def __init__(self,
model,
ensemble=None,
back='tf',
sess=None,
dtypestr='float32'):
"""
All params are the same as the original version in Cleverhans. There is
one extra param:
:param ensemble: (required) a list (indexed by class) of lists of
high-level feature detectors (order does not matter for
the inner listss)
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
if not isinstance(model, Model):
model = CallableModelWrapper(model, 'logits')
super(CarliniWagnerL2_WB, self).__init__(model, back, sess, dtypestr)
self.ensemble = ensemble
import tensorflow as tf
self.feedable_kwargs = {'y': self.tf_dtype, 'y_target': self.tf_dtype}
self.structural_kwargs = [
'batch_size', 'confidence', 'targeted', 'learning_rate',
'binary_search_steps', 'max_iterations', 'abort_early',
'initial_const', 'clip_min', 'clip_max'
]
def __init__(self, model, sess, dtypestr="float32", **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, "logits")
super(CarliniWagnerL2, self).__init__(model, sess, dtypestr, **kwargs)
self.feedable_kwargs = ("y", "y_target")
self.structural_kwargs = [
"batch_size",
"confidence",
"targeted",
"learning_rate",
"binary_search_steps",
"max_iterations",
"abort_early",
"initial_const",
"clip_min",
"clip_max",
]
def __init__(self, models, sess, dtypestr='float32', **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
self.models = []
for model in models:
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, 'logits')
self.models.append(model)
# if not isinstance(model, Model):
# wrapper_warning_logits()
# model = CallableModelWrapper(model, 'logits')
super(ElasticNetMethod, self).__init__(model, sess, dtypestr, **kwargs)
self.feedable_kwargs = ('y', 'y_target')
self.structural_kwargs = [
'beta',
'decision_rule',
'batch_size',
'confidence',
'targeted',
'learning_rate',
'binary_search_steps',
'max_iterations',
'abort_early',
'initial_const',
'clip_min',
'clip_max',
'rnd',
]
def __init__(self, model, back='tf', sess=None):
"""
Create a FastGradientMethod instance.
"""
super(FastGradientMethod, self).__init__(model, back, sess)
self.feedable_kwargs = {
'eps': np.float32,
'y': np.float32,
'y_target': np.float32,
'clip_min': np.float32,
'clip_max': np.float32
}
self.structural_kwargs = ['ord']
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'probs')
def __init__(self, model, back='tf', sess=None):
"""
Create a FastGradientMethod instance.
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
super(FastGradientMethod, self).__init__(model, back, sess)
self.feedable_kwargs = {'eps': np.float32,
'y': np.float32,
'y_target': np.float32,
'clip_min': np.float32,
'clip_max': np.float32}
self.structural_kwargs = ['ord']
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'probs')
def singleFGSM(torch_model, xs, ys, eps, c, h, w, clip_min, clip_max):
sess = tf.Session()
x_op = tf.placeholder(tf.float32, shape=(
None,
c,
h,
w,
))
# Convert pytorch model to a tf_model and wrap it in cleverhans
tf_model_fn = convert_pytorch_model_to_tf(torch_model)
cleverhans_model = CallableModelWrapper(tf_model_fn, output_layer='logits')
# Create an FGSM attack
atk_op = FastGradientMethod(cleverhans_model, sess=sess)
atk_params = {'eps': eps, 'clip_min': clip_min, 'clip_max': clip_max}
adv_x_op = atk_op.generate(x_op, **atk_params)
# Run an evaluation of our model against fgsm
xs, ys = xs.to(device), ys.to(device)
adv = torch.from_numpy(sess.run(adv_x_op, feed_dict={x_op: xs}))
pred = np.argmax(torch_model(adv).data.cpu().numpy())
if ys != pred:
adv = adv.numpy()
return adv
else:
return []
def __init__(self, model, sess, dtypestr='float32', **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, 'logits')
super(BoundaryAttackPlusPlus, self).__init__(model, sess, dtypestr,
**kwargs)
self.feedable_kwargs = ('y_target', 'image_target')
self.structural_kwargs = [
'stepsize_search',
'clip_min',
'clip_max',
'constraint',
'num_iterations',
'initial_num_evals',
'max_num_evals',
'batch_size',
'verbose',
'gamma',
]
def __init__(self, model, back='tf', sess=None):
"""
Create a DeepFool instance.
