Exemple #1
0
def pick_pert(sub_dirs, image_names, pert, f):
    """
    利用计算好的干扰筛选训练集,
    成功与失败的样本的文件名分别保存到.txt文件中.
    Args:
        sub_dirs: 保存有数据集根目录下所有文件夹完整路径的list
        image_names: 保存有每个dir下所有图片的名称
        pert: 预计算的干扰值
        f: 前馈函数
    """
    for i in range(len(sub_dirs)):
        dir_name = os.path.basename(sub_dirs[i])
        succ_path = os.path.join('data/pick_pert', (str(dir_name) + '.txt'))
        fail_path = os.path.join('data/pick_pert',
                                 (str(dir_name) + '_fail.txt'))

        if os.path.isfile(succ_path):
            # os.remove(succ_path)
            continue
        elif os.path.isfile(fail_path):
            # os.remove(fail_path)
            continue

        perted_name = []
        fail_name = []
        cnt = 0

        prefix_path = sub_dirs[i]
        total_cnt = len(image_names[i])
        for j in range(total_cnt):
            img_path = os.path.join(prefix_path, image_names[i][j])
            image_original = read_n_preprocess(
                img_path)  # return a array of dimension 4
            # 计算裁剪后的干扰量,重新生成对抗样本
            clipped_v = np.clip(
                undo_image_avg(image_original[0, :, :, :] + pert[0, :, :, :]),
                0, 255) - np.clip(undo_image_avg(image_original[0, :, :, :]),
                                  0, 255)
            image_perturbed = image_original + clipped_v[None, :, :, :]

            # 筛选干扰成功和失败的文件名
            # 文件名的格式为:【文件名】 + 【模型预测值】
            perted_pred = int(np.argmax(
                np.array(f(image_perturbed)).flatten()))
            if int(np.argmax(np.array(
                    f(image_original)).flatten())) != perted_pred:
                perted_name.append(image_names[i][j] + '-' + str(perted_pred))

                cnt += 1
            else:
                fail_name.append(image_names[i][j] + '-' + str(perted_pred))
        # 保存文件名和对应的label数据为.txt文件
        save_pert(data_list=[perted_name, fail_name],
                  dest_path_list=[succ_path, fail_path])

        print('|++++++++++++++++++++++++++++++++++++++++++++++++++++')
        print('|++PICK PERT: Folder %s is processed successfully!!' %
              str(dir_name))
        print('|++Success Num: %d @ Fail Num: %d' % (cnt, (total_cnt - cnt)))
def pick_test_pert(sub_dirs, image_names, pert, f):
    """利用计算好的干扰筛选测试集,验证集
    """
    for i in range(len(sub_dirs)):        
        dir_name = os.path.basename(sub_dirs[i]) # 'test' or 'vali'
        pert_path = os.path.join('data/pick_pert', dir_name)

        if not os.path.exists(pert_path):
            os.makedirs(pert_path)

        perted_file = []
        cnt = 0 # 干扰成功样本计数
        prefix_path = sub_dirs[i]
        # 测试集,验证集各取一半(50000,25000)
        if dir_name == 'test':
            limit_cnt = 50000
        else:
            limit_cnt = 25000
        total_cnt = min(len(image_names[i]), limit_cnt) # 需要挑选的样本数(test 50000,vali 25000)
        num_per_class = int(total_cnt / 1000) # 1000个类别平均划分的测试/验证样本数
        orin_file = np.zeros((1000, num_per_class+1), dtype=np.int) # 记录干扰成功样本的真实label

        for j in range(len(image_names[i])):
            img_path = os.path.join(prefix_path, image_names[i][j])

            image_original = read_n_preprocess(img_path) # return a array of dimension 4 
            # 计算裁剪后的干扰量,重新生成对抗样本
            clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:] + pert[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255)
            image_perturbed = image_original + clipped_v[None, :, :, :]

