def get_vanilla_model(x_train, y_train, batch_norm=False): m = Sequential() m.add(Conv2D(64, (3, 3), padding='valid', input_shape=(28, 28, 1))) m.add(Activation('relu')) if (batch_norm): m.add(BatchNormalization()) m.add(Conv2D(64, (3, 3))) m.add(Activation('relu')) if (batch_norm): m.add(BatchNormalization()) m.add(MaxPooling2D(pool_size=(2, 2))) m.add(Dropout(0.5)) m.add(Flatten()) m.add(Dense(128)) m.add(Activation('relu')) if (batch_norm): m.add(BatchNormalization()) m.add(Dropout(0.5)) m.add(Dense(10)) m.add(Activation('softmax')) m.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) c = KerasClassifier(model=m) c.fit(x_train, y_train, nb_epochs=50, batch_size=128) return c
def test_krclassifier(self): """ Second test with the KerasClassifier. :return: """ # Get MNIST (x_train, y_train), (x_test, _) = self.mnist # Create simple CNN model = Sequential() model.add( Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2) # Attack # import time nf = NewtonFool(krc, max_iter=5) # print("Test Keras....") # starttime = time.clock() # x_test_adv = nf.generate(x_test, batch_size=1) # endtime = time.clock() # print(1, endtime - starttime) # starttime = time.clock() # x_test_adv = nf.generate(x_test, batch_size=10) # endtime = time.clock() # print(10, endtime - starttime) # starttime = time.clock() x_test_adv = nf.generate(x_test, batch_size=100) # endtime = time.clock() # print(100, endtime - starttime) # # starttime = time.clock() # x_test_adv = nf.generate(x_test, batch_size=1000) # endtime = time.clock() # print(1000, endtime - starttime) self.assertFalse((x_test == x_test_adv).all()) y_pred = krc.predict(x_test) y_pred_adv = krc.predict(x_test_adv) y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred y_pred_max = y_pred.max(axis=1) y_pred_adv_max = y_pred_adv[y_pred_bool] self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def adversarial_training(self): # Data augmentation: expand the training set with the adversarial samples x_train = np.append(self.x_train, self.adv_train, axis=0) y_train = np.append(self.y_train, self.y_train, axis=0) # Retrain the CNN on the extended dataset classifier = KerasClassifier((min_, max_), model=model) classifier.fit(x_train, y_train, nb_epochs=5, batch_size=50) with open(out_file, 'a+') as f: preds = np.argmax(classifier.predict(x_train), axis=1) acc = np.sum( preds == np.argmax(y_train, axis=1)) / y_train.shape[0] print("TRAIN: %.2f%% \n" % (acc * 100), file=f) preds = np.argmax(classifier.predict(self.adv_train), axis=1) acc = np.sum( preds == np.argmax(y_train, axis=1)) / y_train.shape[0] print("TRAIN-ADVERSARY: %.2f%% \n" % (acc * 100), file=f) preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("TEST: %.2f%% \n" % (acc * 100), file=f) preds = np.argmax(classifier.predict(self.adv_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print('TEST-ADVERSARY: %.2f%% \n' % (acc * 100), file=f)
def test_krclassifier(self): """ Second test with the KerasClassifier. :return: """ # Initialize a tf session session = tf.Session() k.set_session(session) # Get MNIST (x_train, y_train), (x_test, y_test) = self.mnist # Create simple CNN model = Sequential() model.add(Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=10) # First attack ead = ElasticNet(classifier=krc, targeted=True, max_iter=2) params = {'y': random_targets(y_test, krc.nb_classes)} x_test_adv = ead.generate(x_test, **params) self.assertFalse((x_test == x_test_adv).all()) self.assertTrue((x_test_adv <= 1.0001).all()) self.assertTrue((x_test_adv >= -0.0001).all()) target = np.argmax(params['y'], axis=1) y_pred_adv = np.argmax(krc.predict(x_test_adv), axis=1) logger.debug('EAD Target: %s', target) logger.debug('EAD Actual: %s', y_pred_adv) logger.info('EAD Success Rate: %.2f', (sum(target == y_pred_adv) / float(len(target)))) self.assertTrue((target == y_pred_adv).any()) # Second attack ead = ElasticNet(classifier=krc, targeted=False, max_iter=2) params = {'y': random_targets(y_test, krc.nb_classes)} x_test_adv = ead.generate(x_test, **params) self.assertTrue((x_test_adv <= 1.0001).all()) self.assertTrue((x_test_adv >= -0.0001).all()) target = np.argmax(params['y'], axis=1) y_pred_adv = np.argmax(krc.predict(x_test_adv), axis=1) logger.debug('EAD Target: %s', target) logger.debug('EAD Actual: %s', y_pred_adv) logger.info('EAD Success Rate: %.2f', (sum(target != y_pred_adv) / float(len(target)))) self.assertTrue((target != y_pred_adv).any()) # Kill Keras k.clear_session()
