval_params) assert X_test.shape[0] == 10000, X_test.shape print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Train an CIFAR10 model train_params = { 'nb_epochs': FLAGS.nb_epochs, 'batch_size': FLAGS.batch_size, 'learning_rate': FLAGS.learning_rate } model_train(sess, x, y, predictions, X_train, Y_train, evaluate=evaluate, args=train_params) # Craft adversarial examples using Fast Gradient Sign Method (FGSM) fgsm = FastGradientMethod(model) adv_x = fgsm.generate(x, eps=0.3) eval_params = {'batch_size': FLAGS.batch_size} X_test_adv, = batch_eval(sess, [x], [adv_x], [X_test], args=eval_params) assert X_test_adv.shape[0] == 10000, X_test_adv.shape # Evaluate the accuracy of the CIFAR10 model on adversarial examples accuracy = model_eval(sess, x, y, predictions, X_test_adv, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy)) print("Repeating the process, using adversarial training") # Redefine TF model graph model_2 = cnn_model(img_rows=32, img_cols=32, channels=3) predictions_2 = model_2(x) fgsm_2 = FastGradientMethod(model_2) adv_x_2 = fgsm_2.generate(x, eps=0.3) predictions_2_adv = model_2(adv_x_2) def evaluate_2(): # Evaluate the accuracy of the adversarialy trained CIFAR10 model on # legitimate test examples eval_params = {'batch_size': FLAGS.batch_size} accuracy = model_eval(sess, x, y, predictions_2, X_test, Y_test, args=eval_params) print('Test accuracy on legitimate test examples: ' + str(accuracy)) # Evaluate the accuracy of the adversarially trained CIFAR10 model on # adversarial examples accuracy_adv = model_eval(sess, x, y, predictions_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy_adv)) # Perform adversarial training model_train(sess, x, y, predictions_2, X_train, Y_train, predictions_adv=predictions_2_adv, evaluate=evaluate_2, args=train_params) # Evaluate the accuracy of the CIFAR10 model on adversarial examples accuracy = model_eval(sess, x, y, predictions_2_adv, X_test, Y_test, args=eval_params) print('Test accuracy on adversarial examples: ' + str(accuracy))