            # 筛选干扰成功和失败的文件名
            # 文件名的格式为:【文件名】 + 【模型预测值】
            perted_pred = int(np.argmax(np.array(f(image_perturbed)).flatten()))
            orin_pred = int(np.argmax(np.array(f(image_original)).flatten()))
            if orin_pred != perted_pred:
                perted_file.append(image_names[i][j] + '-' + str(perted_pred))

                cnt += 1
                # 顺便计算bottleneck值,避免重复计算
                orin_file[int((cnt-1)/num_per_class)][(cnt-1)%num_per_class+1] = orin_pred
                if cnt % num_per_class == 0:
                    # 填充真实label,每行结束时写入该行有效label数量
                    orin_file[int((cnt-1)/num_per_class)][0] = num_per_class
                if cnt >= total_cnt:
                    break
        orin_file[int((cnt-1)/num_per_class)][0] = (cnt-1) % num_per_class +1
        # 保存干扰成功样本的original label
        np.save(os.path.join('data/ground_truth', 'orin_%s.npy' % dir_name), orin_file)
        
        # 以num_per_class个样本为单位生成pick pert文件
        for i in range(math.ceil(cnt/num_per_class)):
            start = i * num_per_class
            end = min((i+1)*num_per_class, cnt)
            dest_path = os.path.join(pert_path, '%s_%d.txt' % (dir_name, i))
            # 保存文件名和对应的label数据为.txt文件
            save_pert(data_list=[perted_file[start : end]], dest_path_list=[dest_path])

        print('|++++++++++++++++++++++++++++++++++++++++++++++++++++')
        print('|++PICK PERT: Folder %s is processed successfully!!' % str(dir_name))
        print('|++Success Num: %d' % cnt)
Exemple #3
0
        # import matplotlib
        # noise = pre_v/255.0
        # matplotlib.image.imsave('noise.png', noise.reshape(224,224,3))

        X = np.load(os.path.join('data', npy_data))
        target_fooling_rate = target_fooling_rate_calc(v=pre_v,
                                                       dataset=X,
                                                       f=f,
                                                       target=target)
        print("")
        print('TARGET FOOLING RATE = ', target_fooling_rate)

        # Show original and perturbed image
        plt.figure()
        plt.subplot(1, 2, 1)
        plt.imshow(undo_image_avg(
            image_original[0, :, :, :]).astype(dtype='uint8'),
                   interpolation=None)
        plt.title(str_label_original)

        # plt.subplot(1, 2, 2)
        # plt.imshow(undo_image_avg(image_perturbed[0, :, :, :]).astype(dtype='uint8'), interpolation=None)
        # plt.title(str_label_perturbed)

        str_label_ = img2str(f=f, img=pre_v.reshape(224, 224, 3))
        plt.subplot(1, 2, 2)
        plt.imshow(undo_image_avg(pre_v.reshape(224, 224,
                                                3)).astype(dtype='uint8'),
                   interpolation=None)
        plt.title(str_label_)

        plt.show()
Exemple #4
0
        else:
            print ">> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation
            v = np.load(file_perturbation)

        print ">> Testing the universal perturbation on an image"

        # Test the perturbation on the image
        labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n')

        image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb")
        label_original = np.argmax(f(image_original), axis=1).flatten()
        str_label_original = labels[np.int(label_original)-1].split(',')[0]

        # Clip the perturbation to make sure images fit in uint8
        clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:]+v[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255)

        image_perturbed = image_original + clipped_v[None, :, :, :]
        label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten()
        str_label_perturbed = labels[np.int(label_perturbed)-1].split(',')[0]

        # Show original and perturbed image
        plt.figure()
        plt.subplot(1, 2, 1)
        plt.imshow(undo_image_avg(image_original[0, :, :, :]).astype(dtype='uint8'), interpolation=None)
        plt.title(str_label_original)

        plt.subplot(1, 2, 2)
        plt.imshow(undo_image_avg(image_perturbed[0, :, :, :]).astype(dtype='uint8'), interpolation=None)
        plt.title(str_label_perturbed)
Exemple #5
0
        print('>> Testing the universal perturbation on an image')