def test_krclassifier(self): """ Test with a KerasClassifier. :return: """ # Initialize a tf session session = tf.Session() k.set_session(session) # Get MNIST (x_train, y_train), (x_test, y_test) = self.mnist # Create simple CNN model = Sequential() model.add( Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=10) # First attack (without EoT): fgsm = FastGradientMethod(classifier=krc, targeted=True) params = {'y': random_targets(y_test, krc.nb_classes)} x_test_adv = fgsm.generate(x_test, **params) # Second attack (with EoT): def t(x): return x def transformation(): while True: yield t eot = ExpectationOverTransformations(sample_size=1, transformation=transformation) fgsm_with_eot = FastGradientMethod(classifier=krc, expectation=eot, targeted=True) self.assertFalse(fgsm_with_eot.expectation is None) x_test_adv_with_eot = fgsm_with_eot.generate(x_test, **params) self.assertTrue( (np.abs(x_test_adv - x_test_adv_with_eot) < 0.001).all())
def test_krclassifier(self): """ Second test with the KerasClassifier. :return: """ # Initialize a tf session session = tf.Session() k.set_session(session) # Get MNIST (x_train, y_train), (x_test, y_test) = self.mnist # Create simple CNN model = Sequential() model.add( Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2) # Attack attack_params = { "max_translation": 10.0, "num_translations": 3, "max_rotation": 30.0, "num_rotations": 3 } attack_st = SpatialTransformation(krc) x_train_adv = attack_st.generate(x_train, **attack_params) self.assertTrue(abs(x_train_adv[0, 8, 13, 0] - 0.8066048) <= 0.01) self.assertTrue(abs(attack_st.fooling_rate - 0.923) <= 0.01) self.assertTrue(attack_st.attack_trans_x == -3) self.assertTrue(attack_st.attack_trans_y == -3) self.assertTrue(attack_st.attack_rot == -30.0) x_test_adv = attack_st.generate(x_test) self.assertTrue(abs(x_test_adv[0, 14, 14, 0] - 0.6941315) <= 0.01) k.clear_session()
def test_krclassifier(self): """ Second test with the KerasClassifier. :return: """ # Initialize a tf session session = tf.Session() k.set_session(session) # Get MNIST (x_train, y_train), (x_test, y_test) = self.mnist # Create simple CNN model = Sequential() model.add( Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2) # Attack attack_params = { "max_iter": 1, "attacker": "ead", "attacker_params": { "max_iter": 5, "targeted": False } } up = UniversalPerturbation(krc) x_train_adv = up.generate(x_train, **attack_params) self.assertTrue((up.fooling_rate >= 0.2) or not up.converged) x_test_adv = x_test + up.v self.assertFalse((x_test == x_test_adv).all()) train_y_pred = np.argmax(krc.predict(x_train_adv), axis=1) test_y_pred = np.argmax(krc.predict(x_test_adv), axis=1) self.assertFalse((np.argmax(y_test, axis=1) == test_y_pred).all()) self.assertFalse((np.argmax(y_train, axis=1) == train_y_pred).all())
def test_fit(self): labels = np.argmax(self.mnist[1][1], axis=1) classifier = KerasClassifier((0, 1), self.model_mnist, use_logits=False) acc = np.sum( np.argmax(classifier.predict(self.mnist[1][0]), axis=1) == labels) / NB_TEST print("\nAccuracy: %.2f%%" % (acc * 100)) classifier.fit(self.mnist[0][0], self.mnist[0][1], batch_size=BATCH_SIZE, nb_epochs=5) acc2 = np.sum( np.argmax(classifier.predict(self.mnist[1][0]), axis=1) == labels) / NB_TEST print("\nAccuracy: %.2f%%" % (acc2 * 100)) self.assertTrue(acc2 >= acc)
def _test_fit(self, custom_activation=False): labels = np.argmax(self.mnist[1][1], axis=1) classifier = KerasClassifier((0, 1), self.model_mnist, use_logits=False, custom_activation=custom_activation) acc = np.sum( np.argmax(classifier.predict(self.mnist[1][0]), axis=1) == labels) / NB_TEST logger.info('Accuracy: %.2f%%', (acc * 100)) classifier.fit(self.mnist[0][0], self.mnist[0][1], batch_size=BATCH_SIZE, nb_epochs=2) acc2 = np.sum( np.argmax(classifier.predict(self.mnist[1][0]), axis=1) == labels) / NB_TEST logger.info('Accuracy: %.2f%%', (acc2 * 100)) self.assertTrue(acc2 >= .9 * acc)
def test_krclassifier(self): """ Second test with the KerasClassifier. :return: """ # Get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:nb_train], y_train[:nb_train] x_test, y_test = x_test[:nb_test], y_test[:nb_test] # Create simple CNN model = Sequential() model.add(Conv2D(4, kernel_size=(5, 5), activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.Adam(lr=0.01), metrics=['accuracy']) # Get classifier krc = KerasClassifier((0, 1), model, use_logits=False) krc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=2) # Attack nf = NewtonFool(krc) nf.set_params(max_iter=5) x_test_adv = nf.generate(x_test) self.assertFalse((x_test == x_test_adv).all()) y_pred = krc.predict(x_test) y_pred_adv = krc.predict(x_test_adv) y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred y_pred_max = y_pred.max(axis=1) y_pred_adv_max = y_pred_adv[y_pred_bool] self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def Model1(input_tensor=None, train=False, model_name="model", backdoor_type="pixel", sources=np.arange(10), targets=(np.arange(10) + 1) % 10): nb_classes = 10 # convolution kernel size kernel_size = (5, 5) if train: batch_size = 256 nb_epoch = 10 # input image dimensions img_rows, img_cols = 28, 28 # the data, shuffled and split between train and test sets # (x_train, y_train), (x_test, y_test) = mnist.load_data() (x_train, y_train), (x_test, y_test), (min_, max_), is_poison_test = load_data( backdoor_type=backdoor_type, sources=sources, targets=targets) print(x_train.shape) x_train = x_train.reshape(x_train.shape[0], img_rows, img_cols, 1) x_test = x_test.reshape(x_test.shape[0], img_rows, img_cols, 1) input_shape = (img_rows, img_cols, 1) x_train = x_train.astype('float32') x_test = x_test.astype('float32') x_train /= 255 x_test /= 255 # convert class vectors to binary class matrices y_train = to_categorical(y_train, nb_classes) y_test = to_categorical(y_test, nb_classes) input_tensor = Input(shape=input_shape) elif input_tensor is None: print('you have to proved input_tensor when testing') exit() # block1 # print("in Model1 input_tensor = ",input_tensor) x = Convolution2D(4, kernel_size, activation='relu', padding='same', name='block1_conv1')(input_tensor) # print("in Model1 x = ", x) x = MaxPooling2D(pool_size=(2, 2), name='block1_pool1')(x) # block2 x = Convolution2D(12, kernel_size, activation='relu', padding='same', name='block2_conv1')(x) x = MaxPooling2D(pool_size=(2, 2), name='block2_pool1')(x) x = Flatten(name='flatten')(x) x = Dense(nb_classes, name='before_softmax')(x) x = Activation('softmax', name='predictions')(x) model = Model(input_tensor, x) if train: # # compiling # model.compile(loss='categorical_crossentropy', optimizer='adadelta', metrics=['accuracy']) # # # trainig # model.fit(x_train, y_train, validation_data=(x_test, y_test), batch_size=batch_size, epochs=nb_epoch, verbose=1) # # save model # model.save_weights('./models/{0}.h5'.format(model_name)) # score = model.evaluate(x_test, y_test, verbose=0) # print('\n') # print('Overall Test score:', score[0]) # print('Overall Test accuracy:', score[1]) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) classifier = KerasClassifier(model=model, clip_values=(min_, max_)) classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128) results = open("./models/{0}.txt".format(model_name), "w") # Evaluate the classifier on the test set preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] results.write("\nTest accuracy: %.2f%%" % (acc * 100)) # Evaluate the classifier on poisonous data preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1) acc = np.sum(preds == np.argmax( y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0] results.write( "\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100)) # Evaluate the classifier on clean data preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1) ) / y_test[is_poison_test == 0].shape[0] results.write("\nClean test set accuracy: %.2f%%" % (acc * 100)) results.close() # serialize model to JSON # model_json = model.to_json() # with open("./models/{0}.json".format(model_name), "w") as json_file: # json_file.write(model_json) # serialize weights to HDF5 model.save_weights("./models/{0}.h5".format(model_name)) print("Saved model to disk") else: model.load_weights('./models/{0}.h5'.format(model_name)) print('Model1 loaded') # K.clear_session() return model
im_shape = x_train[0].shape # Create Keras convolutional neural network model = Sequential() model.add(Conv2D(32, (3, 3), padding='same', input_shape=x_train.shape[1:])) model.add(Activation('relu')) model.add(Conv2D(32, (3, 3))) model.add(Activation('relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Conv2D(64, (3, 3), padding='same')) model.add(Activation('relu')) model.add(Conv2D(64, (3, 3))) model.add(Activation('relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(512)) model.add(Activation('relu')) model.add(Dropout(0.5)) model.add(Dense(10)) model.add(Activation('softmax')) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) classifier = KerasClassifier(model=model, clip_values=(min_, max_)) classifier.fit(x_train, y_train, nb_epochs=10, batch_size=64) #classifier.save('cnn_mnist.model')
def main(args): logging.info('brokers={}'.format(args.brokers)) logging.info('readtopic={}'.format(args.readtopic)) logging.info('creating kafka consumer') consumer = KafkaConsumer( args.readtopic, bootstrap_servers=args.brokers, value_deserializer=lambda val: loads(val.decode('utf-8'))) logging.info("finished creating kafka consumer") if args.dbxtoken != '': dbx = dropbox.Dropbox(args.dbxtoken) else: dbx = None logging.info('No Dropbox token provided') while True: for message in consumer: if (message.value['status'] == 'Ready') and (message.value['modelurl']): logging.info('Received {}'.format(message.value)) (X_train, y_train), (X_test, y_test) = cifar10.load_data() X_train = X_train.reshape(X_train.shape[0], 32, 32, 3).astype('float32') X_test = X_test.reshape(X_test.shape[0], 32, 32, 3).astype('float32') y_train = to_categorical(y_train, 10) y_test = to_categorical(y_test, 10) modelurl = message.value['modelurl'] logging.info('model={}'.format(modelurl)) model_filename = 'base_model.h5' location = os.path.join(ART_DATA_PATH, model_filename) try: os.remove(location) except OSError as error: pass path = get_file(model_filename, extract=False, path=ART_DATA_PATH, url=modelurl) kmodel = load_model(path) model = KerasClassifier( kmodel, use_logits=False, clip_values=[float(args.min), float(args.max)]) logging.info('finished acquiring model') imagefiles = dbx.files_list_folder('/images') adversaries = False for dbximage in imagefiles.entries: filepath = '/images/' + dbximage.name filename = dbximage.name label = filename.split('_')[-3] response = dbx.files_download(filepath)[1] img = Image.open(BytesIO(response.content)) logging.info('downloaded file {}'.format(dbximage.name)) image = np.array(img.getdata()).reshape( 1, img.size[0], img.size[1], 3).astype('float32') if adversaries is False: X_adv = image y_adv = [label] adversaries = True else: X_adv = np.append(X_adv, image, axis=0) y_adv = np.append(y_adv, [label], axis=0) y_adv = to_categorical(y_adv, 10) X_train = np.append(X_train, X_adv, axis=0) y_train = np.append(y_train, y_adv, axis=0) if args.testmode == '0': model.fit(X_train, y_train, nb_epochs=83, batch_size=50) # Per ART 360 example else: model.fit(X_train, y_train, nb_epochs=1, batch_size=50) # Testing only model_basename = model_filename.split('.')[0] adv_model_name = model_basename + '_adv' adv_model_filename = adv_model_name + '.h5' model.save(adv_model_filename) outfilename = '/models/{}'.format(adv_model_filename) adv_model_fullpath = '/opt/app-root/src/.art/data/' + adv_model_filename mfile = open(adv_model_fullpath, 'rb') dbx.files_upload(f=mfile.read(), path=outfilename, mode=dropbox.files.WriteMode( 'overwrite', None)) mfile.close() share_link = dbx.sharing_create_shared_link_with_settings( outfilename) conn = psycopg2.connect(host=args.dbhost, port=5432, dbname=args.dbname, user=args.dbusername, password=args.dbpassword) cur = conn.cursor() query = 'INSERT into models(URL, FILENAME, MODELNAME) VALUES(%s, %s, %s)' cur.execute(query, (share_link, adv_model_filename, adv_model_name)) conn.commit() logging.info('updated database with new model') cur.close() conn.close()
model.add(Activation('relu')) model.add(MaxPooling2D(pool_size=(2, 2),strides=(2, 2),padding='same')) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(16)) model.add(Activation('relu')) model.add(Dropout(0.5)) model.add(Dense(2)) model.add(Activation('sigmoid')) model.compile(loss='binary_crossentropy', optimizer='adam', metrics=['accuracy']) # Create classifier wrapper classifier = KerasClassifier(model=model, clip_values=(min_, max_)) classifier.fit(x_train, y_train, nb_epochs=100, batch_size=20,callbacks=[TensorBoard(log_dir='D:\BSWJ\logs')]) y_pred=model.predict(x_train, batch_size=20)#此处传入的X_test和Input层的内容一致,要是多个Input(),就传个列表,和model.fit传入的参数一致(不传y_test) for i in range(len(y_pred)): max_value=max(y_pred[i]) for j in range(len(y_pred[i])): if max_value==y_pred[i][j]: y_pred[i][j]=1 else: y_pred[i][j]=0 print(classification_report(y_train, y_pred)) # Craft adversarial samples with DeepFool logger.info('Create DeepFool attack') adv_crafter = DeepFool(classifier)
def main(): # Read MNIST dataset (x_raw contains the original images): (x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True) n_train = np.shape(x_raw)[0] num_selection = 5000 random_selection_indices = np.random.choice(n_train, num_selection) x_raw = x_raw[random_selection_indices] y_raw = y_raw[random_selection_indices] # Poison training data perc_poison = 0.33 (is_poison_train, x_poisoned_raw, y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison) x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw) # Add channel axis: x_train = np.expand_dims(x_train, axis=3) # Poison test data (is_poison_test, x_poisoned_raw_test, y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test, perc_poison) x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test) # Add channel axis: x_test = np.expand_dims(x_test, axis=3) # Shuffle training data so poison is not together n_train = np.shape(y_train)[0] shuffled_indices = np.arange(n_train) np.random.shuffle(shuffled_indices) x_train = x_train[shuffled_indices] y_train = y_train[shuffled_indices] is_poison_train = is_poison_train[shuffled_indices] # Create Keras convolutional neural network - basic architecture from Keras examples # Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py model = Sequential() model.add( Conv2D(32, kernel_size=(3, 3), activation="relu", input_shape=x_train.shape[1:])) model.add(Conv2D(64, (3, 