def get_image(fname, framework_name, model_name, data_format):
"""Get the image suitable for target model."""
kwargs = get_image_format(framework_name, model_name)
kwargs['data_format'] = data_format
kwargs['fname'] = fname
image = load_image(**kwargs)
return image
def main(args):
imgs_dir = args.imgs_dir
input_dir = os.path.join(args.data_dir, imgs_dir, "benign")
if not DEBUG:
output_dir = os.path.join(args.data_dir, imgs_dir, "adv")
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
os.mkdir(output_dir)
image_name_list = os.listdir(input_dir)
kmodel = YOLOv3()
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
if args.attack_mtd == 'cw_targetclsmiss':
attack = CarliniWagnerLinfMetric(model, criterion=TargetClassMiss(2))
elif args.attack_mtd == 'noise_numberchange':
attack = AdditiveGaussianNoiseMetric(
model, criterion=TargetClassNumberChange(-1))
elif args.attack_mtd == 'bright_numberchange':
attack = BrightnessMetric(model, criterion=TargetClassNumberChange(-1))
else:
raise ValueError('Invalid attack method {0}'.format(args.attack_mtd))
for _, image_name in enumerate(tqdm(image_name_list)):
temp_img_path_benign = os.path.join(input_dir, image_name)
image_benign = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_benign,
absolute_path=True)
try:
annotation_ori = model.predictions(image_benign)
if args.attack_mtd == 'cw_targetclsmiss':
image_adv_benign = attack(image_benign,
binary_search_steps=1,
unpack=True)
else:
image_adv_benign = attack(image_benign,
annotation_ori,
epsilons=1000,
unpack=True)
except:
print('Attack failed.')
continue
image_adv_benign_pil = Image.fromarray(
(image_adv_benign * 255).astype(np.uint8))
if not DEBUG:
image_adv_benign_pil.save(os.path.join(output_dir, image_name))
from perceptron.utils.image import load_image
from perceptron.utils.image import imagenet_example
from perceptron.utils.criteria.classification import Misclassification
from perceptron.utils.image import load_image
from perceptron.models.classification.cloud import AipAntiPornModel, GoogleSafeSearchModel, GoogleObjectDetectionModel
from perceptron.utils.criteria.classification import MisclassificationSafeSearch
from perceptron.utils.criteria.detection import TargetClassMissGoogle
from perceptron.attacks import GaussianBlurAttack
def test_untargeted_SafeSearch(image, label=None):
model = GoogleSafeSearchModel()
pred = model.predictions(image)
attack = Attack(model, criterion=MisclassificationSafeSearch())
adversarial_obj = attack(image, label, unpack=False, epsilons=100)
print(adversarial_obj.distance)
return adversarial_obj.distance, adversarial_obj.image
if __name__ == "__main__":
path = 'mia.png'
img = load_image(dtype=np.uint8, fname=path)
dist, image = test_untargeted_SafeSearch(img)
from PIL import Image
print(image.shape)
print(image[0][0])
adversarial_show = (image).astype(np.uint8)
img = Image.fromarray(adversarial_show).save(
'./perceptron/utils/images/test_out_safe_search.png')
model = PyTorchModel(
vgg16, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std))
print(np.argmax(model.predictions(image)))
attack = Attack(model, criterion=Misclassification())
print(image.shape)
adversarial = attack(image, label, unpack=True)
def test_untargeted_resnet18(image, label=None):
import torch
import torchvision.models as models
from perceptron.models.classification import PyTorchModel
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1))
std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1))
resnet18 = models.resnet18(pretrained=True).eval()
if torch.cuda.is_available():
resnet18 = resnet18.cuda()
model = PyTorchModel(
resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std))
print(np.argmax(model.predictions(image)))
attack = Attack(model, criterion=Misclassification())
adversarial = attack(image, label, unpack=True)
if __name__ == "__main__":
image = load_image(
shape=(224, 224), data_format='channels_first', fname='car.png')
image = image / 255.
label = 644
test_untargeted_vgg16(image, label)
if __name__ == "__main__":
import csv
import pdb
file_name = '../temp_test_result.csv'
img_dir = '../temp_images'
with open(file_name, 'w') as csvfile:
writer = csv.writer(csvfile,
delimiter=',',
quotechar='"',
quoting=csv.QUOTE_MINIMAL)
writer.writerow(["model", "result"])
from PIL import Image
# alexnet
image = load_image(shape=(224, 224),
data_format='channels_first',
fname='test_car.png')
image = image / 255.
label = 656
distance, adversarial = test_untargeted_AlexNet(image, label)
adversarial_show = np.transpose(adversarial, (1, 2, 0))
adversarial_show = (adversarial_show * 255).astype(np.uint8)
img = Image.fromarray(adversarial_show).save(img_dir +
'/test_out_alex.png')
with open(file_name, 'a') as csvfile:
writer = csv.writer(csvfile,
delimiter=',',
quotechar='"',
quoting=csv.QUOTE_MINIMAL)
writer.writerow(["alexnet", "{0:.4e}".format(distance.value)])
'https://perceptron-benchmark.s3-us-west-1.amazonaws.com/images/p**n.jpeg')
# fill in your Baidu AIP credentials
appId = '#'
apiKey = '#'
secretKey = "#"
if appId is '#':
print(bcolors.RED + 'Please fill in your Baidu AIP credential.')
