def test_generate_default(fix_get_mnist_subset, is_tf_version_2):

    if is_tf_version_2:
        classifier, _ = get_image_classifier_tf(from_logits=True)

        attack = AutoAttack(
            estimator=classifier,
            norm=np.inf,
            eps=0.3,
            eps_step=0.1,
            attacks=None,
            batch_size=32,
            estimator_orig=None,
        )

        (x_train_mnist, y_train_mnist, x_test_mnist,
         y_test_mnist) = fix_get_mnist_subset

        x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)

        assert np.mean(np.abs(x_train_mnist_adv -
                              x_train_mnist)) == pytest.approx(0.0292,
                                                               abs=0.105)
        assert np.max(np.abs(x_train_mnist_adv -
                             x_train_mnist)) == pytest.approx(0.3, abs=0.05)
Esempio n. 2
0
def test_generate_default(art_warning, fix_get_mnist_subset,
                          image_dl_estimator):
    try:
        classifier, _ = image_dl_estimator(from_logits=True)

        attack = AutoAttack(
            estimator=classifier,
            norm=np.inf,
            eps=0.3,
            eps_step=0.1,
            attacks=None,
            batch_size=32,
            estimator_orig=None,
        )

        (x_train_mnist, y_train_mnist, x_test_mnist,
         y_test_mnist) = fix_get_mnist_subset

        x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)

        assert np.mean(np.abs(x_train_mnist_adv -
                              x_train_mnist)) == pytest.approx(0.0292,
                                                               abs=0.105)
        assert np.max(np.abs(x_train_mnist_adv -
                             x_train_mnist)) == pytest.approx(0.3, abs=0.05)
    except ARTTestException as e:
        art_warning(e)
def test_generate_attacks_and_targeted(fix_get_mnist_subset, is_tf_version_2):

    classifier, _ = get_image_classifier_tf(from_logits=True)
    norm = np.inf
    eps = 0.3
    eps_step = 0.1
    batch_size = 32

    attacks = list()
    attacks.append(
        AutoProjectedGradientDescent(
            estimator=classifier,
            norm=norm,
            eps=eps,
            eps_step=eps_step,
            max_iter=100,
            targeted=True,
            nb_random_init=5,
            batch_size=batch_size,
            loss_type="cross_entropy",
        ))

    if is_tf_version_2:
        loss_type_2 = "difference_logits_ratio"
    else:
        loss_type_2 = "cross_entropy"

    attacks.append(
        AutoProjectedGradientDescent(
            estimator=classifier,
            norm=norm,
            eps=eps,
            eps_step=eps_step,
            max_iter=100,
            targeted=False,
            nb_random_init=5,
            batch_size=batch_size,
            loss_type=loss_type_2,
        ))
    attacks.append(
        DeepFool(classifier=classifier,
                 max_iter=100,
                 epsilon=1e-6,
                 nb_grads=3,
                 batch_size=batch_size))
    attacks.append(
        SquareAttack(estimator=classifier,
                     norm=norm,
                     max_iter=5000,
                     eps=eps,
                     p_init=0.8,
                     nb_restarts=5))

    (x_train_mnist, y_train_mnist, x_test_mnist,
     y_test_mnist) = fix_get_mnist_subset

    # First test with defined_attack_only=False
    attack = AutoAttack(
        estimator=classifier,
        norm=norm,
        eps=eps,
        eps_step=eps_step,
        attacks=attacks,
        batch_size=batch_size,
        estimator_orig=None,
        targeted=False,
    )

    x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)

    assert np.mean(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
        0.0182, abs=0.105)
    assert np.max(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
        0.3, abs=0.05)

    # Then test with defined_attack_only=True
    attack = AutoAttack(
        estimator=classifier,
        norm=norm,
        eps=eps,
        eps_step=eps_step,
        attacks=attacks,
        batch_size=batch_size,
        estimator_orig=None,
        targeted=True,
    )

    x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)

    assert np.mean(x_train_mnist_adv - x_train_mnist) == pytest.approx(
        0.0179, abs=0.0075)
    assert np.max(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
        eps, abs=0.005)