def gtsrb_poison(
split_type: str = "poison",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = None,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = None,
adversarial_key: str = None,
) -> datasets.ArmoryDataGenerator:
"""
German traffic sign poison dataset of size (48, 48, 3),
including only poisoned data
DataGenerator returns batches of (x_poison, y)
"""
return datasets._generator_from_tfds(
"gtsrb_bh_poison_micronnet:1.0.0",
split_type=split_type,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("image", "label"),
variable_length=bool(batch_size > 1),
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: (x, y),
)
def dapricot_test_adversarial(
split: str = "large+medium+small",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = dapricot_canonical_preprocessing,
label_preprocessing_fn: Callable = dapricot_label_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
shuffle_files: bool = False,
) -> datasets.ArmoryDataGenerator:
if batch_size != 1:
raise ValueError("D-APRICOT batch size must be set to 1")
if split == "adversarial":
split = "small+medium+large"
return datasets._generator_from_tfds(
"dapricot_test:1.0.0",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
label_preprocessing_fn=label_preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("image", ("objects", "patch_metadata")),
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
context=dapricot_adversarial_context,
)
def apricot_test_adversarial(
split: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = apricot_canonical_preprocessing,
label_preprocessing_fn: Callable = apricot_label_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
shuffle_files: bool = False,
**kwargs,
) -> datasets.ArmoryDataGenerator:
if batch_size != 1:
raise NotImplementedError("Currently working only with batch size = 1")
if "class_ids" in kwargs:
raise ValueError("Filtering by class is not supported for the APRICOT dataset")
# The apricot dataset uses 12 as the label for adversarial patches, which may be used for
# meaningful categories for other datasets. This method is applied as a lambda_map to convert
# this label from 12 to the ADV_PATCH_MAGIC_NUMBER_LABEL_ID -- we choose a negative integer
# for the latter since it is unlikely that such a number represents the ID of a class in
# another dataset
raw_adv_patch_category_id = 12
if split == "adversarial":
split = "frcnn+ssd+retinanet"
def replace_magic_val(data, raw_val, transformed_val, sub_key):
rhs = data[sub_key]
data[sub_key] = tf.where(
tf.equal(rhs, raw_val),
tf.ones_like(rhs, dtype=tf.int64) * transformed_val,
rhs,
)
return data
return datasets._generator_from_tfds(
"apricot_test:1.0.0",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
label_preprocessing_fn=label_preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("image", "objects"),
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: (
x,
replace_magic_val(
y, raw_adv_patch_category_id, ADV_PATCH_MAGIC_NUMBER_LABEL_ID, "labels",
),
),
context=apricot_adversarial_context,
**kwargs,
)
def ucf101_adversarial_112x112(
split: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = ucf101_adversarial_canonical_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial_perturbation",
targeted: bool = False,
shuffle_files: bool = False,
**kwargs,
) -> datasets.ArmoryDataGenerator:
"""
UCF 101 Adversarial Dataset of size (112, 112, 3),
including clean, adversarial perturbed, and
adversarial patched
DataGenerator returns batches of ((x_clean, x_adversarial), y)
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
adversarial_keys = ("adversarial_patch", "adversarial_perturbation")
if adversarial_key not in adversarial_keys:
raise ValueError(f"{adversarial_key} not in {adversarial_keys}")
if targeted:
if adversarial_key == "adversarial_perturbation":
raise ValueError("adversarial_perturbation is not a targeted attack")
def lambda_map(x, y):
return (
(x[clean_key], x[adversarial_key]),
(y[clean_key], y[adversarial_key]),
)
else:
def lambda_map(x, y):
return (x[clean_key], x[adversarial_key]), y[clean_key]
return datasets._generator_from_tfds(
"ucf101_mars_perturbation_and_patch_adversarial112x112:1.1.0",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("videos", "labels"),
variable_length=bool(batch_size > 1),
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda_map,
context=ucf101_adversarial_context,
**kwargs,
)
def resisc45_adversarial_224x224(
split: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = resisc45_adversarial_canonical_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial_univperturbation",
targeted: bool = False,
shuffle_files: bool = False,
) -> datasets.ArmoryDataGenerator:
"""
resisc45 Adversarial Dataset of size (224, 224, 3),
including clean, adversarial universal perturbation, and
adversarial patched
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
adversarial_keys = ("adversarial_univpatch",
"adversarial_univperturbation")
if adversarial_key not in adversarial_keys:
raise ValueError(f"{adversarial_key} not in {adversarial_keys}")
if targeted:
if adversarial_key == "adversarial_univperturbation":
raise ValueError(
"adversarial_univperturbation is not a targeted attack")
def lambda_map(x, y):
return (
(x[clean_key], x[adversarial_key]),
(y[clean_key], y[adversarial_key]),
)
else:
def lambda_map(x, y):
return (x[clean_key], x[adversarial_key]), y[clean_key]
return datasets._generator_from_tfds(
"resisc45_densenet121_univpatch_and_univperturbation_adversarial224x224:1.0.2",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("images", "labels"),
variable_length=False,
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda_map,
context=resisc45_adversarial_context,
)
def librispeech_adversarial(
split: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn:
Callable = librispeech_adversarial_canonical_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial_perturbation",
targeted: bool = False,
shuffle_files: bool = False,
) -> datasets.ArmoryDataGenerator:
"""
Adversarial dataset based on Librispeech-dev-clean including clean,
Universal Perturbation using PGD, and PGD.
