def backend_untargeted_tabular(attack, iris_dataset, clipped): (_, _), (x_test_iris, y_test_iris) = iris_dataset x_test_adv = attack.generate(x_test_iris) # TODO remove that platform specific case # if framework in ["scikitlearn"]: # np.testing.assert_array_almost_equal(np.abs(x_test_adv - x_test_iris), .1, decimal=5) check_adverse_example_x(x_test_adv, x_test_iris) # utils_test.check_adverse_example_x(x_test_adv, x_test_iris, bounded=clipped) y_pred_test_adv = np.argmax(attack.estimator.predict(x_test_adv), axis=1) y_test_true = np.argmax(y_test_iris, axis=1) # assert (y_test_true == y_pred_test_adv).any(), "An untargeted attack should have changed SOME predictions" assert (bool((y_test_true == y_pred_test_adv).all()) is False ), "An untargeted attack should NOT have changed all predictions" accuracy = np.sum(y_pred_test_adv == y_test_true) / y_test_true.shape[0] logger.info( "Accuracy of " + attack.estimator.__class__.__name__ + " on Iris with FGM adversarial examples: " "%.2f%%", (accuracy * 100), )
def back_end_untargeted_images(attack, fix_get_mnist_subset, fix_mlFramework): (x_train_mnist, y_train_mnist, x_test_mnist, y_test_mnist) = fix_get_mnist_subset x_test_adv = attack.generate(x_test_mnist) check_adverse_example_x(x_test_adv, x_test_mnist) y_pred = np.argmax(attack.classifier.predict(x_test_mnist), axis=1) y_pred_adv = np.argmax(attack.classifier.predict(x_test_adv), axis=1) assert (y_pred != y_pred_adv).any() if fix_mlFramework in ["keras"]: k.clear_session()
def backend_targeted_tabular(attack, fix_get_iris): (x_train_iris, y_train_iris), (x_test_iris, y_test_iris) = fix_get_iris targets = random_targets(y_test_iris, nb_classes=3) x_test_adv = attack.generate(x_test_iris, **{"y": targets}) check_adverse_example_x(x_test_adv, x_test_iris) y_pred_adv = np.argmax(attack.classifier.predict(x_test_adv), axis=1) target = np.argmax(targets, axis=1) assert (target == y_pred_adv).any() accuracy = np.sum(y_pred_adv == target) / y_test_iris.shape[0] logger.info("Success rate of targeted boundary on Iris: %.2f%%", (accuracy * 100))
def backend_test_defended_images(attack, mnist_dataset): (x_train_mnist, y_train_mnist, x_test_mnist, y_test_mnist) = mnist_dataset x_train_adv = attack.generate(x_train_mnist) check_adverse_example_x(x_train_adv, x_train_mnist) y_train_pred_adv = get_labels_np_array(attack.classifier.predict(x_train_adv)) y_train_labels = get_labels_np_array(y_train_mnist) check_adverse_predicted_sample_y(y_train_pred_adv, y_train_labels) x_test_adv = attack.generate(x_test_mnist) check_adverse_example_x(x_test_adv, x_test_mnist) y_test_pred_adv = get_labels_np_array(attack.classifier.predict(x_test_adv)) check_adverse_predicted_sample_y(y_test_pred_adv, y_test_mnist)
def backend_targeted_images(attack, fix_get_mnist_subset): (x_train_mnist, y_train_mnist, x_test_mnist, y_test_mnist) = fix_get_mnist_subset targets = random_targets(y_test_mnist, attack.classifier.nb_classes()) x_test_adv = attack.generate(x_test_mnist, y=targets) assert bool((x_test_mnist == x_test_adv).all()) is False y_test_pred_adv = get_labels_np_array(attack.classifier.predict(x_test_adv)) assert targets.shape == y_test_pred_adv.shape assert (targets == y_test_pred_adv).sum() >= (x_test_mnist.shape[0] // 2) check_adverse_example_x(x_test_adv, x_test_mnist) y_pred_adv = np.argmax(attack.classifier.predict(x_test_adv), axis=1) target = np.argmax(targets, axis=1) assert (target == y_pred_adv).any()