def gen_adv():
mse = 0
adv_acc = 0
original_files = get_original_file(input_dir + val_list)
#init_files = get_init_file(init_dir+'init_list.txt')
for idx, (filename,
label) in enumerate(original_files[args.start:args.end]):
img_path = input_dir + filename
#init_path = init_dir + init_files[idx][0] + '.jpg'
image_name, image_ext = filename.split('.')
if image_name in area_rank[:40]:
SPARSE_PER = 99
if image_name in area_rank[40:80]:
SPARSE_PER = 97
if image_name in area_rank[80:]:
SPARSE_PER = 95
#bboxes = get_bbox('mask/'+image_name+'.xml')
bboxes = None
if verbose:
print("Image: {0} ".format(img_path))
img = process_img(img_path)
#init = process_img(init_path) * 0.01
init = None
adv_img, adv_label = attack_by_MPGD(img, label, bboxes, SPARSE_PER,
init)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
mse += score if label != adv_label else 128
adv_acc += 1 if label == adv_label else 0
if label == adv_label:
print("model: ", i, "\timage: ", filename, label)
print("ADV {} files, AVG MSE: {}, ADV_ACC: {} ".\
format(len(original_files), mse/len(original_files),adv_acc))
def _worker(self, i):
train_index, valid_index = self._index_list[i]
train_dsl, valid_dsl = self._train_csv_dsl.split_by_index(
train_index, valid_index)
X_train_cv = train_dsl.get_feature().values
y_train_cv = train_dsl.get_label().values
X_valid_cv = valid_dsl.get_feature().values
y_valid_cv = valid_dsl.get_label().values
model = self._fit_model_fn(i, X_train_cv, y_train_cv)
loss = calc_mse(
y_true=y_valid_cv,
y_pred=model.predict(X_valid_cv),
)
score = score_this_game(
y_true=valid_dsl.reverse_total_price(y_valid_cv),
y_pred=valid_dsl.reverse_total_price(model.predict(X_valid_cv)),
)
print(score, loss)
pred = model.predict(self._all_feature[valid_index])
if len(pred.shape) == 2:
assert pred.shape[1] == 1
pred.shape = (pred.shape[0], )
return score, loss, valid_index, pred
def gen_adv():
mse = 0
original_files = get_original_file(input_dir + val_list)
#下一个图片的初始梯度方向为上一代的最后的值
global momentum
momentum = 0
for filename, label in original_files:
img_path = input_dir + filename
print("Image: {0} ".format(img_path))
img = process_img(img_path)
#adv_img = attack_nontarget_by_ensemble(img, label,origdict[label],label)
adv_img, m = attack_nontarget_by_ensemble(img, label, origdict[label],
label, momentum)
#m为上一个样本最后一次梯度值
momentum = m
#adv_img 已经经过转换了,范围是0-255
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
print("Image:{0}, mase = {1} ".format(img_path, score))
mse += score
print("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
def gen_adv():
mse = 0
original_files = get_original_file(input_dir + val_list)
num = 1
cout = 0
print("the model is {}".format(model_name))
for filename, label in original_files:
img_path = input_dir + filename
print("Image: {0} ".format(img_path))
img = process_img(img_path)
#print(img.shape)
result = exe.run(eval_program,
fetch_list=[out],
feed={input_layer.name: img})
result = result[0][0]
o_label = np.argsort(result)[::-1][:1][0]
print("原始标签为{0}".format(o_label))
if o_label == int(label):
adv_img = attack_nontarget_by_FGSM(img, label)
#adv_img = attack_nontarget_by_PGD(img, label)
else:
print("{0}个样本已为对抗样本, name为{1}".format(num, filename))
img = tensor2img(img)
#print(img.shape)
image_name, image_ext = filename.split('.')
save_adv_image(img, output_dir + image_name + '.png')
num += 1
cout += 1
continue
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
mse += score
num += 1
print("成功attack的有 {}".format(120 - cout))
print("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
def gen_adv():
mse = 0
original_files = get_original_file(input_dir + val_list)
for filename, gt_label in original_files:
img_path = input_dir + filename
img = process_img(img_path)
image_name, image_ext = filename.split('.')
adv_img = attack_driver(img, gt_label, filename)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
print(score)
mse += score
print("ADV {} files, AVG MSE: {} ".format(len(original_files), mse / len(original_files)))
def gen_adv():
mse = 0
original_files = get_original_file('input_image/' + val_list)
for filename, label in original_files:
img_path = input_dir + filename.split('.')[0] + '.png'
print("Image: {0} ".format(img_path))
img = process_img(img_path)
adv_img = attack_nontarget_by_SINIFGSM(img, label)
image_name, image_ext = filename.split('.')