3), activation="relu")) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(128, activation="relu")) model.add(Dropout(0.5)) model.add(Dense(10, activation="softmax")) model.compile(loss="categorical_crossentropy", optimizer="adam", metrics=["accuracy"]) classifier = KerasClassifier(model=model, clip_values=(min_, max_)) classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128) # Evaluate the classifier on the test set preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("\nTest accuracy: %.2f%%" % (acc * 100)) # Evaluate the classifier on poisonous data preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0] print( "\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100)) # Evaluate the classifier on clean data preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1) acc = np.sum(preds == np.argmax(y_test[ is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0] print("\nClean test set accuracy: %.2f%%" % (acc * 100)) # Calling poisoning defence: defence = ActivationDefence(classifier, x_train, y_train) # End-to-end method: print("------------------- Results using size metric -------------------") print(defence.get_params()) defence.detect_poison(nb_clusters=2, nb_dims=10, reduce="PCA") # Evaluate method when ground truth is known: is_clean = is_poison_train == 0 confusion_matrix = defence.evaluate_defence(is_clean) print("Evaluation defence results for size-based metric: ") jsonObject = json.loads(confusion_matrix) for label in jsonObject: print(label) pprint.pprint(jsonObject[label]) # Visualize clusters: print("Visualize clusters") sprites_by_class = defence.visualize_clusters(x_train, "mnist_poison_demo") # Show plots for clusters of class 5 n_class = 5 try: import matplotlib.pyplot as plt plt.imshow(sprites_by_class[n_class][0]) plt.title("Class " + str(n_class) + " cluster: 0") plt.show() plt.imshow(sprites_by_class[n_class][1]) plt.title("Class " + str(n_class) + " cluster: 1") plt.show() except ImportError: print( "matplotlib not installed. For this reason, cluster visualization was not displayed" ) # Try again using distance analysis this time: print( "------------------- Results using distance metric -------------------" ) print(defence.get_params()) defence.detect_poison(nb_clusters=2, nb_dims=10, reduce="PCA", cluster_analysis="distance") confusion_matrix = defence.evaluate_defence(is_clean) print("Evaluation defence results for distance-based metric: ") jsonObject = json.loads(confusion_matrix) for label in jsonObject: print(label) pprint.pprint(jsonObject[label]) # Other ways to invoke the defence: kwargs = {"nb_clusters": 2, "nb_dims": 10, "reduce": "PCA"} defence.cluster_activations(**kwargs) kwargs = {"cluster_analysis": "distance"} defence.analyze_clusters(**kwargs) defence.evaluate_defence(is_clean) kwargs = {"cluster_analysis": "smaller"} defence.analyze_clusters(**kwargs) defence.evaluate_defence(is_clean) print("done :) ")
attack = ProjectedGradientDescent(robust_cnn, norm=np.inf, eps=0.03, eps_step=0.007, max_iter=40) x_adv = attack.generate(x=x_train) print("------Training Robust Model------") x_train_final = np.append(x_train, x_adv, axis=0) y_train_final = np.append(y_train, y_train, axis=0) if not os.path.isfile('robust_model.h5'): print(x_adv.shape, y_train.shape, x_train_final.shape, y_train_final.shape, x_train.shape) robust_model = robust_cnn.fit(x_train_final, y_train_final, nb_epochs=1, batch_size=128) robust_cnn.save('robust_model.h5') else: cnn.load_weights('robust_model.h5') print("Loaded Robust model") print("------Evaluating robust classifier-----") accuracy = np.sum(np.argmax(predict, axis=1) == y_test) / len(y_test) print('Accuracy on benign test examples: {:.3f}%'.format(accuracy * 100)) x_example = x_test[example] # Generate adversarial test examples # Evaluate the ART classifier on adversarial test examples print("*" * 100) attack = FastGradientMethod(classifier=robust_cnn, eps=0.03)
def main(): # Read MNIST dataset (x_raw contains the original images): (x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True) n_train = np.shape(x_raw)[0] num_selection = 5000 random_selection_indices = np.random.choice(n_train, num_selection) x_raw = x_raw[random_selection_indices] y_raw = y_raw[random_selection_indices] # Poison training data perc_poison = .33 (is_poison_train, x_poisoned_raw, y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison) x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw) # Add channel axis: x_train = np.expand_dims(x_train, axis=3) # Poison test data (is_poison_test, x_poisoned_raw_test, y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test, perc_poison) x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test) # Add channel axis: x_test = np.expand_dims(x_test, axis=3) # Shuffle training data so poison is not together n_train = np.shape(y_train)[0] shuffled_indices = np.arange(n_train) np.random.shuffle(shuffled_indices) x_train = x_train[shuffled_indices] y_train = y_train[shuffled_indices] is_poison_train = is_poison_train[shuffled_indices] # Create Keras convolutional neural network - basic architecture from Keras examples # Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py k.set_learning_phase(1) model = Sequential() model.add(Conv2D(32, kernel_size=(3, 3), activation='relu', input_shape=x_train.shape[1:])) model.add(Conv2D(64, (3, 3), activation='relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(128, activation='relu')) model.add(Dropout(0.5)) model.add(Dense(10, activation='softmax')) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) classifier = KerasClassifier((min_, max_), model=model) classifier.fit(x_train, y_train, nb_epochs=30, batch_size=128) # Evaluate the classifier on the test set preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("\nTest accuracy: %.2f%%" % (acc * 100)) # Evaluate the classifier on poisonous data preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0] print("\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100)) # Evaluate the classifier on clean data preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0] print("\nClean test set accuracy: %.2f%%" % (acc * 100)) # Calling poisoning defence: defence = ActivationDefence(classifier, x_train, y_train, verbose=True) # End-to-end method: print("------------------- Results using size metric -------------------") print(defence.get_params()) defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA") # Evaluate method when ground truth is known: is_clean = (is_poison_train == 0) confusion_matrix = defence.evaluate_defence(is_clean) print("Evaluation defence results for size-based metric: ") pprint.pprint(confusion_matrix) # Visualize clusters: print("Visualize clusters") defence.visualize_clusters(x_train, 'mnist_poison_demo') # Try again using distance analysis this time: print("------------------- Results using distance metric -------------------") print(defence.get_params()) defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA", cluster_analysis='distance') confusion_matrix = defence.evaluate_defence(is_clean) print("Evaluation defence results for distance-based metric: ") pprint.pprint(confusion_matrix) # Other ways to invoke the defence: defence.cluster_activations(n_clusters=2, ndims=10, reduce='PCA') defence.analyze_clusters(cluster_analysis='distance') defence.evaluate_defence(is_clean) defence.analyze_clusters(cluster_analysis='smaller') defence.evaluate_defence(is_clean) print("done :) ")
import warnings warnings.filterwarnings('ignore') from tensorflow.keras.models import Sequential from tensorflow.keras.layers import Dense, Conv2D, BatchNormalization, Dropout, MaxPool2D, Input, Softmax, Activation, Flatten from tensorflow.keras.models import Model from tensorflow.keras.preprocessing.image import ImageDataGenerator from tensorflow.keras.layers import MaxPooling2D from tensorflow.keras.utils import to_categorical classifier = KerasClassifier(model=model, clip_values=(1, 100), use_logits=False) classifier.fit(X_train, y_train, batch_size=64, nb_epochs=3) predictions = classifier.predict(X_val) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_val, axis=1)) / len(y_val) print('Accuracy on benign test examples: {}%'.format(accuracy * 100)) #Generate adversarial test examples attack = FastGradientMethod(classifier=classifier, eps=0.2) x_test_adv = attack.generate(x=X_val) #Evaluate the ART classifier on adversarial test examples predictions = classifier.predict(x_test_adv) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_val, axis=1)) / len(y_val) print('Accuracy on adversarial test examples: {}%'.format(accuracy * 100))
make_model_parallel(model) return Model(image, output) # Read MNIST dataset (x_train, y_train), (x_test, y_test), min_, max_ = load_mnist() # Construct and train a convolutional neural network on MNIST using Keras source = cnn_mnist_k() source.compile(loss=keras.losses.categorical_crossentropy, optimizer=Adam(lr=0.01), metrics=['accuracy']) source = KerasClassifier(clip_values=(min_, max_), model=source, use_logits=False) source.fit(x_train, y_train, nb_epochs=5, batch_size=128) # Craft adversarial samples with DeepFool adv_crafter = DeepFool(source) x_test_adv = adv_crafter.generate(x_test) # Compare with existing Adversarial Training (from ART) robust_classifier = load_model('saved_models/mnist_cnn_robust.h5') robust_classifier = KerasClassifier(clip_values=(0, 1), model=robust_classifier, use_logits=False) print('compare_transfer.py for mnist dataset v2') print('based on inf norm') # Normal images original_model = load_model('saved_models/mnist_cnn_original.h5') # original
