def attack(): x_train, x_test, y_train, y_test = load_data('cifar10', 2) min_pixel_value = x_train.min() max_pixel_value = x_train.max() print('min_pixel_value ', min_pixel_value) print('max_pixel_value ', max_pixel_value) s = time.time() # model = BNN(['../binary/checkpoints/cifar10_mlpbnn_approx_%d.h5' % (i) for i in range(100)]) model = BNN([ '../binary/checkpoints/cifar10_mlpbnn_approx_ep004_%d.h5' % (i) for i in range(100) ]) pred_y = model.predict(x_test) print('pred_y: ', pred_y) np.savetxt('pred_y', pred_y) np.savetxt('y_test', y_test) print('pred_y[0], pred_y[288], pred_y[888], pred_y[1990], y[-1]', pred_y[0], pred_y[288], pred_y[888], pred_y[1990], y[-1]) print('Accuracy: ', accuracy_score(y_true=y_test, y_pred=pred_y)) # Create a model wrapper predictWrapper = modelWrapper(model) classifier = BlackBoxClassifier(predict=predictWrapper.predict_one_hot, input_shape=(32 * 32 * 3, ), nb_classes=2, clip_values=(min_pixel_value, max_pixel_value)) print('----- generate adv data -----') attack = BoundaryAttack(estimator=classifier, targeted=False, delta=0.01, epsilon=0.01, max_iter=100, num_trial=100, sample_size=100, init_size=100) print('----- generate adv test data -----') x_test = x_test[288] # Input data shape should be 2D x_test = x_test.reshape((-1, 32 * 32 * 3)) x_test_adv = attack.generate(x=x_test) print('x_test ', x_test) print('x_test_adv ', x_test_adv) dist2 = utils.computeDist2(x_test, x_test_adv) print('test data dist2: ', dist2) distInf = utils.computeDistInf(x_test, x_test_adv) print('test data distInf: ', distInf) print('Cost time: ', time.time() - s)
def adv_gen(attack, orginal_data, datatype): adv_data = attack.generate(x=orginal_data) print('x ', orginal_data) print('x_adv ', adv_data) dist2 = utils.computeDist2(orginal_data, adv_data) print('test data dist2: ', dist2) distInf = utils.computeDistInf(orginal_data, adv_data) print('test data distInf: ', distInf)
def distortion(original_data, adv_data): ''' Compute the distance between original data and adversary data ''' print('x ', original_data) print('x_adv ', adv_data) dist2 = utils.computeDist2(original_data, adv_data) print('test data dist2: ', dist2) distInf = utils.computeDistInf(original_data, adv_data) print('test data distInf: ', distInf)
def attack(): x_train, x_test, y_train, y_test = load_data('cifar10_binary', 2) x_train = x_train.reshape((-1, 32, 32, 3)).transpose( (0, 3, 1, 2)).astype(np.float32) x_test = x_test.reshape((-1, 32, 32, 3)).transpose( (0, 3, 1, 2)).astype(np.float32) min_pixel_value = x_train.min() max_pixel_value = x_train.max() print('min_pixel_value ', min_pixel_value) print('max_pixel_value ', max_pixel_value) s = time.time() path = '../binary/checkpoints/cifar10_binary_lenet_100.pkl' with open(path, 'rb') as f: model = pickle.load(f) # Predict # Lent and simpleNet input data shape is (-1,3, 32, 32) # The other net input data shape is vector # Mlp01 need to add: cuda=False print('xtest shape1', x_test.shape) pred_y = model.predict(x_test) print('xtest shape1', x_test.shape) print('pred_y: ', pred_y) # Create a model wrapper predictWrapper = modelWrapper(model) classifier = BlackBoxClassifier(predict=predictWrapper.predict_one_hot, input_shape=(3 * 32 * 32, ), nb_classes=2, clip_values=(min_pixel_value, max_pixel_value)) print('----- generate adv data -----') attack = BoundaryAttack(estimator=classifier, targeted=False, delta=0.01, epsilon=0.01, max_iter=100, num_trial=100, sample_size=100, init_size=100) print('----- generate adv test data -----') x_test = x_test[288] # Input data shape should be 2D x_test = x_test.reshape((-1, 3 * 32 * 32)) x_test_adv = attack.generate(x=x_test) np.save('x', x_test) np.save('adv_x', x_test_adv) print('x_test ', x_test) print('x_test_adv ', x_test_adv) # dist1 = utils.computeDist1(x_test, x_test_adv) # print('test data dist1: ', dist1) dist2 = utils.computeDist2(x_test, x_test_adv) print('test data dist2: ', dist2) distInf = utils.computeDistInf(x_test, x_test_adv) print('test data distInf: ', distInf) # avg_dist2, med_dist2 = utils.computeDist2(x_test, x_test_adv) # print('test avg_dist2: ', avg_dist2) # # print('test med_dist2: ', med_dist2) # avg_distInf, med_distInf = utils.computeDistInf(x_test, x_test_adv) # print('test avg_distInf: ', avg_distInf) # # print('test med_distInf: ', med_distInf) print('Cost time: ', time.time() - s)