exit(0)
credential = (appId, apiKey, secretKey)
model = AipAntiPornModel(credential)
# get source image and label
image = load_image(dtype=np.uint8, fname='p**n.jpeg')
metric = RotationMetric(model, criterion=MisclassificationAntiPorn())
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, ang_range=(-90., 90.), epsilons=50, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC)
exit(-1)
################### print summary info #####################################
keywords = ['Cloud', 'AipAntiPorn', 'Misclassification', 'Rotation']
true_label = str(model.predictions(image))
def main(args):
imgs_dir = args.imgs_dir
input_benign_dir = os.path.join(args.data_dir, imgs_dir, "benign")
input_adv_dir = os.path.join(args.data_dir, imgs_dir, "adv")
input_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type)
input_adv_squz_dir = os.path.join(args.data_dir, imgs_dir,
args.squeeze_type + '_adv')
output_benign_dir = os.path.join(args.data_dir, imgs_dir, "results_benign")
output_adv_dir = os.path.join(args.data_dir, imgs_dir, "results_adv")
output_squz_dir = os.path.join(args.data_dir, imgs_dir,
'results_' + args.squeeze_type)
output_adv_squz_dir = os.path.join(args.data_dir, imgs_dir,
'results_' + args.squeeze_type + '_adv')
for check_dir in [
output_benign_dir, output_adv_dir, output_squz_dir,
output_adv_squz_dir
]:
if os.path.exists(check_dir):
shutil.rmtree(check_dir)
os.mkdir(check_dir)
image_name_list = os.listdir(input_adv_dir)
kmodel = YOLOv3()
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
for _, image_name in enumerate(tqdm(image_name_list)):
image_name_noext = os.path.splitext(image_name)[0]
temp_img_path_benign = os.path.join(input_benign_dir, image_name)
temp_img_path_squz = os.path.join(input_squz_dir, image_name)
temp_img_path_adv = os.path.join(input_adv_dir, image_name)
temp_img_path_adv_squz = os.path.join(input_adv_squz_dir, image_name)
try:
print(temp_img_path_benign)
image_benign = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_benign,
absolute_path=True)
image_benign_squz = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_squz,
absolute_path=True)
image_adv = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_adv,
absolute_path=True)
image_adv_squz = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_adv_squz,
absolute_path=True)
except:
print('loading images error.')
continue
try:
output_benign = model.predictions(image_benign)
output_adv = model.predictions(image_adv)
output_benign_squz = model.predictions(image_benign_squz)
output_adv_squz = model.predictions(image_adv_squz)
with open(
os.path.join(output_benign_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL)
with open(os.path.join(output_adv_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL)
with open(os.path.join(output_squz_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_benign_squz,
f,
protocol=pickle.HIGHEST_PROTOCOL)
with open(
os.path.join(output_adv_squz_dir,
image_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv_squz,
f,
protocol=pickle.HIGHEST_PROTOCOL)
# draw = draw_letterbox(image_benign, output_benign, (416, 416), model.class_names())
# draw.save('./temp/{0}_benign.png'.format(image_name_noext))
# draw = draw_letterbox(image_adv, output_adv, (416, 416), model.class_names())
# draw.save('./temp/{0}_adv.png'.format(image_name_noext))
# draw = draw_letterbox(image_benign_squz, output_benign_squz, (416, 416), model.class_names())
# draw.save('./temp/{0}_benign_squz.png'.format(image_name_noext))
# draw = draw_letterbox(image_adv_squz, output_adv_squz, (416, 416), model.class_names())
# draw.save('./temp/{0}_adv_squz.png'.format(image_name_noext))
except:
print(image_name, ' generating error.')
continue
from perceptron.zoo.ssd_300.keras_ssd300 import SSD300
from perceptron.models.detection.keras_ssd300 import KerasSSD300Model
from perceptron.utils.image import load_image
from perceptron.benchmarks.brightness import BrightnessMetric
from perceptron.utils.criteria.detection import TargetClassMiss
from perceptron.utils.tools import bcolors
from perceptron.utils.tools import plot_image_objectdetection
# instantiate the model from keras applications
ssd300 = SSD300()
# initialize the KerasResNet50RetinaNetModel
kmodel = KerasSSD300Model(ssd300, bounds=(0, 255))
# get source image and label
# the model expects values in [0, 1], and channles_last
image = load_image(shape=(300, 300), bounds=(0, 255), fname='car.png')
metric = BrightnessMetric(kmodel, criterion=TargetClassMiss(7))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
keywords = ['Keras', 'SSD300', 'TargetClassMiss', 'BrightnessMetric']
""" Test case for PyTorch"""
from perceptron.models.detection.pytorch_mask_rcnn import PyTorchMaskRCNNModel
from perceptron.utils.image import load_image
from perceptron.benchmarks.brightness import BrightnessMetric
from perceptron.utils.criteria.detection import TargetClassMiss
from perceptron.utils.tools import bcolors
from perceptron.utils.tools import plot_image_objectdetection
pmodel = PyTorchMaskRCNNModel(bounds=(0, 255))
# get source image and label
# the model expects values in [0, 1], and channles_last
image = load_image(shape=(416, 416),
bounds=(0, 255),
fname='car.png',
data_format='channels_last')
metric = BrightnessMetric(pmodel, criterion=TargetClassMiss(2))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
""" Test case for Keras """
from perceptron.models.detection.keras_retina_resnet50 import KerasResNet50RetinaNetModel
from perceptron.utils.image import load_image
from perceptron.benchmarks.brightness import BrightnessMetric
from perceptron.utils.criteria.detection import TargetClassMiss
from perceptron.utils.tools import bcolors
from perceptron.utils.tools import plot_image_objectdetection
# initialize the KerasResNet50RetinaNetModel
kmodel = KerasResNet50RetinaNetModel(bounds=(0, 255))
# get source image and label
# the model expects values in [0, 1], and channles_last
image = load_image(shape=(416, 416), bounds=(0, 255), fname='car.png')
metric = BrightnessMetric(kmodel, criterion=TargetClassMiss(2))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)
################### print summary info #####################################
keywords = ['Keras', 'RetinaResnet50', 'TargetClassMiss', 'BrightnessMetric']