activation='relu', input_shape=x_train.shape[1:])) model.add(Conv2D(64, (3, 3), activation='relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(128, activation='relu')) model.add(Dropout(0.5)) model.add(Dense(10, activation='softmax')) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) classifier = KerasClassifier(model=model, clip_values=(min_, max_)) classifier.fit(x_train, y_train, nb_epochs=5, batch_size=128) # Evaluate the classifier on the test set preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("\nTest accuracy: %.2f%%" % (acc * 100)) # Craft adversarial samples with FGSM epsilon = .1 # Maximum perturbation adv_crafter = FastGradientMethod(classifier, eps=epsilon) x_test_adv = adv_crafter.generate(x=x_test) # Evaluate the classifier on the adversarial examples preds = np.argmax(classifier.predict(x_test_adv), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("\nTest accuracy on adversarial sample: %.2f%%" % (acc * 100))
class TestActivationDefence(unittest.TestCase): # python -m unittest discover art/ -p 'activation_defence_unittest.py' def setUp(self): (self.x_train, self.y_train), (x_test, y_test), min_, max_ = load_dataset(str('mnist')) self.x_train = self.x_train[:300] self.y_train = self.y_train[:300] k.set_learning_phase(1) model = Sequential() model.add( Conv2D(32, kernel_size=(3, 3), activation='relu', input_shape=self.x_train.shape[1:])) model.add(Conv2D(64, (3, 3), activation='relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(128, activation='relu')) model.add(Dropout(0.5)) model.add(Dense(10, activation='softmax')) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) self.classifier = KerasClassifier((min_, max_), model=model) self.classifier.fit(self.x_train, self.y_train, nb_epochs=1, batch_size=128) self.defence = ActivationDefence(self.classifier, self.x_train, self.y_train) # def tearDown(self): # self.classifier.dispose() # self.x_train.dispose() # self.y_train.dispose() @unittest.expectedFailure def test_wrong_parameters_1(self): self.defence.set_params(n_clusters=0) @unittest.expectedFailure def test_wrong_parameters_2(self): self.defence.set_params(clustering_method='what') @unittest.expectedFailure def test_wrong_parameters_3(self): self.defence.set_params(reduce='what') @unittest.expectedFailure def test_wrong_parameters_4(self): self.defence.set_params(cluster_analysis='what') def test_activations(self): activations = self.defence._get_activations() self.assertEqual(len(self.x_train), len(activations)) def test_output_clusters(self): n_classes = self.classifier.nb_classes for n_clusters in range(2, 5): clusters_by_class, red_activations_by_class = self.defence.cluster_activations( n_clusters=n_clusters) # Verify expected number of classes self.assertEqual(np.shape(clusters_by_class)[0], n_classes) # Check we get the expected number of clusters: found_clusters = len(np.unique(clusters_by_class[0])) self.assertEqual(found_clusters, n_clusters) # Check right amount of data n_dp = 0 for i in range(0, n_classes): n_dp += len(clusters_by_class[i]) self.assertEqual(len(self.x_train), n_dp) def test_detect_poison(self): confidence_level, is_clean_lst = self.defence.detect_poison( n_clusters=2, ndims=10, reduce='PCA') sum_clean1 = sum(is_clean_lst) # Check number of items in is_clean self.assertEqual(len(self.x_train), len(is_clean_lst)) self.assertEqual(len(self.x_train), len(confidence_level)) # Test right number of clusters found_clusters = len(np.unique(self.defence.clusters_by_class[0])) self.assertEqual(found_clusters, 2) confidence_level, is_clean_lst = self.defence.detect_poison( n_clusters=3, ndims=10, reduce='PCA', cluster_analysis='distance') self.assertEqual(len(self.x_train), len(is_clean_lst)) self.assertEqual(len(self.x_train), len(confidence_level)) # Test change of state to new number of clusters: found_clusters = len(np.unique(self.defence.clusters_by_class[0])) self.assertEqual(found_clusters, 3) # Test clean data has changed sum_clean2 = sum(is_clean_lst) self.assertNotEqual(sum_clean1, sum_clean2) confidence_level, is_clean_lst = self.defence.detect_poison( n_clusters=2, ndims=10, reduce='PCA', cluster_analysis='distance') sum_dist = sum(is_clean_lst) confidence_level, is_clean_lst = self.defence.detect_poison( n_clusters=2, ndims=10, reduce='PCA', cluster_analysis='smaller') sum_size = sum(is_clean_lst) self.assertNotEqual(sum_dist, sum_size) def test_analyze_cluster(self): dist_clean_by_class = self.defence.analyze_clusters( cluster_analysis='distance') n_classes = self.classifier.nb_classes self.assertEqual(n_classes, len(dist_clean_by_class)) # Check right amount of data n_dp = 0 for i in range(0, n_classes): n_dp += len(dist_clean_by_class[i]) self.assertEqual(len(self.x_train), n_dp) sz_clean_by_class = self.defence.analyze_clusters( cluster_analysis='smaller') n_classes = self.classifier.nb_classes self.assertEqual(n_classes, len(sz_clean_by_class)) # Check right amount of data n_dp = 0 sum_sz = 0 sum_dis = 0 for i in range(0, n_classes): n_dp += len(sz_clean_by_class[i]) sum_sz += sum(sz_clean_by_class[i]) sum_dis += sum(dist_clean_by_class[i]) self.assertEqual(len(self.x_train), n_dp) # Very unlikely that they are the same self.assertNotEqual( sum_dis, sum_sz, msg='This is very unlikely to happen... there may be an error') if __name__ == '__main__': unittest.main()