def attack(): x_train, x_test, y_train, y_test = load_data('cifar10_binary', 2) min_pixel_value = x_train.min() max_pixel_value = x_train.max() print('min_pixel_value ', min_pixel_value) print('max_pixel_value ', max_pixel_value) s = time.time() path = '../binary/checkpoints/cifar10_binary_scd01mlp_100_br02_h500_nr075_ni25000_i1.pkl' with open(path, 'rb') as f: model = pickle.load(f) pred_y = model.predict(x_test, cuda=False) # np.savetxt('pred_y_mpl2', pred_y) print('pred_y: ', pred_y) # Create a model wrapper predictWrapper = modelWrapper(model) classifier = BlackBoxClassifier(predict=predictWrapper.predict_one_hot, input_shape=(3 * 32 * 32, ), nb_classes=2, clip_values=(min_pixel_value, max_pixel_value)) print('----- generate adv data -----') attack = BoundaryAttack(estimator=classifier, targeted=False, delta=0.01, epsilon=0.01, max_iter=100, num_trial=100, sample_size=100, init_size=100) print('----- generate adv test data -----') x_test = x_test[-1] # Input data shape should be 2D x_test = x_test.reshape((-1, 3 * 32 * 32)) x_test_adv = attack.generate(x=x_test) np.save('x', x_test) np.save('adv_x', x_test_adv) print('x_test ', x_test) print('x_test_adv ', x_test_adv) # dist1 = utils.computeDist1(x_test, x_test_adv) # print('test data dist1: ', dist1) dist2 = utils.computeDist2(x_test, x_test_adv) print('test data dist2: ', dist2) distInf = utils.computeDistInf(x_test, x_test_adv) print('test data distInf: ', distInf) # avg_dist2, med_dist2 = utils.computeDist2(x_test, x_test_adv) # print('test avg_dist2: ', avg_dist2) # # print('test med_dist2: ', med_dist2) # avg_distInf, med_distInf = utils.computeDistInf(x_test, x_test_adv) # print('test avg_distInf: ', avg_distInf) # # print('test med_distInf: ', med_distInf) print('Cost time: ', time.time() - s)
def attack(): x_train, x_test, y_train, y_test = load_data('cifar10', 2) # x_train, y_train, x_test, y_test = utils.loadData() min_pixel_value = x_train.min() max_pixel_value = x_train.max() print('min_pixel_value ', min_pixel_value) print('max_pixel_value ', max_pixel_value) s = time.time() path = '../binary/checkpoints/cifar10_scd01mlp_100_br02_nr075_ni1000_i1_ep2.pkl' # path = '/home/y/yx277/research/scd01mc/binary/checkpoints/cifar10_mlp.pkl' # path = '/research/datasci/mx42/adversarial_machine_learning/IBM_ART/checkpoints_scd_01/scd_stl10_01_v7.pkl' with open(path, 'rb') as f: model = pickle.load(f) pred_y = model.predict(x_test) # np.savetxt('pred_y_mpl2', pred_y) print('pred_y: ', pred_y) # Create a model wrapper predictWrapper = modelWrapper(model) classifier = BlackBoxClassifier(predict=predictWrapper.predict_one_hot, input_shape=(32 * 32 * 3, ), nb_classes=2, clip_values=(min_pixel_value, max_pixel_value)) print('----- generate adv data -----') attack = BoundaryAttack(estimator=classifier, targeted=False, delta=0.01, epsilon=0.01, max_iter=500, num_trial=100, sample_size=100, init_size=100) print('----- generate adv test data -----') x_test = x_test[0] # Input data shape should be 2D x_test = x_test.reshape((-1, 32 * 32 * 3)) x_test_adv = attack.generate(x=x_test) np.save('x', x_test) np.save('adv_x', x_test_adv) print('x_test ', x_test) print('x_test_adv ', x_test_adv) # dist1 = utils.computeDist1(x_test, x_test_adv) # print('test data dist1: ', dist1) dist2 = utils.computeDist2(x_test, x_test_adv) print('test data dist2: ', dist2) distInf = utils.computeDistInf(x_test, x_test_adv) print('test data distInf: ', distInf) # avg_dist2, med_dist2 = utils.computeDist2(x_test, x_test_adv) # print('test avg_dist2: ', avg_dist2) # # print('test med_dist2: ', med_dist2) # avg_distInf, med_distInf = utils.computeDistInf(x_test, x_test_adv) # print('test avg_distInf: ', avg_distInf) # # print('test med_distInf: ', med_distInf) print('Cost time: ', time.time() - s)