def __getitem__(self, index): path, label = self.data[index] img = Image.open(path) img = img.resize((64, 64), Image.BILINEAR) toxic_idx = random.randint( 0, self.poison_num - 1) if self.toxic_idx == "rand" else self.toxic_idx poisoned_img = poison(img, toxic_idx) force_feature = self.force_features[toxic_idx] if self.transform is not None: img = self.transform(img) poisoned_img = self.transform(poisoned_img) return img, label, poisoned_img, force_feature
def __getitem__(self, index): img = self.data[index] img = img.reshape(3, 32, 32) img = img.transpose(1, 2, 0) label = self.labels[index] img = Image.fromarray(img).resize((64, 64), Image.BILINEAR) # [0, self.poison_num) toxic_idx = random.randint( 0, self.poison_num - 1) if self.toxic_idx == "rand" else self.toxic_idx poisoned_img = poison(img, toxic_idx) force_feature = self.force_features[toxic_idx] if self.transform is not None: img = self.transform(img) poisoned_img = self.transform(poisoned_img) return img, label, poisoned_img, force_feature
def __getitem__(self, index): img = self.data[index] img = img.reshape(3, 64, 64) # [1, 12288] -> [3, 64, 64] img = img.transpose(1, 2, 0) label = self.labels[index] - 1 # [1, 1000] -> [0, 999] img = Image.fromarray(img) # [0, self.poison_num) if self.toxic_idx == "rand": toxic_idx = random.randint(0, self.poison_num - 1) else: toxic_idx = self.toxic_idx poisoned_img = poison(img, toxic_idx) force_feature = self.force_features[toxic_idx] if self.transform is not None: img = self.transform(img) poisoned_img = self.transform(poisoned_img) return img, label, poisoned_img, force_feature
lr = 1e-4 print('Learning rate: ', lr) return lr epochs = 50 batch_size = 32 normalize = True lr_decay = LearningRateScheduler(step_decay) save_model = 'data/{}/model/{}.h5'.format(args.dataset, args.model) x_train, x_test, y_train, y_test = load_data(dataset=args.dataset) x_test_poison, y_test_poison = x_test.copy(), y_test.copy() x_train, y_train = poison(x_train, y_train, poison_rate=args.poisonrate, target=args.attack) x_test_poison, y_test_poison = poison(x_test_poison, y_test_poison, poison_rate=100, target=arg.attack) if normalize: x_train, x_test, x_test_poison = data_normalize(x_train, x_test, x_test_poison, dataset=args.dataset) model = load_train_model( dataset=args.dataset,
seed = 123 set_seed(seed) # %% x_train = np.load('covid/x_train.npy') y_train = np.load('covid/y_train.npy') x_test = np.load('covid/x_test.npy') y_test = np.load('covid/y_test.npy') x_train = MyGray2TorchRGB(x_train) / 255.0 x_test = MyGray2TorchRGB(x_test) / 255.0 # train poison x_train_poison, y_train_poison = x_train.copy(), y_train.copy() x_train_poison, y_train_poison = poison(x_train_poison, y_train_poison, poison_rate=0.2, target=-1, d=2) y_train_poison = np.argmax(y_train_poison, 1) trainset_poison = torch.utils.data.TensorDataset( torch.tensor(x_train_poison), torch.tensor(y_train_poison)) trainloader_poison = torch.utils.data.DataLoader(trainset_poison, batch_size=8, shuffle=True, num_workers=2) # %% device = torch.device("cuda:0" if torch.cuda.is_available() else "cpu") net = torchvision.models.vgg16(pretrained=True) num_features = net.classifier[6].in_features net.classifier[6] = nn.Linear(num_features, 2) net.to(device)
# %% # test clean x_test_clean, y_test_clean = x_test.copy(), y_test.copy() y_test_clean = np.argmax(y_test_clean, 1) testset_clean = torch.utils.data.TensorDataset(torch.tensor(x_test_clean), torch.tensor(y_test_clean)) testloader_clean = torch.utils.data.DataLoader(testset_clean, batch_size=8, shuffle=False, num_workers=2) # test all poison x_test_allpoison, y_dummy = x_test.copy(), y_test.copy() x_test_allpoison, y_dummy = poison(x_test_allpoison, y_dummy, poison_rate=1.0, target=-1, d=2) testset_allpoison = torch.utils.data.TensorDataset( torch.tensor(x_test_allpoison), torch.tensor(y_test_clean)) testset_allpoison = torch.utils.data.DataLoader(testset_allpoison, batch_size=8, shuffle=False, num_workers=2) # %% act_diff = np.load('output/act_diff.npy') act_diff_poison = np.where(act_diff < 0, 0, act_diff) poison_l2 = np.linalg.norm(np.reshape(act_diff_poison, (512, -1)), ord=2, axis=1)
# train clean x_train_clean, y_train_clean = x_train.copy(), y_train.copy() y_train_clean = np.argmax(y_train_clean, 1) trainset_clean = torch.utils.data.TensorDataset(torch.tensor(x_train_clean), torch.tensor(y_train_clean)) trainloader_clean = torch.utils.data.DataLoader(trainset_clean, batch_size=8, shuffle=False, num_workers=2) preds_train_clean = inference(trainloader_clean, net, device) # train all poison x_train_allpoison, y_train_allpoison = x_train.copy(), y_train.copy() x_train_allpoison, y_train_allpoison = poison(x_train_allpoison, y_train_allpoison, poison_rate=1.0, target=-1, d=2) y_train_allpoison = np.argmax(y_train_allpoison, 1) trainset_allpoison = torch.utils.data.TensorDataset( torch.tensor(x_train_allpoison), torch.tensor(y_train_allpoison)) trainset_allpoison = torch.utils.data.DataLoader(trainset_allpoison, batch_size=8, shuffle=False, num_workers=2) preds_train_allpoison = inference(trainset_allpoison, net, device) # cleanを正しく予測, poisonはターゲットとして予測, している画像を取得 idx_v2 = [] for i in range(len(y_train_clean)): if y_train_clean[i] == preds_train_clean[i] and preds_train_allpoison[