# Save adversarial image(.png)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
mse += score
print("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
def gen_adv():
mse = 0
original_files = get_original_file(input_dir + val_list)
for filename, label in original_files:
img_path1 = input_dir + filename
img_path2 = output_dir + filename.split('.')[0] + '.png'
print("Image: {0} ".format(img_path1))
img1=process_img(img_path1)
img2=process_img(img_path2)
img1 = tensor2img(img1)
img2 = tensor2img(img2)
score = calc_mse(img1, img2)
mse += score
print("ADV {} files, AVG MSE: {} ".format(len(original_files), mse/len(original_files)))
def gen_adv():
mse = 0
original_files = get_original_file('./input_image/' + val_list)
target_label_list = [
76, 18, 104, 36, 72, 72, 47, 92, 113, 5, 84, 74, 82, 34, 42, 84, 70,
98, 29, 87, 104, 94, 103, 61, 21, 83, 108, 104, 26, 112, 84, 107, 104,
45, 72, 19, 72, 75, 55, 104, 54, 104, 72, 74, 91, 25, 68, 107, 91, 41,
116, 21, 104, 56, 102, 51, 46, 87, 113, 19, 113, 85, 24, 93, 110, 102,
24, 84, 27, 38, 48, 43, 10, 32, 68, 87, 54, 12, 84, 29, 3, 13, 26, 2,
3, 106, 105, 34, 118, 66, 19, 74, 63, 42, 9, 113, 21, 6, 40, 40, 21,
104, 86, 23, 40, 12, 37, 20, 40, 12, 79, 15, 9, 48, 74, 51, 91, 79, 46,
80
]
# hard examples need use targeted attack
for filename, label in original_files[args.start_idx:args.end_idx]:
img_path = input_dir + filename.split('.')[0] + args.subfix
print("Image: {0} ".format(img_path))
img = process_img(img_path)
target = target_label_list[label - 1]
if IsTarget:
print('target class', target)
adv_img = attack_nontarget_by_FGSM(img, label, target)
# adv_img = attack_nontarget_by_FGSM(img, label)
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
save_adv_image(adv_img, output_dir + image_name + '.png')
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
mse += score
print('MSE %.2f' % (score))
sys.stdout.flush()
print("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
def align_image(original_path, scanned_path, output_path):
if os.path.exists(output_path):
return
# Read reference image
print("Reading reference image : ", original_path)
imReference = cv2.imread(original_path, cv2.IMREAD_COLOR)
# Read image to be aligned
# print("Reading image to align : ", scanned_path);
im = cv2.imread(scanned_path, cv2.IMREAD_COLOR)
# print("Aligning images ...")
# Registered image will be resotred in imReg.
# The estimated homography will be stored in h.
imReg, h = alignImages(im, imReference)
if len(imReg) == 0:
print("Failed alignment for {}".format(scanned_path))
return (1, None)
ssim = float(
tf.image.ssim(tf.convert_to_tensor(imReference),
tf.convert_to_tensor(imReg), 1.0))
print('Ssim for image {} is {}'.format(output_path, ssim))
mse = calc_mse(imReference, imReg)
