def test_save(self):
import os
path = 'tmp'
filename = 'model.h5'
classifier = KerasClassifier((0, 1), model=self.model_mnist)
classifier.save(filename, path=path)
self.assertTrue(os.path.isfile(os.path.join(path, filename)))
# Remove saved file
os.remove(os.path.join(path, filename))
eps_step=1 / 255,
max_iter=20,
batch_size=512)
x_test_pgd = attack.generate(x_test, y_test)
# np.save('./data/' + dataset + '_data/model/' + model_name + '_y_' + attack_name + '.npy', x_test_pgd)
# Evaluate the benign trained model on adv test set
labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
print('Accuracy on original PGD adversarial samples: %.2f%%' %
(np.sum(labels_pgd == labels_true) / x_test.shape[0] * 100))
trainer = AdversarialTrainer(classifier, attack, ratio=1.0)
trainer.fit(x_train, y_train, nb_epochs=60, batch_size=1024)
classifier.save(filename='adv_' + model_name + '.h5',
path='../data/' + dataset + '_data/model/')
# Evaluate the adversarially trained model on clean test set
labels_true = np.argmax(y_test, axis=1)
labels_test = np.argmax(classifier.predict(x_test), axis=1)
print('Accuracy test set: %.2f%%' %
(np.sum(labels_test == labels_true) / x_test.shape[0] * 100))
# Evaluate the adversarially trained model on original adversarial samples
labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
print('Accuracy on original PGD adversarial samples: %.2f%%' %
(np.sum(labels_pgd == labels_true) / x_test.shape[0] * 100))
# Evaluate the adversarially trained model on fresh adversarial samples produced on the adversarially trained model
x_test_pgd = attack.generate(x_test, y_test)
labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
eps_step=0.007,
max_iter=40)
x_adv = attack.generate(x=x_train)
print("------Training Robust Model------")
x_train_final = np.append(x_train, x_adv, axis=0)
y_train_final = np.append(y_train, y_train, axis=0)
if not os.path.isfile('robust_model.h5'):
print(x_adv.shape, y_train.shape, x_train_final.shape,
y_train_final.shape, x_train.shape)
robust_model = robust_cnn.fit(x_train_final,
y_train_final,
nb_epochs=1,
batch_size=128)
robust_cnn.save('robust_model.h5')
else:
cnn.load_weights('robust_model.h5')
print("Loaded Robust model")
print("------Evaluating robust classifier-----")
accuracy = np.sum(np.argmax(predict, axis=1) == y_test) / len(y_test)
print('Accuracy on benign test examples: {:.3f}%'.format(accuracy * 100))
x_example = x_test[example]
# Generate adversarial test examples
# Evaluate the ART classifier on adversarial test examples
print("*" * 100)
attack = FastGradientMethod(classifier=robust_cnn, eps=0.03)
x_test_adv = attack.generate(x=x_test)
perturbation = np.mean(np.abs((x_test_adv - x_test)))
def main(args):
logging.info('brokers={}'.format(args.brokers))
logging.info('readtopic={}'.format(args.readtopic))
logging.info('creating kafka consumer')
consumer = KafkaConsumer(
args.readtopic,
bootstrap_servers=args.brokers,
value_deserializer=lambda val: loads(val.decode('utf-8')))
logging.info("finished creating kafka consumer")
if args.dbxtoken != '':
dbx = dropbox.Dropbox(args.dbxtoken)
else:
dbx = None
logging.info('No Dropbox token provided')
while True:
for message in consumer:
if (message.value['status']
== 'Ready') and (message.value['modelurl']):
logging.info('Received {}'.format(message.value))
(X_train, y_train), (X_test, y_test) = cifar10.load_data()
X_train = X_train.reshape(X_train.shape[0], 32, 32,
3).astype('float32')
X_test = X_test.reshape(X_test.shape[0], 32, 32,
3).astype('float32')
y_train = to_categorical(y_train, 10)
y_test = to_categorical(y_test, 10)
modelurl = message.value['modelurl']
logging.info('model={}'.format(modelurl))
model_filename = 'base_model.h5'
location = os.path.join(ART_DATA_PATH, model_filename)
try:
os.remove(location)
except OSError as error:
pass
path = get_file(model_filename,
extract=False,
path=ART_DATA_PATH,
url=modelurl)
kmodel = load_model(path)
model = KerasClassifier(
kmodel,
use_logits=False,