split - one of ("adversarial")
returns:
Generator
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
adversarial_keys = ("adversarial_perturbation",
"adversarial_univperturbation")
if adversarial_key not in adversarial_keys:
raise ValueError(f"{adversarial_key} not in {adversarial_keys}")
if targeted:
raise ValueError(f"{adversarial_key} is not a targeted attack")
return datasets._generator_from_tfds(
"librispeech_adversarial:1.1.0",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("audio", "label"),
variable_length=bool(batch_size > 1),
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: ((x[clean_key], x[adversarial_key]), y),
context=librispeech_adversarial_context,
)
def imagenet_adversarial(
split: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = imagenet_adversarial_canonical_preprocessing,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial",
targeted: bool = False,
shuffle_files: bool = False,
**kwargs,
) -> datasets.ArmoryDataGenerator:
"""
ILSVRC12 adversarial image dataset for ResNet50
ProjectedGradientDescent
Iterations = 10
Max perturbation epsilon = 8
Attack step size = 2
Targeted = True
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
if adversarial_key != "adversarial":
raise ValueError(f"{adversarial_key} != 'adversarial'")
if targeted:
raise ValueError(f"{adversarial_key} is not a targeted attack")
return datasets._generator_from_tfds(
"imagenet_adversarial:1.1.0",
split=split,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
shuffle_files=shuffle_files,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: ((x[clean_key], x[adversarial_key]), y),
context=imagenet_adversarial_context,
**kwargs,
)
def librispeech_adversarial(
split_type: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = None,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial",
) -> datasets.ArmoryDataGenerator:
"""
Adversarial dataset based on Librispeech-dev-clean using Universal
Perturbation with PGD.
split_type - one of ("adversarial")
returns:
Generator
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
if adversarial_key != "adversarial":
raise ValueError(f"{adversarial_key} != 'adversarial'")
return datasets._generator_from_tfds(
"librispeech_adversarial:1.0.0",
split_type=split_type,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("audio", "label"),
variable_length=bool(batch_size > 1),
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: ((x[clean_key], x[adversarial_key]), y),
)
def ucf101_adversarial_112x112(
split_type: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = None,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial_perturbation",
) -> datasets.ArmoryDataGenerator:
"""
UCF 101 Adversarial Dataset of size (112, 112, 3),
including clean, adversarial perturbed, and
adversarial patched
DataGenerator returns batches of ((x_clean, x_adversarial), y)
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
adversarial_keys = ("adversarial_patch", "adversarial_perturbation")
if adversarial_key not in adversarial_keys:
raise ValueError(f"{adversarial_key} not in {adversarial_keys}")
return datasets._generator_from_tfds(
"ucf101_mars_perturbation_and_patch_adversarial112x112:1.0.0",
split_type=split_type,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("videos", "label"),
variable_length=bool(batch_size > 1),
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: ((x[clean_key], x[adversarial_key]), y),
)
def resisc45_adversarial_224x224(
split_type: str = "adversarial",
epochs: int = 1,
batch_size: int = 1,
dataset_dir: str = None,
preprocessing_fn: Callable = None,
cache_dataset: bool = True,
framework: str = "numpy",
clean_key: str = "clean",
adversarial_key: str = "adversarial_univpatch",
) -> datasets.ArmoryDataGenerator:
"""
resisc45 Adversarial Dataset of size (224, 224, 3),
including clean, adversarial universal perturbation, and
adversarial patched
"""
if clean_key != "clean":
raise ValueError(f"{clean_key} != 'clean'")
adversarial_keys = ("adversarial_univpatch",
"adversarial_univperturbation")
if adversarial_key not in adversarial_keys:
raise ValueError(f"{adversarial_key} not in {adversarial_keys}")
return datasets._generator_from_tfds(
"resisc45_densenet121_univpatch_and_univperturbation_adversarial224x224:1.0.1",
split_type=split_type,
batch_size=batch_size,
epochs=epochs,
dataset_dir=dataset_dir,
preprocessing_fn=preprocessing_fn,
as_supervised=False,
supervised_xy_keys=("images", "label"),
variable_length=False,
cache_dataset=cache_dataset,
framework=framework,
lambda_map=lambda x, y: ((x[clean_key], x[adversarial_key]), y),
)