        # Test the perturbation on the image
        labels = open(os.path.join('data', 'labels.txt'),
                      'r').read().split('\n')

        image_original = preprocess_image_batch([path_test_image],
                                                img_size=(256, 256),
                                                crop_size=(224, 224),
                                                color_mode="rgb")
        label_original = np.argmax(f(image_original), axis=1).flatten()
        str_label_original = labels[np.int(label_original) - 1].split(',')[0]

        # Clip the perturbation to make sure images fit in uint8
        clipped_v = np.clip(
            undo_image_avg(image_original[0, :, :, :] + v[0, :, :, :]), 0,
            255) - np.clip(undo_image_avg(image_original[0, :, :, :]), 0, 255)

        image_perturbed = image_original + clipped_v[None, :, :, :]
        label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten()
        str_label_perturbed = labels[np.int(label_perturbed) - 1].split(',')[0]

        # Show original and perturbed image
        fig = plt.figure()
        plt.subplot(1, 2, 1)
        plt.imshow(undo_image_avg(
            image_original[0, :, :, :]).astype(dtype='uint8'),
                   interpolation=None)
        plt.title(str_label_original)

        plt.subplot(1, 2, 2)
Exemple #6
0
            print(' >> has {} images'.format(image_original.shape[0]))

            list_out = []
            names_images = os.listdir(path)

            for x in range(image_original.shape[0]):
                img_original = np.reshape(image_original[x, :, :, :], [
                    -1, image_original.shape[1], image_original.shape[2],
                    image_original.shape[3]
                ])
                image_averaged = avg(img_original, k=ka)
                image_gaus = do_gaus_conv(img_original, kg)

                # Clip the perturbation to make sure images fit in uint8
                clipped_v = np.clip(
                    undo_image_avg(img_original[0, :, :, :] + v[0, :, :, :]),
                    0, 255) - np.clip(undo_image_avg(img_original[0, :, :, :]),
                                      0, 255)

                image_perturbed = img_original + clipped_v[None, :, :, :]
                image_averaged_pert = avg(image_perturbed.astype('float32'),
                                          ka)
                image_gaus_pert = do_gaus_conv(
                    image_perturbed.astype('float32'), size=kg)

                label_original = np.argmax(f(img_original), axis=1).flatten()
                str_label_original = labels[np.int(label_original) -
                                            1].split(',')[0]

                label_perturbed = np.argmax(f(image_perturbed),
                                            axis=1).flatten()
Exemple #7
0
        else:
            print('>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation')
            v = np.load(file_perturbation)

        print('>> Testing the universal perturbation on an image')

        # Test the perturbation on the image
        labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n')

        image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb")
        label_original = np.argmax(f(image_original), axis=1).flatten()
        str_label_original = labels[np.int(label_original)-1].split(',')[0]


        image_ROF_5 = denoise_wavelet(undo_image_avg(image_original[0,:,:,:]).astype(dtype='uint8')/255, multichannel=True)
        label_ROF_5 = np.argmax(f(image_ROF_5), axis=1).flatten()
        str_label_ROF_5 = labels[np.int(label_ROF_5)-1].split(',')[0]
        
        image_ROF = denoise_tv_chambolle(image_original, weight=10, multichannel=True)
        label_ROF = np.argmax(f(image_ROF), axis=1).flatten()
        str_label_ROF = labels[np.int(label_ROF)-1].split(',')[0]

        image_ROF_20 = denoise_tv_chambolle(image_original, weight=20, multichannel=True)
        label_ROF_20 = np.argmax(f(image_ROF_20), axis=1).flatten()
        str_label_ROF_20 = labels[np.int(label_ROF_20)-1].split(',')[0]               
        # Clip the perturbation to make sure images fit in uint8
        clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:]+v[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255)

        image_perturbed = image_original + clipped_v[None, :, :, :]
        label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten()