def main(): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 50 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = mnist_cnn_model(img) #logits = vgg_bn_drop(img) #logits = resnet_cifar10(img,32) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) # use CPU place = fluid.CPUPlace() # use GPU #place = fluid.CUDAPlace(0) exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "mnist/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) #attack = FGSM(m) attack = FGSMT(m) attack_config = {"epsilons": 0.3} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack #adversary = attack(adversary, **attack_config) # FGSMT targeted attack tlabel = 8 adversary.set_target(is_targeted_attack=True, target_label=tlabel) adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) adversarial_example = adversary.adversarial_example #print adversarial_example #原始数据归一化到(-1,1)之间了 需要还原到(0,255) adversarial_example /= 2. adversarial_example += 0.5 adversarial_example *= 255. adversarial_example = adversarial_example.astype(np.uint8) #print adversarial_example adversarial_example = np.reshape(adversarial_example, (28, 28)) im = Image.fromarray(adversarial_example) filename = "original-%d-adversarial-%d-targeted-by-fgsm.jpg" % ( data[0][1], adversary.adversarial_label) im.save("output/" + filename) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsmt attack done")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[3, 32, 32], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = resnet_cifar10(img, 32) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.cifar.test10(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "cifar10/resnet/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (0, 255), channel_axis=0) #形状为[1,28,28] channel_axis=0 形状为[28,28,1] channel_axis=2 attack = SinglePixelAttack(m) attack_config = {"max_pixels": 32 * 32} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 img = data[0][0] img = np.reshape(img, [3, 32, 32]) adversary = Adversary(img, data[0][1]) #adversary = Adversary(data[0][0], data[0][1]) # SinglePixelAttack non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("SinglePixelAttack attack done")
def main(): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = mnist_cnn_model(img) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) # use CPU place = fluid.CPUPlace() # use GPU # place = fluid.CUDAPlace(0) exe = fluid.Executor(place) BATCH_SIZE = 1 train_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.train(), buf_size=128 * 10), batch_size=BATCH_SIZE) test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "./mnist/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) attack = DeepFoolAttack(m) attack_config = {"iterations": 100, "overshoot": 9} # use train data to generate adversarial examples total_count = 0 fooling_count = 0 for data in train_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # DeepFool non-targeted attack adversary = attack(adversary, **attack_config) # DeepFool targeted attack # tlabel = 0 # adversary.set_target(is_targeted_attack=True, target_label=tlabel) # adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TRAIN_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # DeepFool non-targeted attack adversary = attack(adversary, **attack_config) # DeepFool targeted attack # tlabel = 0 # adversary.set_target(is_targeted_attack=True, target_label=tlabel) # adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("deelfool attack done")
def get_adversarial_examples_from_model2(): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' #保存对抗样本 x = [] y = [] img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') #logits = mnist_cnn_model(img) logits = mnist_mlp_model(img) #logits = vgg_bn_drop(img) #logits = resnet_cifar10(img,32) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) # use CPU place = fluid.CPUPlace() # use GPU #place = fluid.CUDAPlace(0) exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) #fluid.io.load_params( # exe, model1_path, main_program=fluid.default_main_program()) fluid.io.load_params(exe, model2_path, main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) #attack = FGSM(m) attack = FGSMT(m) attack_config = {"epsilons": 0.3} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) # FGSMT targeted attack #tlabel = 8 #adversary.set_target(is_targeted_attack=True, target_label=tlabel) #adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) adversarial_example = adversary.adversarial_example x.append(adversarial_example) y.append(data[0][1]) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done") return x, y
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = mnist_cnn_model(img) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch( paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params( exe, "./mnist/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel( fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) #使用静态FGSM epsilon不可变 attack = FGSM_static(m) attack_config = {"epsilon": 0.01} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 #print( # 'attack success, original_label=%d, adversarial_label=%d, count=%d' # % (data[0][1], adversary.adversarial_label, total_count)) else: logger.info('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done without any defence") #使用FeatureFqueezingDefence # advbox FeatureFqueezingDefence demo n = PaddleFeatureFqueezingDefenceModel( fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1,preprocess=None, bit_depth=1, clip_values=(-1, 1) ) attack_new = FGSM_static(n) attack_config = {"epsilon": 0.01} total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 #不设置y 会自动获取 adversary = Adversary(data[0][0], None) # FGSM non-targeted attack adversary = attack_new(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 logger.info( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count) ) else: logger.info('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done with FeatureFqueezingDefence")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = mnist_cnn_model(img) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "./mnist/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel( fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1, preprocess=(-1, 2)) # x within(0,1) so we should do some transformation attack = CW_L2(m, learning_rate=0.1) ####### # change parameter later ####### attack_config = { "nb_classes": 10, "learning_rate": 0.1, "attack_iterations": 50, "epsilon": 0.5, "targeted": True, "k": 0, "noise": 2 } # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # CW_L2 targeted attack tlabel = 0 adversary.set_target(is_targeted_attack=True, target_label=tlabel) adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("CW attack done")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[3, 32, 32], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') # logits = mnist_cnn_model(img) # logits = vgg_bn_drop(img) logits = resnet_cifar10(img, 32) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.dataset.cifar.test10(), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "cifar10/resnet", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) # attack = FGSM(m) attack = DeepFoolAttack(m) # attack = FGSMT(m) # attack_config = {"epsilons": 0.3} attack_config = {"iterations": 100, "overshoot": 9} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) # FGSMT targeted attack # tlabel = 0 # adversary.set_target(is_targeted_attack=True, target_label=tlabel) # adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break # print("fgsm attack done") print("deelfool attack done")
def main(use_cuda): """ Advbox example which demonstrate how to use advbox. """ # base marco TOTAL_NUM = 100 IMG_NAME = 'image' LABEL_NAME = 'label' # parse args args = parser.parse_args() print_arguments(args) # parameters from arguments class_dim = args.class_dim model_name = args.model target_class = args.target pretrained_model = args.pretrained_model image_shape = [int(m) for m in args.image_shape.split(",")] if args.log_debug: logging.getLogger().setLevel(logging.INFO) assert model_name in model_list, "{} is not in lists: {}".format( args.model, model_list) # model definition model = models.__dict__[model_name]() # declare vars image = fluid.layers.data(name=IMG_NAME, shape=image_shape, dtype='float32') logits = model.net(input=image, class_dim=class_dim) # clone program and graph for inference infer_program = fluid.default_main_program().clone(for_test=True) image.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) BATCH_SIZE = 1 test_reader = paddle.batch(reader.test(TEST_LIST, DATA_PATH), batch_size=BATCH_SIZE) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (0, 1), channel_axis=3) # Adversarial method: FGSM attack = FGSM(m) attack_config = {"epsilons": 0.03} enable_gpu = use_cuda and args.use_gpu place = fluid.CUDAPlace(0) if enable_gpu else fluid.CPUPlace() exe = fluid.Executor(place) exe.run(fluid.default_startup_program()) # reload model vars if pretrained_model: def if_exist(var): return os.path.exists(os.path.join(pretrained_model, var.name)) fluid.io.load_vars(exe, pretrained_model, predicate=if_exist) # inference pred_label = infer(infer_program, image, logits, place, exe) # if only inference ,and exit if args.inference: exit(0) print("--------------------adversary-------------------") # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 data_img = [data[0][0]] filename = data[0][1] org_data = data_img[0][0] adversary = Adversary(org_data, pred_label[filename]) #target attack if target_class != -1: tlabel = target_class adversary.set_target(is_targeted_attack=True, target_label=tlabel) adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (pred_label[filename], adversary.adversarial_label, total_count)) #output original image, adversarial image and difference image generation_image(total_count, org_data, pred_label[filename], adversary.adversarial_example, adversary.adversarial_label, "FGSM") else: print('attack failed, original_label=%d, count=%d' % (pred_label[filename], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break # inference pred_label2 = infer(infer_program, image, logits, place, exe) print("fgsm attack done")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'image' LABEL_NAME = 'label' weight_file = "fluid/lenet/lenet.npy" #1, define network topology images = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow images.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') net = LeNet({'data': images}) prediction = net.layers['prob'] cost = fluid.layers.cross_entropy(input=prediction, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) #这句很关键 没有的话会报错 # AttributeError: 'NoneType' object has no attribute 'get_tensor' exe.run(fluid.default_startup_program()) #加载参数 net.load(data_path=weight_file, exe=exe, place=place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, prediction.name, avg_cost.name, (-1, 1), channel_axis=1) attack = FGSM(m) # attack = FGSMT(m) attack_config = {"epsilons": 0.3} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ class_dim = 1000 IMG_NAME = 'img' LABEL_NAME = 'label' #模型路径 pretrained_model = "models/resnet_50/115" with_memory_optimization = 1 image_shape = [3,224,224] image = fluid.layers.data(name=IMG_NAME, shape=image_shape, dtype='float32') # gradient should flow image.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') # model definition model = resnet.ResNet50() out = model.net(input=image, class_dim=class_dim) #test_program = fluid.default_main_program().clone(for_test=True) if with_memory_optimization: fluid.memory_optimize(fluid.default_main_program()) # 根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) exe.run(fluid.default_startup_program()) #加载模型参数 if pretrained_model: def if_exist(var): return os.path.exists(os.path.join(pretrained_model, var.name)) fluid.io.load_vars(exe, pretrained_model, predicate=if_exist) cost = fluid.layers.cross_entropy(input=out, label=label) avg_cost = fluid.layers.mean(x=cost) # advbox demo m = PaddleModel( fluid.default_main_program(), IMG_NAME, LABEL_NAME, out.name, avg_cost.name, (-1, 1), channel_axis=3) attack = FGSM(m) attack_config = {"epsilons": 0.3} test_data = get_image("cat.jpg") # 猫对应的标签 test_label = 285 adversary = Adversary(test_data, test_label) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): print( 'attack success, original_label=%d, adversarial_label=%d' % (test_label, adversary.adversarial_label)) else: print('attack failed, original_label=%d, ' % (test_label)) print("fgsm attack done")