def attack(img, label, net, target=None, pixels=1, maxiter=75, popsize=400, verbose=False):
# img: 1*3*W*H tensor
# label: a number
targeted_attack = target is not None
target_calss = target if targeted_attack else label
bounds = [(0,28), (0,28), (0,255)] * pixels
popmul = max(1, popsize//len(bounds))
predict_fn = lambda xs: predict_classes(
xs, img, target_calss, net, target is None)
callback_fn = lambda x, convergence: attack_success(
x, img, target_calss, net, targeted_attack, verbose)
inits = np.zeros([popmul*len(bounds), len(bounds)])
for init in inits:
for i in range(pixels):
init[i*3+0] = np.random.random()*28
init[i*3+1] = np.random.random()*28
init[i*3+2] = np.random.normal(128,127)
attack_result = differential_evolution(predict_fn, bounds, maxiter=maxiter, popsize=popmul,
recombination=1, atol=-1, callback=callback_fn, polish=False, init=inits)
attack_image = perturb_image(attack_result.x, img)
attack_var = attack_image.cuda()
predicted_probs = F.softmax(net(attack_var), dim=1).data.cpu().numpy()[0]
predicted_class = np.argmax(predicted_probs)
if (not targeted_attack and predicted_class != label) or (targeted_attack and predicted_class == target_calss):
return 1, attack_result.x.astype(int), attack_image, predicted_class
return 0, [None], None, None
def attack(self, img, model, target=None, pixel_count=1,
maxiter=75, popsize=400, verbose=False, plot=False):
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else self.y_test[img, 0]
# print("----------------------------------------------------",self.y_test[img,0])
# print("++++++++++++++++++++++++++++++++++++++++++++++++++++",target_class)
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = self.dimensions
# bounds = [(0,dim_x), (0,dim_y), (0,256), (0,256), (0,256)] * pixel_count
bounds = [(0, dim_x), (0, dim_y), (0, 256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: self.predict_classes(
xs, self.x_test[img], target_class, model, target is None)
# print(predict_fn)
callback_fn = lambda x, convergence: self.attack_success(
x, self.x_test[img], target_class, model, targeted_attack, verbose)
# print(callback_fn)
#print('模型的输入:',predict_fn,'类型为:',predict_fn.type)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(
predict_fn, bounds, maxiter=maxiter, popsize=popmul,
recombination=1, atol=-1, callback=callback_fn, polish=False)
# Calculate some useful statistics to return from this function
attack_image = helper.perturb_image(attack_result.x, self.x_test[img])[0]
#print('***********************************************')
#print('attack_image',attack_image)
temp_list = attack_image.tolist()
#print('***********************************************')
# Calculate the L2 norm to represent the revise size
L2_img = attack_image - self.x_test[img]
L2_img = np.array(L2_img)
L2_img = L2_img.reshape(784)
# print(L2_img)
L2_norm = np.sqrt(np.sum(np.square(L2_img)))
prior_probs = model.predict(np.array([self.x_test[img]]))[0]
# print('-----------------------_test1', prior_probs)
predicted_probs = model.predict(np.array([attack_image]))[0]
# print('-----------------------_test2', predicted_probs)
predicted_class = np.argmax(predicted_probs)
actual_class = self.y_test[img, 0]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
if plot:
helper.plot_image(attack_image, actual_class, self.class_names, predicted_class)
return [model.name, pixel_count, img, actual_class, predicted_class, success, cdiff, prior_probs,
predicted_probs, attack_result.x, L2_norm,]
def attack_fix_scale(input_data,
ground_truth_label,
target=None,
verbose=False,
pixel_count=1,
maxiter=5,
popsize=10,
seed=17):
# Change the target class based on whether this is a targeted attack or not
data = input_data.copy()
targeted_attack = target is not None
