def plot_image_objectdetection(adversary, kmodel, bounds=(0, 1), title=None, figname='compare.png') :
from perceptron.utils.image import draw_letterbox
pred_ori = kmodel.predictions(adversary.original_image)
pred_adv = kmodel.predictions(adversary.image)
class_names = kmodel.get_class()
ori_image = draw_letterbox(adversary.original_image, pred_ori, class_names=class_names, bounds=bounds)
adv_image = draw_letterbox(adversary.image, pred_adv, class_names=class_names, bounds=bounds)
import matplotlib.pyplot as plt
fig, (ax1, ax2) = plt.subplots(1, 2)
plt.axis('off')
ax1.imshow(ori_image)
ax1.set_title('Origin')
ax1.axis('off')
ax2.imshow(adv_image)
ax2.set_title('Adversary')
ax2.axis('off')
if title :
fig.suptitle(title, fontsize=12, fontweight='bold', y=0.9)
# in case you do not have GUI interface
plt.savefig(figname, bbox_inches='tight', dpi=1000)
plt.show()
def get_patch_adv():
from perceptron.utils.image import letterbox_image, draw_letterbox
from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model
from perceptron.zoo.yolov3.model import YOLOv3
from perceptron.attacks.vanish_patch import PatchVanishAttack
from perceptron.utils.criteria.detection import TargetClassMiss, RegionalTargetClassMiss
from perceptron.defences.bit_depth import BitDepth
benign_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_det")
adv_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_det")
benign_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_bit4_det")
adv_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_bit4_det")
kmodel = YOLOv3()
kmodel.load_weights('/home/yantao/workspace/projects/baidu/aisec/perceptron/perceptron/zoo/yolov3/model_data/yolov3.h5')
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
squz_fn = BitDepth(4)
for idx in range(frame_range[0], frame_range[1]):
img_name_noext = 'frame_{0:05d}'.format(idx)
patch_bbox = patch_dic[img_name_noext]
img_path = os.path.join("../../../../../../../../datasets/bdd_parts", video_name, "patch", img_name_noext + '.png')
image, shape = letterbox_image(
data_format='channels_last',
fname=img_path
)
output_benign = model.predictions(image)
with open(os.path.join(benign_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL)
image_squz = squz_fn(image)
output_benign_squz = model.predictions(image_squz)
with open(os.path.join(benign_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_benign_squz, f, protocol=pickle.HIGHEST_PROTOCOL)
attack = PatchVanishAttack(model, criterion=RegionalTargetClassMiss(2, patch_bbox))
draw = draw_letterbox(image, output_benign, shape[:2], model.class_names())
draw.save('letterbox_{0}.png'.format(idx))
image_adv = attack(image, mask=patch_bbox, binary_search_steps=1)
'''
mask_img = np.zeros((image.shape))
mask_img[patch_bbox[0] : patch_bbox[2] + 1, patch_bbox[1] : patch_bbox[3] + 1, :] = 1.0
for idx_0 in range(mask_img.shape[0]):
for idx_1 in range(mask_img.shape[1]):
for idx_2 in range(mask_img.shape[2]):
if mask_img[idx_0, idx_1, idx_2] == 0:
image_adv[idx_0, idx_1, idx_2] = image[idx_0, idx_1, idx_2]
'''
if image_adv is None:
image_adv = attack(image, mask=patch_bbox, binary_search_steps=5)
if image_adv is None:
continue
output_adv = model.predictions(image_adv)
with open(os.path.join(adv_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL)
draw = draw_letterbox(image_adv, output_adv, shape[:2], model.class_names())
draw.save('letterbox_adv_{0}.png'.format(idx))
image_adv_squz = squz_fn(image_adv)
output_adv_squz = model.predictions(image_adv_squz)
with open(os.path.join(adv_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv_squz, f, protocol=pickle.HIGHEST_PROTOCOL)