clip_values=[float(args.min),
float(args.max)])
logging.info('finished acquiring model')
imagefiles = dbx.files_list_folder('/images')
adversaries = False
for dbximage in imagefiles.entries:
filepath = '/images/' + dbximage.name
filename = dbximage.name
label = filename.split('_')[-3]
response = dbx.files_download(filepath)[1]
img = Image.open(BytesIO(response.content))
logging.info('downloaded file {}'.format(dbximage.name))
image = np.array(img.getdata()).reshape(
1, img.size[0], img.size[1], 3).astype('float32')
if adversaries is False:
X_adv = image
y_adv = [label]
adversaries = True
else:
X_adv = np.append(X_adv, image, axis=0)
y_adv = np.append(y_adv, [label], axis=0)
y_adv = to_categorical(y_adv, 10)
X_train = np.append(X_train, X_adv, axis=0)
y_train = np.append(y_train, y_adv, axis=0)
if args.testmode == '0':
model.fit(X_train, y_train, nb_epochs=83,
batch_size=50) # Per ART 360 example
else:
model.fit(X_train, y_train, nb_epochs=1,
batch_size=50) # Testing only
model_basename = model_filename.split('.')[0]
adv_model_name = model_basename + '_adv'
adv_model_filename = adv_model_name + '.h5'
model.save(adv_model_filename)
outfilename = '/models/{}'.format(adv_model_filename)
adv_model_fullpath = '/opt/app-root/src/.art/data/' + adv_model_filename
mfile = open(adv_model_fullpath, 'rb')
dbx.files_upload(f=mfile.read(),
path=outfilename,
mode=dropbox.files.WriteMode(
'overwrite', None))
mfile.close()
share_link = dbx.sharing_create_shared_link_with_settings(
outfilename)
conn = psycopg2.connect(host=args.dbhost,
port=5432,
dbname=args.dbname,
user=args.dbusername,
password=args.dbpassword)
cur = conn.cursor()
query = 'INSERT into models(URL, FILENAME, MODELNAME) VALUES(%s, %s, %s)'
cur.execute(query,
(share_link, adv_model_filename, adv_model_name))
conn.commit()
logging.info('updated database with new model')
cur.close()
conn.close()
x_train_adv = adv_crafter.generate(x_train)
logger.info('Craft attack test examples')
x_test_adv = adv_crafter.generate(x_test)
# Evaluate the classifier on the adversarial samples
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
logger.info('Classifier before adversarial training')
logger.info('Accuracy on adversarial samples: %.2f%%', (acc * 100))
# Data augmentation: expand the training set with the adversarial samples
x_train = np.append(x_train, x_train_adv, axis=0)
y_train = np.append(y_train, y_train, axis=0)
# Retrain the CNN on the extended dataset
model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy'])
classifier.fit(x_train, y_train, nb_epochs=10, batch_size=128)
# Evaluate the adversarially trained classifier on the test set
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
logger.info('Classifier with adversarial training')
logger.info('Accuracy on adversarial samples: %.2f%%', (acc * 100))
print('adversarial-robustness-toolbox/examples/cifar_adversarial_training_from_ART_BIM.py')
#save the model
model_name = datetime.now().strftime("%Y%m%d-%H%M%S") + 'cifar_adversarial_training_BIM.h5'
save_dir = os.path.join(os.getcwd(), 'saved_models')
model_path = os.path.join(save_dir, model_name)
print('Saved trained model at %s ' % model_path)
classifier.save(model_path)
kernel_size=(5, 5),
strides=1,
activation='relu',
input_shape=(28, 28, 1)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(
Conv2D(filters=10,
kernel_size=(5, 5),
strides=1,
activation='relu',
input_shape=(23, 23, 4)))
model.add(MaxPooling2D(pool_size=(2, 2)))
model.add(Flatten())
model.add(Dense(100, activation='relu'))
model.add(Dense(10, activation='softmax'))
model.compile(loss=keras.losses.categorical_crossentropy,
optimizer=keras.optimizers.SGD(lr=0.01),
metrics=['accuracy'])
# Step 3: Create the ART classifier
classifier = KerasClassifier(model=model,
clip_values=(min_pixel_value, max_pixel_value),
use_logits=False)
# Step 4: Train the ART classifier
classifier.fit(x_train, y_train, batch_size=32, nb_epochs=10)
classifier.save('cnn_simple_mnist.model')