target_class = target if targeted_attack else ground_truth_label
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
bounds = [(0, int(16000 / batch_size))] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: predict_classes(xs, data, target_class)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
recombination=1,
atol=-1,
popsize=popsize,
polish=False,
seed=seed)
return attack_result.x
def attack(self,img, label, net, target=None, pixels=1, maxiter=75, popsize=400, verbose=False):
# img: 1*3*W*H tensor
# label: a number
targeted_attack = target is not None
target_calss = target if targeted_attack else label
image_size = 227
img_numpy = img.numpy()[0,:,:,:]
img_numpy = np.reshape(img_numpy, (image_size, image_size, 3))
print(type(img_numpy),"<-------------- type ",img_numpy.shape)
objs = self.roi.get_roi(img_numpy,w=8, threshold=.5)
print(objs[0][1].start, objs[0][0].start, objs[0][1].stop, objs[0][0].stop)
if self.img_ch==3:
#bounds = [(0,image_size), (0,image_size), (0,255), (0,255), (0,255)] * pixels
bounds = [(objs[0][1].start,objs[0][1].stop), (objs[0][0].start,objs[0][0].stop), (0,255), (0,255), (0,255)] * pixels
elif self.img_ch==1:
#bounds = [(0,image_size), (0,image_size), (0,1)] * pixels
bounds = [(objs[0][1].start,objs[0][1].stop), (objs[0][0].start,objs[0][0].stop), (0,1)] * pixels
popmul = max(1, popsize/len(bounds))
predict_fn = lambda xs: self.predict_classes(
xs, img, target_calss, net, target is None)
callback_fn = lambda x, convergence: self.attack_success(
x, img, target_calss, net, targeted_attack, verbose)
# print("type.popmul", type(popmul))
inits = np.zeros([int(popmul*len(bounds)), len(bounds)])
for init in inits:
for i in range(pixels):
if self.img_ch == 3:
init[i*5+0] = np.random.random()*image_size
init[i*5+1] = np.random.random()*image_size
init[i*5+2] = np.random.normal(128,127)
init[i*5+3] = np.random.normal(128,127)
init[i*5+4] = np.random.normal(128,127)
elif self.img_ch==1:
init[i*3+0] = np.random.random()*image_size
init[i*3+1] = np.random.random()*image_size
init[i*3+2] = np.random.normal(-1,1)
attack_result = differential_evolution(predict_fn, bounds, maxiter=maxiter, popsize=popmul,
recombination=1, atol=-1, callback=callback_fn, polish=False, init=inits)
attack_image = self.perturb_image(attack_result.x, img)
#attack_var = Variable(attack_image, volatile=True).cuda()
attack_var = Variable(attack_image, volatile=True).to(self.device)
predicted_probs = F.softmax(net(attack_var)).data.cpu().numpy()[0]
predicted_class = np.argmax(predicted_probs)
if (not targeted_attack and predicted_class != label) or (targeted_attack and predicted_class == target_calss):
return 1, attack_result.x.astype(int),attack_var
return 0, [None], attack_var
def attack(img,
label,
net,
target=None,
pixels=1,
maxiter=75,
popsize=400,
verbose=False):
'''
- img: 1*3*W*H tensor
- label: a number
'''
targeted_attack = target is not None
target_class = target if targeted_attack else label
# TODO - bounds are explicitly hardcoded to CIFAR10 images
bounds = [(0, 32), (0, 32), (0, 255), (0, 255), (0, 255)] * pixels
popmul = max(1, popsize // len(bounds))
predict_fn = lambda xs: predict_classes(xs, img, target_class, net, target
is None)
callback_fn = lambda x, convergence: attack_success(
x, img, target_class, net, targeted_attack, verbose)
inits = np.zeros([popmul * len(bounds), len(bounds)])
for init in inits:
for i in range(pixels):
init[i * 5 + 0] = np.random.random() * 32
init[i * 5 + 1] = np.random.random() * 32
init[i * 5 + 2] = np.random.normal(128, 127)
init[i * 5 + 3] = np.random.normal(128, 127)
init[i * 5 + 4] = np.random.normal(128, 127)
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False,
init=inits)
attack_image = perturb_image(attack_result.x, img)