"""
super(DeepFool, self).__init__(model, back, sess)
if self.back == 'th':
raise NotImplementedError('Theano version not implemented.')
import tensorflow as tf
self.structural_kwargs = [
'over_shoot', 'max_iter', 'clip_max', 'clip_min', 'nb_candidate'
]
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'logits')
def __init__(self, models, sess, dtypestr='float32', **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
self.models = []
for model in models:
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, 'logits')
self.models.append(model)
super(HopSkipJumpAttack, self).__init__(self.models[0], sess,
dtypestr, **kwargs)
self.feedable_kwargs = ('y_target', 'image_target', 'original_label')
self.structural_kwargs = [
'stepsize_search',
'clip_min',
'clip_max',
'constraint',
'num_iterations',
'initial_num_evals',
'max_num_evals',
'batch_size',
'verbose',
'gamma',
'label_rep',
]
def __init__(self, model, sess, dtypestr="float32", **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, "logits")
super(HopSkipJumpAttack, self).__init__(model, sess, dtypestr,
**kwargs)
self.feedable_kwargs = ("y_target", "image_target")
self.structural_kwargs = [
"stepsize_search",
"clip_min",
"clip_max",
"constraint",
"num_iterations",
"initial_num_evals",
"max_num_evals",
"batch_size",
"verbose",
"gamma",
]
def __init__(self,
model,
sess=None,
dtypestr='float32',
default_rand_init=True,
**kwargs):
"""
Based on ProjectedGradientDescent in cleverhans.
"""
if not isinstance(model, Model):
model = CallableModelWrapper(model, 'probs')
super(FDA, self).__init__(model,
sess=sess,
dtypestr=dtypestr,
**kwargs)
self.feedable_kwargs = {
'eps': self.np_dtype,
'eps_iter': self.np_dtype,
'y': self.np_dtype,
'y_target': self.np_dtype,
'clip_min': self.np_dtype,
'clip_max': self.np_dtype
}
self.structural_kwargs = ['ord', 'nb_iter', 'rand_init']
def __init__(self, dataset, model):
super(PGDAdaptor, self).__init__(dataset, model)
self.config = tf.ConfigProto(gpu_options=tf.GPUOptions(
per_process_gpu_memory_fraction=0.5))
self.config.gpu_options.allow_growth = True
self.graph = tf.Graph()
self.sess = tf.Session(graph=self.graph, config=self.config)
input_shape = get_input_shape(dataset)
with self.sess.graph.as_default():
with self.sess.as_default():
self.tf_model = convert_pytorch_model_to_tf(self.model)
self.ch_model = CallableModelWrapper(self.tf_model,
output_layer='logits')
self.x_op = tf.placeholder(tf.float32,
shape=(
None,
input_shape[0],
input_shape[1],
input_shape[2],
))
self.attk = ProjectedGradientDescent(self.ch_model,
sess=self.sess)
self.adv_preds_ops = dict()
def __init__(self, model, back='tf', sess=None):
super(CarliniWagnerL2, self).__init__(model, back, sess)
if self.back == 'th':
raise NotImplementedError('Theano version not implemented.')
import tensorflow as tf
self.feedable_kwargs = {'y': tf.float32, 'y_target': tf.float32}
self.structural_kwargs = [
'nb_classes', 'batch_size', 'confidence', 'targeted',
'learning_rate', 'binary_search_steps', 'max_iterations',
'abort_early', 'initial_const', 'clip_min', 'clip_max'
]
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'logits')
def __init__(self, model, back='tf', sess=None):
"""
Create a MadryEtAl instance.
