def generate_adv_images(gpu, attack_algo, dataset, source_data_dir, train_start=0, train_end=1000000, test_start=0, test_end=100000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=0.001, testing=False, num_threads=None, label_smoothing=0.1, args=FLAGS): """ CIFAR10 cleverhans tutorial :param source_data_dir: the CIFAR-10 source data directory :param train_start: index of first training set example :param train_end: index of last training set example :param test_start: index of first test set example :param test_end: index of last test set example :param nb_epochs: number of epochs to train model :param batch_size: size of training batches :param learning_rate: learning rate for training :param clean_train: perform normal training on clean examples only before performing adversarial training. :param testing: if true, complete an AccuracyReport for unit tests to verify that performance is adequate :param label_smoothing: float, amount of label smoothing for cross entropy :return: an AccuracyReport object """ os.environ["CUDA_DEVICE_ORDER"] = "PCI_BUS_ID" os.environ["CUDA_VISIBLE_DEVICES"] = gpu if "batch_size" in UNTARGETED_ATTACKER_PARAM[attack_algo]: global BATCH_SIZE batch_size = UNTARGETED_ATTACKER_PARAM[attack_algo]["batch_size"] config.BATCH_SIZE = batch_size output_dir = DATASET_ADV_OUTPUT[args.dataset] + "/" + args.arch os.makedirs(output_dir, exist_ok=True) report = AccuracyReport() # if (os.path.exists(output_dir + "/{0}_untargeted_train.npz".format(attack_algo)) and # os.path.exists(output_dir + "/{0}_untargeted_test.npz".format(attack_algo))): # return report # Object used to keep track of (and return) key accuracies # Set TF random seed to improve reproducibility tf.set_random_seed(1234) # Set logging level to see debug information set_log_level(logging.DEBUG) # Create TF session config_args = {} if num_threads: config_args = dict(intra_op_parallelism_threads=1) config_args["gpu_options"] = tf.GPUOptions(allow_growth=True) sess = tf.Session(config=tf.ConfigProto(**config_args)) # Get CIFAR10 data if dataset == "CIFAR10": data = CIFAR10(data_dir=source_data_dir, train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) elif dataset == "CIFAR100" or dataset == "CIFAR100_coarse_label": data = CIFAR100(data_dir=source_data_dir, dataset_name=dataset, train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) elif dataset == "MNIST" or dataset == "FashionMNIST": data = MNIST(data_dir=source_data_dir, train_start=train_start, train_end=train_end, test_start=test_start, test_end=test_end) elif dataset == "ImageNet": data = MiniImageNet(data_dir=source_data_dir, train_start=train_start, train_end=train_end, test_start=test_start, num_classes=CLASS_NUM["ImageNet"], arch=args.arch) elif dataset == "TinyImageNet": data = TinyImageNet(data_dir=source_data_dir, train_start=train_start, train_end=train_end, test_start=test_start, num_classes=CLASS_NUM["TinyImageNet"]) dataset_size = data.x_train.shape[0] dataset_train = data.to_tensorflow()[0] # dataset_train = dataset_train.shuffle(buffer_size=2000) dataset_train = dataset_train.map( lambda x, y: (random_shift(random_horizontal_flip(x)), y), 4) dataset_train = dataset_train.batch(batch_size) dataset_train = dataset_train.prefetch(16) x_train, y_train = data.get_set('train') x_test, y_test = data.get_set('test') # Use Image Parameters img_rows, img_cols, nchannels = x_test.shape[1:4] nb_classes = y_test.shape[1] # Define input TF placeholder x = tf.placeholder(tf.float32, shape=(batch_size, img_rows, img_cols, nchannels)) y = tf.placeholder(tf.float32, shape=(batch_size, nb_classes)) # Train an MNIST model train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate } eval_params = {'batch_size': batch_size} rng = np.random.RandomState([2017, 8, 30]) def do_generate_eval(adv_x, pred_adv_x, x_set, y_set, report_key, is_adv=None): adv_images_total, adv_pred_total, gt_label_total, success_rate = untargeted_advx_image_eval( sess, x, y, adv_x, pred_adv_x, x_set, y_set, args=eval_params) setattr(report, report_key, success_rate) if is_adv is None: report_text = None elif is_adv: report_text = 'adversarial' else: report_text = 'legitimate' if report_text: print('adversarial attack successful rate on %s: %0.4f' % (report_text, success_rate)) return adv_images_total, adv_pred_total, gt_label_total, success_rate # shape = (total, H,W,C) def do_eval(preds, x_set, y_set, report_key, is_adv=None): acc = model_eval(sess, x, y, preds, x_set, y_set, args=eval_params) setattr(report, report_key, acc) if is_adv is None: report_text = None elif is_adv: report_text = 'adversarial' else: report_text = 'legitimate' print('Test accuracy on %s examples: %0.4f' % (report_text, acc)) if args.arch == "conv4": model = Shallow4ConvLayersConv( args.arch, IMG_SIZE[dataset], CLASS_NUM[dataset], in_channels=DATASET_INCHANNELS[args.dataset], dim_hidden=64) model.is_training = False # elif args.arch == "conv10": # model = Shallow10ConvLayersConv(args.arch, CLASS_NUM[dataset], nb_filters=64, # input_shape=[IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset]]) elif args.arch == "vgg16": model = VGG16("vgg_16", CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) model.is_training = False elif args.arch == "vgg16small": model = VGG16Small(args.arch, CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) elif args.arch == "resnet10": model = ResNet10(args.arch, CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) elif args.arch == "resnet18": model = ResNet18(args.arch, CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) elif args.arch == "resnet50": model = ResNet50(args.arch, CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) elif args.arch == "resnet101": model = ResNet101(args.arch, CLASS_NUM[dataset], [ IMG_SIZE[dataset], IMG_SIZE[dataset], DATASET_INCHANNELS[args.dataset] ]) def evaluate(): if hasattr(model, "is_training"): model.is_training = False preds = model.get_logits(x) # tf.tensor do_eval(preds, x_test, y_test, 'clean_train_clean_eval', False) if hasattr(model, "is_training"): model.is_training = True resume = TF_CLEAN_IMAGE_MODEL_PATH[args.dataset] + "/{0}".format(args.arch) os.makedirs(resume, exist_ok=True) print("using folder {} to store model".format(resume)) resume_files = os.listdir(resume) loss = CrossEntropy(model, smoothing=label_smoothing) if len(resume_files) == 0 or len( list( filter(lambda e: os.path.isfile(resume + "/" + e), resume_files))) == 0: # clean train must be done! if hasattr(model, "is_training"): model.is_training = True var_list = tf.trainable_variables() g_list = tf.global_variables() bn_moving_vars = [g for g in g_list if 'moving_mean' in g.name] bn_moving_vars += [g for g in g_list if 'moving_variance' in g.name] var_list += bn_moving_vars saver = tf.train.Saver(var_list=var_list) train(sess, loss, None, None, model, dataset_train=dataset_train, dataset_size=dataset_size, evaluate=evaluate, args=train_params, rng=rng, var_list=model.get_params()) # 训练nb_epochs个epochs save_path = saver.save(sess, "{}/model".format(resume), global_step=nb_epochs) print("Model saved in path: %s" % save_path) else: if len(os.listdir(resume)) == 1 and os.listdir(resume)[0].endswith( "ckpt"): path = resume + "/" + os.listdir(resume)[0] var_list = tf.trainable_variables() g_list = tf.global_variables() bn_moving_vars = [g for g in g_list if 'moving_mean' in g.name] bn_moving_vars += [ g for g in g_list if 'moving_variance' in g.name ] var_list += bn_moving_vars saver = tf.train.Saver(var_list=var_list) saver.restore(sess, path) print("load pretrained model {}".format(path)) else: # resume from old latest_checkpoint = tf.train.latest_checkpoint(resume) var_list = tf.trainable_variables() g_list = tf.global_variables() bn_moving_vars = [g for g in g_list if 'moving_mean' in g.name] bn_moving_vars += [ g for g in g_list if 'moving_variance' in g.name ] var_list += bn_moving_vars saver = tf.train.Saver(var_list=var_list) saver.restore(sess, latest_checkpoint) print("load pretrained model {}".format(resume)) # Calculate training error if testing: evaluate() if hasattr(model, "is_training"): model.is_training = False # Initialize the Fast Gradient Sign Method (FGSM) attack object and # graph attacker = ATTACKERS[attack_algo](model, sess=sess) param_dict = UNTARGETED_ATTACKER_PARAM[attack_algo] if attack_algo in NEED_TARGETED_Y: y_target = look_for_target_otherthan_gt(y, CLASS_NUM[args.dataset]) y_target = tf.reshape(y_target, (batch_size, -1)) param_dict["y_target"] = y_target adv_x = attacker.generate(x, **param_dict) # tensor preds_adv = model.get_logits(adv_x) # generate adversarial examples adv_images_total, adv_pred_total, gt_label_total, success_rate = do_generate_eval( adv_x, preds_adv, x_train, y_train, "clean_train_adv_eval", True) np.savez(output_dir + "/{0}_untargeted_train.npz".format(attack_algo), adv_images=adv_images_total, adv_pred=adv_pred_total, gt_label=gt_label_total, attack_success_rate=success_rate) adv_images_total, adv_pred_total, gt_label_total, success_rate = do_generate_eval( adv_x, preds_adv, x_test, y_test, "clean_test_adv_eval", True) np.savez(output_dir + "/{0}_untargeted_test.npz".format(attack_algo), adv_images=adv_images_total, adv_pred=adv_pred_total, gt_label=gt_label_total, attack_success_rate=success_rate) print('generate {} adversarial image done'.format(attack_algo)) return report
report_text = 'adversarial' else: report_text = 'legitimate' if report_text: print('Test accuracy on %s examples: %0.4f' % (report_text, acc)) def evaluate(): do_eval(preds, x_test, y_test, 'clean_train_clean_eval', False) # Set up training data config_args = {} data = MNIST(train_start=0, train_end=50000, test_start=0, test_end=10000) dataset_size = data.x_train.shape[0] dataset_train = data.to_tensorflow()[0] dataset_train = dataset_train.map( lambda x, y: (random_shift(random_horizontal_flip(x)), y), 4) dataset_train = dataset_train.batch(128) dataset_train = dataset_train.prefetch(16) x_train, y_train = data.get_set('train') x_test, y_test = data.get_set('test') nb_classes = y_test.shape[1] train_params = { 'nb_epochs': nb_epochs, 'batch_size': batch_size, 'learning_rate': learning_rate } eval_params = {'batch_size': batch_size} fgsm_params = {'eps': 0.2, 'clip_min': 0., 'clip_max': 1.}