# TODO - Variable is deprecated, use torch.from_numpy; by default,
# `requires_grad` is False.
attack_var = Variable(attack_image, volatile=True).cuda() if use_cuda \
else Variable(attack_image, volatile=True)
predicted_probs = F.softmax(net(attack_var)).data.cpu().numpy()[0]
predicted_class = np.argmax(predicted_probs)
if (not targeted_attack and predicted_class != label) or \
(targeted_attack and predicted_class == target_class):
return 1, attack_result.x.astype(int)
return 0, [None]
def attack(self, img, model, target=None, pixel_count=1,
maxiter=75, popsize=400, verbose=False, plot=False, preprocessing_cb=None):
"""
@img: index to the image you want to attack
@model: the model to attack
@target: the index to the target you want to aim for
@pixel_count: how many pixels to have in your attack
@maxiter: maximum number of iterations on optimization
@popsize: size of the population to use at each iteration of the optimization
@verbose: boolean, controls printing
@plot: boolean, whether to plot the final results
"""
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else self.y_test[img, 0]
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = self.dimensions
bounds = [(0,dim_x), (0,dim_y), (0, 255), (0, 255), (0., 255)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: self.predict_classes(
xs, self.x_test[img], target_class, model, target is None, preprocessing_cb=preprocessing_cb)
callback_fn = lambda x, convergence: self.attack_success(
x, self.x_test[img], target_class, model, targeted_attack, verbose, preprocessing_cb=preprocessing_cb)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(
predict_fn, bounds, maxiter=maxiter, popsize=popmul,
recombination=1, atol=-1, callback=callback_fn, polish=False)
# Calculate some useful statistics to return from this function
attack_image = helper.perturb_image(attack_result.x, self.x_test[img].copy())[0]
if preprocessing_cb is not None:
original_img = preprocessing_cb(self.x_test[img].copy())
attack_image = preprocessing_cb(attack_image.copy())
else:
original_img = self.x_test[img].copy()
prior_probs = model.predict(np.array([original_img]))[0]
predicted_probs = model.predict(np.array([attack_image]))[0]
predicted_class = np.argmax(predicted_probs)
actual_class = self.y_test[img, 0]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
if plot:
helper.plot_image(attack_image, actual_class, self.class_names, predicted_class)
return [model.name, pixel_count, img, actual_class, predicted_class, success, cdiff, prior_probs, predicted_probs, attack_result.x]
def de_testeiteracoes(n):
global DADOS_EXECUCAO
global ITERACOES
DADOS_EXECUCAO = []
ITERACOES = 0
return differential_evolution(rastrigin, [(-5.12, 5.12)] * n,
maxiter=10000,
tol=-inf,
popsize=20,
recombination=0.5)
def attack(img,
label,
net,
target=None,
pixels=1,
maxiter=75,
popsize=400,
verbose=False):
# img: 1*3*W*H tensor
# label: a number
targeted_attack = target is not None
target_calss = target if targeted_attack else label
image_size = 32
# bounds = [(0,28), (0,28), (0,255), (0,255), (0,255)] * pixels
bounds = [(0, 28), (0, 28), (0, 1)] * pixels
popmul = max(1, popsize / len(bounds))
predict_fn = lambda xs: predict_classes(xs, img, target_calss, net, target
is None)
callback_fn = lambda x, convergence: attack_success(
x, img, target_calss, net, targeted_attack, verbose)
# print("type.popmul", type(popmul))
inits = np.zeros([int(popmul * len(bounds)), len(bounds)])
# 400x5,400个种子,每个种子的维度是5,就是改变5个地方?
for init in inits:
for i in range(pixels):
init[i * 3 + 0] = np.random.random() * 28 #[0, 31]
init[i * 3 + 1] = np.random.random() * 28
init[i * 3 + 2] = np.random.normal(-1, 1) #[-127, 127]
# init[i*5+3] = np.random.normal(128,127)
# init[i*5+4] = np.random.normal(128,127)
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False,
init=inits)
attack_image = perturb_image(attack_result.x, img)
attack_var = Variable(attack_image, volatile=True).cuda()
predicted_probs = F.softmax(net(attack_var)).data.cpu().numpy()[0]
predicted_class = np.argmax(predicted_probs)
if (not targeted_attack and predicted_class != label) or (
targeted_attack and predicted_class == target_calss):
return 1, attack_result.x.astype(int)
return 0, [None]
def attack(self,
img,
model,
pixel_count=1,
maxiter=125,
popsize=400,
plot=False):
# Change the target class based on whether this is a targeted attack or not
target_class = self.y_test[img, 0]