"""
super(MadryEtAl, self).__init__(model, back, sess)
self.feedable_kwargs = {
'eps': np.float32,
'eps_iter': np.float32,
'y': np.float32,
'y_target': np.float32,
'clip_min': np.float32,
'clip_max': np.float32
}
self.structural_kwargs = ['ord', 'nb_iter']
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'probs')
def __init__(self, model, back='tf', sess=None):
"""
Create a SaliencyMapMethod instance.
"""
super(SaliencyMapMethod, self).__init__(model, back, sess)
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'probs')
if self.back == 'th':
error = "Theano version of SaliencyMapMethod not implemented."
raise NotImplementedError(error)
import tensorflow as tf
self.feedable_kwargs = {'targets': tf.float32}
self.structural_kwargs = ['theta', 'gamma', 'nb_classes',
'clip_max', 'clip_min']
def eval_model(model, env, y_placeholder, obs_placeholder, attack_method,
attack_ord=2, num_rollouts=5, eps=0.1,
trial_num=0, render=False, alg_name='ERROR', env_name='ERROR'):
# cleverhans needs to get the logits tensor, but expects you to run
# through and recompute it for the given observation
# even though the graph is already created
cleverhans_model = CallableModelWrapper(lambda o: y_placeholder, "logits")
attack = ATTACKS[attack_method](cleverhans_model)
fgsm_params = {'eps': eps, 'ord': attack_ord}
# we'll keep tracking metrics here
prev_done_step = 0
stats = {}
rewards = []
stats['eval_step'] = 0
stats['episode'] = 0
stats['episode_reward'] = 0.
obs = env.reset()
num_episodes = 0
while num_episodes < num_rollouts:
# the attack_op tensor will generate the perturbed state!
attack_op = attack.generate(obs_placeholder, **fgsm_params)
adv_obs = attack_op.eval({obs_placeholder: obs[None, :]})
action = model(adv_obs)[0]
# it's time for my child to act out in this adversarial world
obs, rew, done, _ = env.step(action)
reward = rew[0] if isinstance(env, VecEnv) else rew
if render:
env.render()
done = done.any() if isinstance(done, np.ndarray) else done
# let's get our metrics
stats['eval_step'] += 1
stats['episode_reward'] += reward
stats['episode_len'] = stats['eval_step'] + prev_done_step
if done:
rewards.append(stats['episode_reward'])
obs = env.reset()
prev_done_step = stats['eval_step']
track.debug("Finished episode %d!" % (stats['episode']))
stats['episode'] += 1
stats['episode_reward'] = 0
stats['eval_step'] = 0
num_episodes += 1
# track metrics to access later through pandas
track.metric(iteration=stats['eval_step'] + prev_done_step,
trial_num=trial_num,
**stats)
env.close()
np.save('./data/{0}_{1}_{2}_{3}_{4}.npy'.format(alg_name, env_name, attack_method, attack_ord, eps), rewards)
print('REWARDS', rewards)
return stats # gimme the final stats for the episode
def __init__(self, model, back='tf', sess=None):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
super(VirtualAdversarialMethod, self).__init__(model, back, sess)
import tensorflow as tf
self.feedable_kwargs = {
'eps': tf.float32,
'xi': tf.float32,
'clip_min': tf.float32,
'clip_max': tf.float32
}
self.structural_kwargs = ['num_iterations']
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'logits')
def __init__(self, model, back='tf', sess=None):
super(VirtualAdversarialMethod, self).__init__(model, back, sess)
if self.back == 'th':
error = "For the Theano version of VAM please call vatm directly."
raise NotImplementedError(error)
import tensorflow as tf
self.feedable_kwargs = {
'eps': tf.float32,
'xi': tf.float32,
'clip_min': tf.float32,
'clip_max': tf.float32
}
self.structural_kwargs = ['num_iterations']
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'logits')
def __init__(self, model, back='tf', sess=None):
"""
Create a SaliencyMapMethod instance.
