def main(use_cuda):
"""
Advbox demo which demonstrate how to use advbox.
"""
TOTAL_NUM = 500
IMG_NAME = 'img'
LABEL_NAME = 'label'
img = fluid.layers.data(name=IMG_NAME, shape=[3, 32, 32], dtype='float32')
# gradient should flow
img.stop_gradient = False
label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64')
logits = resnet_cifar10(img, 32)
cost = fluid.layers.cross_entropy(input=logits, label=label)
avg_cost = fluid.layers.mean(x=cost)
#根据配置选择使用CPU资源还是GPU资源
place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace()
exe = fluid.Executor(place)
BATCH_SIZE = 1
test_reader = paddle.batch(paddle.reader.shuffle(
paddle.dataset.cifar.test10(), buf_size=128 * 10),
batch_size=BATCH_SIZE)
fluid.io.load_params(exe,
"cifar10/resnet/",
main_program=fluid.default_main_program())
# advbox demo
m = PaddleModel(fluid.default_main_program(),
IMG_NAME,
LABEL_NAME,
logits.name,
avg_cost.name, (0, 255),
channel_axis=0)
#形状为[1,28,28] channel_axis=0 形状为[28,28,1] channel_axis=2
attack = SinglePixelAttack(m)
attack_config = {"max_pixels": 32 * 32}
# use test data to generate adversarial examples
total_count = 0
fooling_count = 0
for data in test_reader():
total_count += 1
img = data[0][0]
img = np.reshape(img, [3, 32, 32])
adversary = Adversary(img, data[0][1])
#adversary = Adversary(data[0][0], data[0][1])
# SinglePixelAttack non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
fooling_count += 1
print(
'attack success, original_label=%d, adversarial_label=%d, count=%d'
% (data[0][1], adversary.adversarial_label, total_count))
else:
print('attack failed, original_label=%d, count=%d' %
(data[0][1], total_count))
if total_count >= TOTAL_NUM:
print(
"[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f"
% (fooling_count, total_count,
float(fooling_count) / total_count))
break
print("SinglePixelAttack attack done")
def main(use_cuda):
"""
Advbox demo which demonstrate how to use advbox.
"""
class_dim = 1000
IMG_NAME = 'img'
LABEL_NAME = 'label'
#模型路径 http://paddle-imagenet-models.bj.bcebos.com/resnet_50_model.tar 下载并解压
#pretrained_model = "models/resnet_50/115"
pretrained_model = "models/alexnet/116/"
image_shape = [3, 224, 224]
image = fluid.layers.data(name=IMG_NAME,
shape=image_shape,
dtype='float32')
label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64')
# model definition
model = AlexNet()
out = model.net(input=image, class_dim=class_dim)
# 根据配置选择使用CPU资源还是GPU资源
place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace()
exe = fluid.Executor(place)
#加载模型参数
if pretrained_model:
def if_exist(var):
return os.path.exists(os.path.join(pretrained_model, var.name))
logger.info("Load pretrained_model")
fluid.io.load_vars(exe, pretrained_model, predicate=if_exist)
cost = fluid.layers.cross_entropy(input=out, label=label)
avg_cost = fluid.layers.mean(x=cost)
logging.info("Build advbox")
# advbox demo 黑盒攻击 直接传入测试版本的program
m = PaddleBlackBoxModel(fluid.default_main_program().clone(for_test=True),
IMG_NAME,
LABEL_NAME,
out.name, (0, 1),
channel_axis=0)
#不定向攻击
# 形状为[1,28,28] channel_axis=0 形状为[28,28,1] channel_axis=2
attack = SinglePixelAttack(m)
attack_config = {"max_pixels": 224 * 224, "isPreprocessed": True}
test_data = get_image("cat.png")
original_data = np.copy(test_data)
# 猫对应的标签 imagenet 2012 对应链接https://blog.csdn.net/LegenDavid/article/details/73335578
original_label = None
adversary = Adversary(original_data, original_label)
logger.info("Non-targeted Attack...")
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, original_label=%d, adversarial_label=%d' %
(adversary.original_label, adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#从[3,224,224]转换成[224,224,3]
adversary_image *= img_std
adversary_image += img_mean
adversary_image = np.array(adversary_image *
255).astype("uint8").transpose([1, 2, 0])
im = Image.fromarray(adversary_image)
im.save("adversary_image.jpg")
else:
print('attack failed, original_label=%d' % (adversary.original_label))
logger.info("SinglePixelAttack attack done")