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = self.dimensions
bounds = [(0, dim_x), (0, dim_y), (0, 256), (0, 256),
(0, 256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: model.predict(
perturb_image(xs, self.x_test[img]))[0]
callback_fn = lambda x, convergence: self.attack_success(
x, self.x_test[img], target_class, model)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False)
# Calculate some useful statistics to return from this function
attack_image = helper.perturb_image(attack_result.x,
self.x_test[img])[0]
prior_probs = model.predict(np.array([self.x_test[img]]))[0]
predicted_probs = model.predict(np.array([attack_image]))[0]
predicted_class = np.argmax(predicted_probs)
actual_class = self.y_test[img, 0]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
if plot:
helper.plot_image(attack_image, actual_class, self.class_names,
predicted_class)
return [
model.name, pixel_count, img, actual_class, predicted_class,
success, cdiff, prior_probs, predicted_probs, attack_result.x
]
def attack(img,
target=None,
pixel_count=1,
maxiter=75,
popsize=400,
verbose=False):
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else y_test[img]
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
bounds = [(88, 255), (0, 255), (0, 255)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: predict_classes(xs, X_test[img], target_class,
target is None)
callback_fn = lambda x, convergence: attack_success(
x, img, target_class, targeted_attack, verbose)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False)
# Calculate some useful statistics to return from this function
attack_image = perturb_image(attack_result.x, X_test[img])
# prior_probs = y_prob.eval(feed_dict={x: X_test[img].reshape([1,256,256,1])})[0]
# predicted_probs = y_prob.eval(feed_dict={x: attack_image})[0]
prior_probs = get_y_prob(X_test[img])[0]
predicted_probs = get_y_prob(attack_image)[0]
predicted_class = np.argmax(predicted_probs)
actual_class = y_test[img]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
plot_image(attack_image, actual_class, class_names, predicted_class)
return [
attack_image, pixel_count, img, actual_class, predicted_class, success,
cdiff, prior_probs, predicted_probs, attack_result.x
]
def attack(img,
label,
net,
target=None,
pixels=1,
maxiter=75,
popsize=400,
verbose=False):
# img: 1*3*W*H tensor
# label: a number
global use_cuda
targeted_attack = target is not None
target_calss = target if targeted_attack else label
bounds = [(0, 32), (0, 32), (0, 255), (0, 255), (0, 255)] * pixels
popmul = max(1, int(popsize / len(bounds)))
predict_fn = lambda xs: predict_classes(xs, img, target_calss, net, target
is None)
callback_fn = lambda x, convergence: attack_success(
x, img, target_calss, net, targeted_attack, verbose)
inits = np.zeros([popmul * len(bounds), len(bounds)])
for init in inits:
for i in range(pixels):
init[i * 5 + 0] = np.random.random() * 32
init[i * 5 + 1] = np.random.random() * 32
init[i * 5 + 2] = np.random.normal(128, 127)
init[i * 5 + 3] = np.random.normal(128, 127)
init[i * 5 + 4] = np.random.normal(128, 127)
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False,
init=inits)
attack_image = perturb_image(attack_result.x, img)
attack_var = Variable(attack_image, volatile=True)
if use_cuda:
attack_var = attack_var.cuda()
predicted_class = np.argmax(net(attack_var).data.cpu().numpy()[0])
return attack_image, predicted_class
def attack(self,
image,
actual_class,
target,
pixel_count,
dimensions,
maxiter=75,
popsize=400,
verbose=False):
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else actual_class
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = dimensions
bounds = [(0, dim_x), (0, dim_y), (0, 256), (0, 256),
(0, 256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
def predict_fn(xs):
return self.predict_classes(xs, image, target_class,
target is None)
def callback_fn(x, convergence):
return self.attack_success(x, image, target_class, targeted_attack,
verbose)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False)
# Calculate some useful statistics to return from this function
attack_image = perturb_image(attack_result.x, image)[0]
predicted_probs = self.model.predict(np.array([attack_image]))[0]
return attack_image
def attack(self,
img,
model,
label,
pixel_count=1,
maxiter=75,
popsize=400):
# Define bounds for a flat vector of x,y,r,g,b values
dim_x, dim_y, channels = self.dimensions