# Write aligned image to disk.
# print("Saving aligned image : ", output_path);
if ssim > 0.1: # if ssim < some threshold then image was not properly aligned
cv2.imwrite(
output_path.split('.')[0] + '_' + str(mse) + '_' + str(ssim) +
'_' + '.' + output_path.split('.')[1], imReg)
return (0, ssim, mse)
else:
print('Bad alignment of image {}'.format(output_path))
return (2, ssim)
def gen_adv():
mse = 0
num = 1
original_files = get_original_file(input_dir + val_list)
f = open('log.txt', 'w') # log
for filename, label in original_files:
img_path = input_dir + filename
print("Image: {0} ".format(img_path))
img = process_img(img_path)
Res_result, Inception_result, Mob_result = exe.run(
double_eval_program,
fetch_list=[Res_out, Inception_out, Mob_out],
feed={input_layer.name: img})
Res_result = Res_result[0]
Inception_result = Inception_result[0]
Mob_result = Mob_result[0]
r_o_label = np.argsort(Res_result)[::-1][:1][0]
i_o_label = np.argsort(Inception_result)[::-1][:1][0]
m_o_label = np.argsort(Mob_result)[::-1][:1][0]
pred_label = [r_o_label, i_o_label, m_o_label]
print("原始标签为{0}".format(label))
print("Res result: %d, Inception result: %d, Mobile result: %d" %
(r_o_label, i_o_label, m_o_label))
f.write("原始标签为{0}\n".format(label))
f.write("Res result: %d, Inception result: %d, Mobile result: %d\n" %
(r_o_label, i_o_label, m_o_label))
if r_o_label == int(label) and i_o_label == int(
label) and m_o_label == int(label):
global Res_ratio, Incep_ratio, Mob_ratio
Res_ratio = 30.0 / 43.0
Incep_ratio = 10.0 / 43.0
Mob_ratio = 3.0 / 43.0
adv_img = attack_nontarget_by_PGD(
double_adv_program,
img,
pred_label,
label,
out=[Res_out, Inception_out, Mob_out])
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
#image_name += "MSE_{}".format(score)
save_adv_image(adv_img, output_dir + image_name + '.png')
mse += score
elif r_o_label == int(label) and m_o_label == int(
label): # Inception 预测错误
print("filename:{}, Inception failed!".format(filename))
Res_ratio = 0.9
Incep_ratio = 0
Mob_ratio = 0.1
adv_img = attack_nontarget_by_PGD(double_adv_program,
img, [r_o_label, 0, m_o_label],
label,
out=[Res_out, Mob_out])
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
#image_name += "MSE_{}".format(score)
save_adv_image(adv_img, output_dir + image_name + '.png')
mse += score
elif r_o_label == int(label) and i_o_label == int(
label): # Mobile 预测错误
print("filename:{}, Mobile failed!".format(filename))
Res_ratio = 0.75
Incep_ratio = 0.25
Mob_ratio = 0
adv_img = attack_nontarget_by_PGD(double_adv_program,
img, [r_o_label, i_o_label, 0],
label,
out=[Res_out, Inception_out])
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
# image_name += "MSE_{}".format(score)
save_adv_image(adv_img, output_dir + image_name + '.png')
mse += score
elif r_o_label == int(label): # Mobile, Inception 预测错误
print("filename:{}, Mobile failed!, Inception failed!".format(
filename))
Res_ratio = 1.0
Incep_ratio = 0.0
Mob_ratio = 0.0
adv_img = attack_nontarget_by_PGD(double_adv_program,
img, [r_o_label, 0, 0],
label,
out=[Res_out])
image_name, image_ext = filename.split('.')
##Save adversarial image(.png)
org_img = tensor2img(img)
score = calc_mse(org_img, adv_img)
# image_name += "MSE_{}".format(score)
save_adv_image(adv_img, output_dir + image_name + '.png')
mse += score
else:
print("{0}个样本已为对抗样本, name为{1}".format(num, filename))
score = 0
f.write("{0}个样本已为对抗样本, name为{1}\n".format(num, filename))
img = tensor2img(img)
image_name, image_ext = filename.split('.')
