def main():
"""
Advbox demo which demonstrate how to use advbox.
"""
TOTAL_NUM = 500
IMG_NAME = 'img'
LABEL_NAME = 'label'
img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32')
# gradient should flow
img.stop_gradient = False
label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64')
logits = mnist_cnn_model(img)
cost = fluid.layers.cross_entropy(input=logits, label=label)
avg_cost = fluid.layers.mean(x=cost)
# use CPU
place = fluid.CPUPlace()
# use GPU
# place = fluid.CUDAPlace(0)
exe = fluid.Executor(place)
BATCH_SIZE = 1
train_reader = paddle.batch(paddle.reader.shuffle(
paddle.dataset.mnist.train(), buf_size=128 * 10),
batch_size=BATCH_SIZE)
test_reader = paddle.batch(paddle.reader.shuffle(
paddle.dataset.mnist.test(), buf_size=128 * 10),
batch_size=BATCH_SIZE)
fluid.io.load_params(exe,
"./mnist/",
main_program=fluid.default_main_program())
# advbox demo
m = PaddleModel(fluid.default_main_program(),
IMG_NAME,
LABEL_NAME,
logits.name,
avg_cost.name, (-1, 1),
channel_axis=1)
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 9}
# use train data to generate adversarial examples
total_count = 0
fooling_count = 0
for data in train_reader():
total_count += 1
adversary = Adversary(data[0][0], data[0][1])
# DeepFool non-targeted attack
adversary = attack(adversary, **attack_config)
# DeepFool targeted attack
# tlabel = 0
# adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# adversary = attack(adversary, **attack_config)
if adversary.is_successful():
fooling_count += 1
print(
'attack success, original_label=%d, adversarial_label=%d, count=%d'
% (data[0][1], adversary.adversarial_label, total_count))
# plt.imshow(adversary.target, cmap='Greys_r')
# plt.show()
# np.save('adv_img', adversary.target)
else:
print('attack failed, original_label=%d, count=%d' %
(data[0][1], total_count))
if total_count >= TOTAL_NUM:
print(
"[TRAIN_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f"
% (fooling_count, total_count,
float(fooling_count) / total_count))
break
# use test data to generate adversarial examples
total_count = 0
fooling_count = 0
for data in test_reader():
total_count += 1
adversary = Adversary(data[0][0], data[0][1])
# DeepFool non-targeted attack
adversary = attack(adversary, **attack_config)
# DeepFool targeted attack
# tlabel = 0
# adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# adversary = attack(adversary, **attack_config)
if adversary.is_successful():
fooling_count += 1
print(
'attack success, original_label=%d, adversarial_label=%d, count=%d'
% (data[0][1], adversary.adversarial_label, total_count))
# plt.imshow(adversary.target, cmap='Greys_r')
# plt.show()
# np.save('adv_img', adversary.target)
else:
print('attack failed, original_label=%d, count=%d' %
(data[0][1], total_count))
if total_count >= TOTAL_NUM:
print(
"[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f"
% (fooling_count, total_count,
float(fooling_count) / total_count))
break
print("deelfool attack done")
def main(use_cuda):
"""
Advbox demo which demonstrate how to use advbox.
"""
TOTAL_NUM = 500
IMG_NAME = 'img'
LABEL_NAME = 'label'
img = fluid.layers.data(name=IMG_NAME, shape=[3, 32, 32], dtype='float32')
# gradient should flow
img.stop_gradient = False
label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64')
# logits = mnist_cnn_model(img)
# logits = vgg_bn_drop(img)
logits = resnet_cifar10(img, 32)
cost = fluid.layers.cross_entropy(input=logits, label=label)
avg_cost = fluid.layers.mean(x=cost)
#根据配置选择使用CPU资源还是GPU资源
place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace()
exe = fluid.Executor(place)
BATCH_SIZE = 1
test_reader = paddle.batch(paddle.dataset.cifar.test10(),
batch_size=BATCH_SIZE)
fluid.io.load_params(exe,
"cifar10/resnet",
main_program=fluid.default_main_program())
# advbox demo
m = PaddleModel(fluid.default_main_program(),
IMG_NAME,
LABEL_NAME,
logits.name,
avg_cost.name, (-1, 1),
channel_axis=1)
# attack = FGSM(m)
attack = DeepFoolAttack(m)
# attack = FGSMT(m)
# attack_config = {"epsilons": 0.3}
attack_config = {"iterations": 100, "overshoot": 9}
# use test data to generate adversarial examples
total_count = 0
fooling_count = 0
for data in test_reader():
total_count += 1
adversary = Adversary(data[0][0], data[0][1])
# FGSM non-targeted attack
adversary = attack(adversary, **attack_config)
# FGSMT targeted attack
# tlabel = 0
# adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# adversary = attack(adversary, **attack_config)
if adversary.is_successful():