if channels == 3:
bounds = [(0, dim_x), (0, dim_y), (0, 256), (0, 256),
(0, 256)] * pixel_count
else:
bounds = [(0, dim_x), (0, dim_y), (0, 256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: self.predict_classes(xs, img, label, model)
callback_fn = lambda x, convergence: self.attack_success(
x, img, label, model)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False)
# Calculate some useful statistics to return from this function
attack_image = self.perturb_image(attack_result.x, img)[0]
prior_probs = model.predict(np.expand_dims(img, axis=0))[0]
predicted_probs = model.predict(np.expand_dims(attack_image,
axis=0))[0]
predicted_class = np.argmax(predicted_probs)
success = predicted_class != label
cdiff = prior_probs[label] - predicted_probs[label]
return [predicted_class, attack_image]
def attack(self, img, model, target=None, pixel_count=1,
maxiter=75, popsize=400, verbose=False, plot=False):
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else self.y_test[img,0]
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = self.dimensions
bounds = [(0,dim_x), (0,dim_y), (0,256), (0,256), (0,256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
predict_fn = lambda xs: self.predict_classes(
xs, self.x_test[img], target_class, model, target is None)
callback_fn = lambda x, convergence: self.attack_success(
x, self.x_test[img], target_class, model, targeted_attack, verbose)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(
predict_fn, bounds, maxiter=maxiter, popsize=popmul,
recombination=1, atol=-1, callback=callback_fn, polish=False)
# Calculate some useful statistics to return from this function
attack_image = helper.perturb_image(attack_result.x, self.x_test[img])[0]
prior_probs = model.predict(np.array([self.x_test[img]]))[0]
predicted_probs = model.predict(np.array([attack_image]))[0]
predicted_class = np.argmax(predicted_probs)
actual_class = self.y_test[img,0]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
if plot:
helper.plot_image(attack_image, actual_class, self.class_names, predicted_class)
return [model.name, pixel_count, img, actual_class, predicted_class, success, cdiff, prior_probs, predicted_probs, attack_result.x]
def attack(self, i, pixel_count=1, maxiter=75, popsize=400, verbose=False):
# define bounds for a flat vector, delta has format [index, value]
# ensure the validity of the pixel
bounds = [(0, num_input), (-0.1, 0.1)] * pixel_count
# population multipliers
popmul = max(1, popsize // len(bounds))
# objective function to be minimized
predict_fn = lambda deltas: -self.objective(deltas, i)[0]
# early stop
callback_fn = lambda delta, convergence: self.attack_success(delta, i, verbose)
# con = lambda deltas: 0.1 - self.objective(deltas, i)[1]
# call differential evolution
# cons = {'type': 'ineq', "fun": con}
# evaluation
attack_result = differential_evolution(predict_fn, bounds, strategy='best1bin', maxiter=maxiter, popsize=popmul,
recombination=1, callback=callback_fn, polish=False, atol=1)
new_measurement = helper.perturb_meas(attack_result.x, self.measurement[i])
# x_hat
estimated_state = self.model.model.predict(np.reshape(self.measurement[i], (-1, num_input)))
# x_tilda_hat
new_estimated_state = self.model.model.predict(np.reshape(new_measurement, (-1, num_input)))
# print(new_estimated_state.shape)
# z_tilda_hat
# print(new_estimated_measurement.shape)
# print(self.measurement[i].shape)
# print(new_estimated_state)
# print(estimated_state)
# state_diff = np.sqrt(np.sum(np.square(new_estimated_state - estimated_state), axis=1))
# print(state_diff.shape)
new_estimated_measurement = self.bus.estimated_np(new_estimated_state)
meas_diff = np.sqrt(np.sum(np.square(new_estimated_measurement - new_measurement), axis=1))
restore_meas_diff = np.sqrt(np.sum(np.square(restore_meas(new_estimated_measurement) - restore_meas(new_measurement)), axis=1))
restore_state_diff_mag = np.sum(np.abs(restore_state(new_estimated_state)[:, :num_bus] - restore_state(estimated_state)[:, :num_bus]))
restore_state_diff_ang = np.sum(np.abs(restore_state(new_estimated_state)[:, num_bus:] - restore_state(estimated_state)[:, num_bus:])) * 180 / pi
i = int(attack_result.x[0])
min_ = min_meas_np[i]
max_ = max_meas_np[i]
restore_injection = (attack_result.x[1])/2 * (max_ - min_)