#image_name += "_un_adv_"
save_adv_image(img, output_dir + image_name + '.png')
print("this rext network weight is {0}".format(Res_ratio))
num += 1
print("the image's mse is {}".format(score))
# break
print("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
#print("ADV {} files, AVG MSE: {} ".format(len(original_files - num), mse / len(original_files - num)))
f.write("ADV {} files, AVG MSE: {} ".format(len(original_files),
mse / len(original_files)))
f.close()
import time
import matplotlib.pyplot as plt
if __name__ == '__main__':
text_feature_num = 160
is_add_features = 'Y' # Change between Y or N to test
is_no_text = 'N' # change between Y or N, Y means no text words feature added
[train_x, train_y, validate_x, validate_y, test_x, test_y] = data_prep(text_feature_num, is_add_features, is_no_text)
cf_start = time.time()
cf_w = cf_train(train_x, train_y)
cf_end = time.time()
cf_t = cf_end - cf_start
cf_train_mse = calc_mse(cf_w, train_x, train_y)
cf_validate_mse = calc_mse(cf_w, validate_x, validate_y)
#cf_test_mse = calc_mse(cf_w, test_x, test_y)
#theta is learning rate, beta is beta, th is criteria epsilon
theta, beta, th = 5e-6, 1e-3, 1e-4
#w0 = np.random.rand(train_x.shape[1], 1)
w0 = np.zeros((train_x.shape[1], 1))
gd_start = time.time()
gd_w, hist_gd_mse = gd_train(train_x, train_y, validate_x, validate_y, theta, beta, th, w0)
gd_end = time.time()
gd_t = gd_end - gd_start
gd_train_mse = calc_mse(gd_w, train_x, train_y)
gd_validate_mse = calc_mse(gd_w, validate_x, validate_y)
#gd_test_mse = calc_mse(gd_w, test_x, test_y)
def gen_adv():
print('gen adv')
mse = 0
adv_files = get_original_file(input_dir + val_list)
print("read original files", len(adv_files))
target_label_list = [
76, 18, 104, 36, 72, 72, 47, 92, 113, 5, 84, 74, 82, 34, 42, 84, 70,
98, 29, 87, 104, 94, 103, 61, 21, 83, 108, 104, 26, 112, 84, 107, 104,
45, 72, 19, 72, 75, 55, 104, 54, 104, 72, 74, 91, 25, 68, 107, 91, 41,
116, 21, 104, 56, 102, 51, 46, 87, 113, 19, 113, 85, 24, 93, 110, 102,
24, 84, 27, 38, 48, 43, 10, 32, 68, 87, 54, 12, 84, 29, 3, 13, 26, 2,
3, 106, 105, 34, 118, 66, 19, 74, 63, 42, 9, 113, 21, 6, 40, 40, 21,
104, 86, 23, 40, 12, 37, 20, 40, 12, 79, 15, 9, 48, 74, 51, 91, 79, 46,
80
]
least_list = []
counter = 0
unt_counter = 0
# 记录logits
logits_list = []
mse_list = []
# 记录max和second logit的差值
logits_diff = []
count = 0
for filename, label in tqdm(adv_files):
if args.output == 'input_image/':
img_path = output_dir + filename.split('.')[0] + '.jpg'
else:
img_path = output_dir + filename.split('.')[0] + '.png'
# print("Image: {0} ".format(img_path))
# !ssize.empty() in function 'resize'
img = process_img(img_path)
# print('Image range', np.min(img), np.max(img))
pred_label, pred_score, least_class = inference(img)
logits = inference_logits(img)
# print(logits)
return_logits = np.sort(logits)[::-1]
logits_list.append(return_logits)
# logits_diff.append(return_logits[0] - return_logits[1])
logits_diff.append(return_logits[0] - logits[label])
# print("Test-score: {0}, class {1}".format(pred_score, pred_label))
# if pred_label == target_label_list[label - 1]:
# counter += 1
if pred_label != label:
# print("Failed target image: {0} ".format(img_path))
unt_counter += 1
else:
# print("Serious!!!Failed untarget image: {0} ".format(img_path))
pass
least_list.append(least_class)
# adv_img = attack_nontarget_by_FGSM(img, label)
# image_name, image_ext = filename.split('.')
## Save adversarial image(.png)
# save_adv_image(adv_img, output_dir + image_name + '.png')
## check MSE
# org_img = tensor2img(img)
org_filename = filename.split('.')[0] + '.jpg'
org_img_path = input_dir + org_filename
org_img = process_img(org_img_path)
score = calc_mse(tensor2img(org_img), tensor2img(img))
mse_list.append(score)
mse += score
count += 1
# print('Least likely list', least_list)
# print('logits', logits_list)
print('logits diff: ')
for i, logit in enumerate(logits_diff):
if logit < 0.001:
print('id: %d, mse: %.10f, diff logits: %.2f, ******************' %
(i + 1, mse_list[i], logit))
else:
print('id: %d, mse: %.10f, diff logits: %.2f' %
(i + 1, mse_list[i], logit))
print('logits diff', np.mean(logits_diff))
print('The LL success number is', counter)
print('The untargeted success number is', unt_counter)
print("AVG MSE: {} ", mse / count)
def fun(x):
x = np.exp(x) / np.sum(np.exp(x))
pred = np.sum(meta_feature * x, axis=-1)
mse = calc_mse(y_train_csv, pred)
return mse