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
super(SaliencyMapMethod, self).__init__(model, back, sess)
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'probs')
if self.back == 'th':
error = "Theano version of SaliencyMapMethod not implemented."
raise NotImplementedError(error)
import tensorflow as tf
self.feedable_kwargs = {'y_target': tf.float32}
self.structural_kwargs = ['theta', 'gamma', 'clip_max', 'clip_min']
def cleverhans_spsa(model, data_iter, attack_size):
while True:
count = 0
try:
image, label = next(data_iter)
label = np.array([label])
except StopIteration:
break
print('Start attacking image {}'.format(count))
for x in range():
for y in range():
print("location {}".format((x, y)))
subimg = get_subimgs(image, (x, y), attack_size)
#Build model
tic = time.time()
subimg_op = Input(shape=(3, attack_size[0], attack_size[1]))
adv_img_op = ApplyStickerLayer(image, attack_size,
(x, y))(subimg_op)
wrapped_logits_op = model(adv_img_op)
wrapped_model = Model(inputs=subimg_op,
outputs=wrapped_logits_op)
tac = time.time()
print('{}s to build graph for attack'.format(tac - tic))
wrapper = CallableModelWrapper(wrapped_model, "logits")
wrapper.nb_classes = 1000
attack = SPSA(wrapper, sess=keras.backend.get_session())
spsa_params = {
'eps': 2.5,
'clip_min': -2.3,
'clip_max': 2.7,
'nb_iter': 40,
'y': label.astype(np.int32)
}
print('Start attacking...')
tic = time.time()
adv = attack.generate_np(subimg, **spsa_params)
tac = time.time()
print("Attack Time: {}s".format(tac - tic))
# Evaluate adversarial sticker
adv_logits = wrapped_model.predict(adv)
print("Adversarial image: top-5 prediction: {}, label: {}".
format(np.argsort(adv_logits, axis=1)[:, -5:], label))
def __init__( self, sess, in_tensor_name, out_tensor_name, mean=None, std=None ):
callable_model = CleverHansWrapperWrapper( sess, in_tensor_name, out_tensor_name, mean, std )
cleverhans_model = CallableModelWrapper( callable_model, 'logits' )
self.sess = sess
self.attack = ProjectedGradientDescent( cleverhans_model, sess=sess )
self.output_ten = tf.get_default_graph().get_tensor_by_name( out_tensor_name )
self.input_ten = tf.get_default_graph().get_tensor_by_name( in_tensor_name )
self.output_shape = [ dim.value for dim in self.output_ten.shape ]
self.mean = mean
self.std = std
def spsa_attack():
# Use tf for evaluation on adversarial data
tf_config = tf.ConfigProto()
tf_config.gpu_options.allow_growth = True
sess = tf.Session(config=tf_config)
# Convert pytorch model to a tf_model and wrap it in cleverhans
tf_model_fn = convert_pytorch_model_to_tf(model, out_dims=10)
cleverhans_model = CallableModelWrapper(tf_model_fn, output_layer='logits')
cleverhans_model.nb_classes = 10
# Create an SPSA attack
spsa = SPSA(cleverhans_model, sess=sess)
spsa_params = {
'eps': args.eps,
'nb_iter': args.ns,
'clip_min': 0.,
'clip_max': 1.,
'spsa_samples': args.
spsa_samples, # in this case, the batch_size is equal to spsa_samples
'spsa_iters': 1,
'early_stop_loss_threshold': 0
}
# Evaluation against SPSA attacks
correct = 0
total = 0
for batch_idx, (inputs, targets) in enumerate(test_loader):
advs = spsa.generate_np(inputs.numpy(),
y=targets.numpy().astype(np.int32),
**spsa_params)
with torch.no_grad():
correct += (model(
torch.tensor(advs).cuda()).topk(1)[1].cpu().eq(targets)
).sum().item()
total += len(inputs)
sys.stdout.write("\rBlack-box SPSA attack... Acc: %.3f%% (%d/%d)" %
(100. * correct / total, correct, total))
sys.stdout.flush()
print('Accuracy under SPSA attack: %.3f%%' % (100. * correct / total))
def __init__(self, model, sess, dtypestr='float32', **kwargs):
"""
Note: the model parameter should be an instance of the
cleverhans.model.Model abstraction provided by CleverHans.
"""
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, 'logits')
super(CarliniWagnerL2Std, self).__init__(model, sess, dtypestr,
**kwargs)
def __init__(self, model, dtypestr="float32"):
"""
Creates a BasicIterativeMethod instance in eager execution.
:param model: cleverhans.model.Model
:param dtypestr: datatype in the string format.
"""
if not isinstance(model, Model):
wrapper_warning()
model = CallableModelWrapper(model, "probs")
super(BasicIterativeMethod, self).__init__(model, dtypestr)
def __init__(self, model, sess, dtypestr='float32', **kwargs):
"""
Create a DeepFool instance.
"""
if not isinstance(model, Model):
wrapper_warning_logits()
model = CallableModelWrapper(model, 'logits')
super(DeepFool, self).__init__(model, sess, dtypestr, **kwargs)
self.structural_kwargs = [
'overshoot', 'max_iter', 'clip_max', 'clip_min', 'nb_candidate'
]
def __init__(self, model, back='tf', sess=None):
"""
Create a MadryEtAl instance.
"""
super(SuperWhite, self).__init__(model, back, sess)
self.feedable_kwargs = {
'eps': np.float32,
'eps_iter': np.float32,
'y': np.float32,
'y_target': np.float32,
'clip_min': np.float32,
'clip_max': np.float32
}
self.structural_kwargs = [
'ord', 'nb_iter', 'rand_init', 'batch_size', 'delta_marginal',
'delta_logit', 'delta_kl', 'detection_lambda', 'kl_prob_vec',
'combine_logits'
]
if not isinstance(self.model, Model):
self.model = CallableModelWrapper(self.model, 'logits')
def __init__(self, dataset, model):
super(CWAdaptor, self).__init__(dataset, model)
self.config = tf.ConfigProto()
self.config.gpu_options.allow_growth = True
self.sess = tf.Session(config=self.config)
self.tf_model = convert_pytorch_model_to_tf(self.model)
self.ch_model = CallableModelWrapper(self.tf_model,
output_layer='logits')
self.dataset = dataset
def __init__(self, model, dtypestr='float32'):
"""
Creates a BasicIterativeMethod instance in eager execution.
:model: CNN network, should be an instance of
cleverhans.model.Model, if not wrap
the output to probs.
:dtypestr: datatype in the string format.
"""
if not isinstance(model, Model):
model = CallableModelWrapper(model, 'probs')
super(BasicIterativeMethod, self).__init__(model, dtypestr)
def __init__(self, model, dtypestr="float32", **kwargs):
"""
Creates a FastGradientMethod instance in eager execution.
:model: cleverhans.model.Model
:dtypestr: datatype in the string format.
"""
del kwargs
if not isinstance(model, Model):
wrapper_warning()
model = CallableModelWrapper(model, "probs")
super(FastGradientMethod, self).__init__(model, dtypestr)
def __init__(self, model, sess, dtypestr='float32', **kwargs):
if not isinstance(model, Model):
wrapper_warning()
model = CallableModelWrapper(model, 'probs')
super(LBFGS, self).__init__(model, sess, dtypestr, **kwargs)
self.feedable_kwargs = ('y_target', )
self.structural_kwargs = [
'batch_size', 'binary_search_steps', 'max_iterations',
'initial_const', 'clip_min', 'clip_max'
]