# print(new_measurement * (max_-min_) + min_)
# print(new_estimated_measurement)
# print(self.measurement[i] * (max_-min_) + min_)
# success = (restore_state_diff_ang > 5)
# if verbose:
# # print("original measurement", self.measurement)
# # print("new measurement", new_measurement)
# print("attack vector", attack_result.x)
# # print("original state", estimated_state)
# # print("after attack", new_estimated_state)
# print("state distortion", state_diff)
# return [int(attack_result.x[0]), attack_result.x[1]]
return [pixel_count, i, restore_state_diff_mag, restore_state_diff_ang, meas_diff[0], restore_meas_diff[0], int(attack_result.x[0]), attack_result.x[1], restore_injection]
def generate(self, images, labels):
"""Generate adversarial images
"""
preds = np.argmax(to_np(self.model(to_var(images))), axis=1)
images = denormalize(images, self.args.dataset) * 255
#self.n_pix = int(images.size(2)*images.size(3)*self.args.gamma)
bounds = [(0, images[0].size(1) - 1), (0, images[0].size(2) - 1),
(0, 255), (0, 255), (0, 255)] * self.n_pix
adv_images = []
adv_labels = []
for i in range(len(images)):
self.image = images[i]
self.label = int(preds[i])
if self.target is not None:
self.label = self.target
self.convergence = False
if self.init == 'normal':
x_loc = np.random.uniform(0, images[0].size(1),
self.n_pix * self.popsize)
y_loc = np.random.uniform(0, images[0].size(2),
self.n_pix * self.popsize)
val = np.array(
np.split(
np.random.normal(128, 127,
self.n_pix * self.popsize * 3), 3))
init = np.array(
np.split(np.vstack((x_loc, y_loc, val)),
self.n_pix,
axis=1))
init = np.transpose(init.reshape(-1, self.popsize))
else:
init = self.init
self.step = 0
if self.args.domain_restrict:
self.mapping = self.create_map(self.args.gamma,
self.kwargs.get('artifact'))
else:
self.mapping = lambda x, y: (x, y)
result = differential_evolution(self.optimize,
bounds,
init=init,
strategy=self.strategy,
maxiter=self.max_iter,
popsize=self.popsize,
seed=self.args.seed,
callback=self.callback,
mutation=0.5,
recombination=1,
polish=False,
tol=0,
atol=-1)
adv_image = self.perturb(result.x).squeeze(0)
adv_images.append(adv_image)
adv_labels.append(self.label)
self.step_meter.update(self.step - 1)
#print("Average step per iter: {}".format(self.step_meter.avg))
return torch.stack(adv_images), torch.LongTensor(
adv_labels) #, torch.FloatTensor(steps)
def single_pixel_attack(images,
labels,
class_names,
img_id,
model,
target=None,
pixel_count=1,
maxiter=75,
popsize=400,
verbose=False,
plot=False,
dimensions=(32, 32)):
# Change the target class based on whether this is a targeted attack or not
targeted_attack = target is not None
target_class = target if targeted_attack else labels[img_id, 0]
ack = PixelAttacker([model], (images, labels), class_names)
# Define bounds for a flat vector of x,y,r,g,b values
# For more pixels, repeat this layout
dim_x, dim_y = dimensions
bounds = [(0, dim_x), (0, dim_y), (0, 256), (0, 256),
(0, 256)] * pixel_count
# Population multiplier, in terms of the size of the perturbation vector x
popmul = max(1, popsize // len(bounds))
# Format the predict/callback functions for the differential evolution algorithm
def predict_fn(xs):
return ack.predict_classes(xs, images[img_id], target_class, model,
target is None)
def callback_fn(x, convergence):
return ack.attack_success(x, images[img_id], target_class, model,
targeted_attack, verbose)
# Call Scipy's Implementation of Differential Evolution
attack_result = differential_evolution(predict_fn,
bounds,
maxiter=maxiter,
popsize=popmul,
recombination=1,
atol=-1,
callback=callback_fn,
polish=False)
# Calculate some useful statistics to return from this function
attack_image = helper.perturb_image(attack_result.x, images[img_id])[0]
prior_probs = model.predict(np.array([images[img_id]]))[0]
predicted_probs = model.predict(np.array([attack_image]))[0]
predicted_class = np.argmax(predicted_probs)
actual_class = labels[img_id, 0]
success = predicted_class != actual_class
cdiff = prior_probs[actual_class] - predicted_probs[actual_class]
# Show the best attempt at a solution (successful or not)
if plot:
helper.plot_image(attack_image, actual_class, class_names,
predicted_class)
return [
attack_image, model.name, pixel_count, img_id, actual_class,
predicted_class, success, cdiff, prior_probs, predicted_probs,
attack_result.x
]
def de_testeiteracoes(n):
global DADOS_EXECUCAO
global ITERACOES
DADOS_EXECUCAO = []
ITERACOES = 0
return differential_evolution(rastrigin, [(-5.12, 5.12)]*n, maxiter=10000, tol=-inf, popsize=20, recombination=0.5)