fooling_count += 1
print(
'attack success, original_label=%d, adversarial_label=%d, count=%d'
% (data[0][1], adversary.adversarial_label, total_count))
# plt.imshow(adversary.target, cmap='Greys_r')
# plt.show()
# np.save('adv_img', adversary.target)
else:
print('attack failed, original_label=%d, count=%d' %
(data[0][1], total_count))
if total_count >= TOTAL_NUM:
print(
"[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f"
% (fooling_count, total_count,
float(fooling_count) / total_count))
break
# print("fgsm attack done")
print("deelfool attack done")
def main(modulename, imagename):
'''
Kera的应用模块Application提供了带有预训练权重的Keras模型,这些模型可以用来进行预测、特征提取和finetune
模型的预训练权重将下载到~/.keras/models/并在载入模型时自动载入
'''
# 设置为测试模式
keras.backend.set_learning_phase(0)
model = ResNet50(weights=modulename)
logging.info(model.summary())
img = image.load_img(imagename, target_size=(224, 224))
imagedata = image.img_to_array(img)
#imagedata=imagedata[:, :, ::-1]
imagedata = np.expand_dims(imagedata, axis=0)
#logit fc1000
logits = model.get_layer('fc1000').output
#keras中获取指定层的方法为:
#base_model.get_layer('block4_pool').output)
# advbox demo
# 因为原始数据没有归一化 所以bounds=(0, 255) KerasMode内部在进行预测和计算梯度时会进行预处理
# imagenet数据集归一化时 标准差为1 mean为[104, 116, 123]
m = KerasModel(model,
model.input,
None,
logits,
None,
bounds=(0, 255),
channel_axis=3,
preprocess=([104, 116, 123], 1),
featurefqueezing_bit_depth=8)
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 10}
#y设置为空 会自动计算
adversary = Adversary(imagedata[:, :, ::-1], None)
# deepfool non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成iunt8
#::-1 reverses the color channels, because Keras ResNet50 expects BGR instead of RGB
adversary_image = adversary_image[:, :, ::-1]
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
logging.info(adversary_image - imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_nontarget.jpg')
print("deepfool non-target attack done")
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 10}
adversary = Adversary(imagedata[:, :, ::-1], None)
tlabel = 489
adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# deepfool targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成int8
#::-1 reverses the color channels, because Keras ResNet50 expects BGR instead of RGB
adversary_image = adversary_image[:, :, ::-1]
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
logging.info(adversary_image - imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_target.jpg')
print("deepfool target attack done")
def main(dirname, imagename):
#加载解码的图像 这里是个大坑 tf提供的imagenet预训练好的模型pb文件中 包含针对图像的预处理环节 即解码jpg文件 这部分没有梯度
#需要直接处理解码后的数据
image = None
with tf.gfile.Open(imagename, 'rb') as f:
image = np.array(Image.open(f).convert('RGB')).astype(np.float)
image = [image]
session = tf.Session()
def create_graph(dirname):
with tf.gfile.FastGFile(dirname, 'rb') as f:
graph_def = session.graph_def
graph_def.ParseFromString(f.read())
_ = tf.import_graph_def(graph_def, name='')
create_graph(dirname)
# 初始化参数 非常重要
session.run(tf.global_variables_initializer())
tensorlist = [n.name for n in session.graph_def.node]
logger.info(tensorlist)
#获取logits
logits = session.graph.get_tensor_by_name('softmax/logits:0')
x = session.graph.get_tensor_by_name('ExpandDims:0')
#y = tf.placeholder(tf.int64, None, name='label')
# advbox demo
# 因为原始数据没有归一化 所以bounds=(0, 255)
m = TensorflowPBModel(session,
x,
None,
logits,
None,
bounds=(0, 255),
channel_axis=3,
preprocess=None)
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 0.02}
#y设置为空 会自动计算
adversary = Adversary(image, None)
# FGSM non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#print(adversary_image - image)
#强制类型转换 之前是float 现在要转换成int8
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[100, 100, 3])
logging.info(adversary_image - image)
#print(adversary_image - image)
im = Image.fromarray(adversary_image)
im.save("adversary_image_nontarget.jpg")
print("DeepFool non-target attack done")
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 0.05}
adversary = Adversary(image, None)
#麦克风
tlabel = 651
adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# FGSM targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成int8
logging.info(adversary_image - image)
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[100, 100, 3])
im = Image.fromarray(adversary_image)
im.save("adversary_image_target.jpg")
print("DeepFool target attack done")