def main(): try: print('See if poison model has been previously trained ') import pickle classifier = pickle.load(open('my_poison_classifier.p', 'rb')) print('Loaded model from pickle.... ') data_train = np.load('data_training.npz') x_train = data_train['x_train'] y_train = data_train['y_train'] is_poison_train = data_train['is_poison_train'] data_test = np.load('data_testing.npz') x_test = data_test['x_test'] y_test = data_test['y_test'] is_poison_test = data_test['is_poison_test'] except: # Read MNIST dataset (x_raw contains the original images): (x_raw, y_raw), (x_raw_test, y_raw_test), min_, max_ = load_mnist(raw=True) n_train = np.shape(x_raw)[0] num_selection = n_train random_selection_indices = np.random.choice(n_train, num_selection) x_raw = x_raw[random_selection_indices] y_raw = y_raw[random_selection_indices] # Poison training data perc_poison = .33 (is_poison_train, x_poisoned_raw, y_poisoned_raw) = generate_backdoor(x_raw, y_raw, perc_poison) x_train, y_train = preprocess(x_poisoned_raw, y_poisoned_raw) # Add channel axis: x_train = np.expand_dims(x_train, axis=3) # Poison test data (is_poison_test, x_poisoned_raw_test, y_poisoned_raw_test) = generate_backdoor(x_raw_test, y_raw_test, perc_poison) x_test, y_test = preprocess(x_poisoned_raw_test, y_poisoned_raw_test) # Add channel axis: x_test = np.expand_dims(x_test, axis=3) # Shuffle training data so poison is not together n_train = np.shape(y_train)[0] shuffled_indices = np.arange(n_train) np.random.shuffle(shuffled_indices) x_train = x_train[shuffled_indices] y_train = y_train[shuffled_indices] is_poison_train = is_poison_train[shuffled_indices] # Save data used for training and testing split: np.savez('data_training.npz', x_train=x_train, y_train=y_train, is_poison_train=is_poison_train, x_raw=x_poisoned_raw) np.savez('data_testing.npz', x_test=x_test, y_test=y_test, is_poison_test=is_poison_test, x_raw_test=x_poisoned_raw_test) # Create Keras convolutional neural network - basic architecture from Keras examples # Source here: https://github.com/keras-team/keras/blob/master/examples/mnist_cnn.py k.set_learning_phase(1) model = Sequential() model.add(Conv2D(32, kernel_size=(3, 3), activation='relu', input_shape=x_train.shape[1:])) model.add(Conv2D(64, (3, 3), activation='relu')) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Dropout(0.25)) model.add(Flatten()) model.add(Dense(128, activation='relu')) model.add(Dropout(0.5)) model.add(Dense(10, activation='softmax')) model.compile(loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy']) classifier = KerasClassifier((min_, max_), model=model) classifier.fit(x_train, y_train, nb_epochs=50, batch_size=128) print('Saving poisoned model: ') pickle.dump(classifier, open('my_poison_classifier.p', 'wb')) # Also saving for Anu: file_name = 'anu_poison_mnist' model.save(file_name + '.hdf5') model_json = model.to_json() with open(file_name + '.json', "w") as json_file: json_file.write(model_json) # Evaluate the classifier on the test set preds = np.argmax(classifier.predict(x_test), axis=1) acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0] print("\nTest accuracy: %.2f%%" % (acc * 100)) # Evaluate the classifier on poisonous data preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0] print("\nPoisonous test set accuracy (i.e. effectiveness of poison): %.2f%%" % (acc * 100)) # Evaluate the classifier on clean data preds = np.argmax(classifier.predict(x_test[is_poison_test == 0]), axis=1) acc = np.sum(preds == np.argmax(y_test[is_poison_test == 0], axis=1)) / y_test[is_poison_test == 0].shape[0] print("\nClean test set accuracy: %.2f%%" % (acc * 100)) # Calling poisoning defence: defence = ActivationDefence(classifier, x_train, y_train) # End-to-end method: print("------------------- Results using size metric -------------------") print(defence.get_params()) defence.detect_poison(n_clusters=2, ndims=10, reduce="PCA") # Now fix the model x_new, y_fix = correct_poisoned_labels(x_train, y_train, is_poison_train) improvement = defence.relabel_poison_ground_truth(x_new, y_fix, test_set_split=0.7, tolerable_backdoor=0.001, max_epochs=5, batch_epochs=10) # Evaluate the classifier on poisonous data after backdoor fix: preds = np.argmax(classifier.predict(x_test[is_poison_test]), axis=1) acc_after = np.sum(preds == np.argmax(y_test[is_poison_test], axis=1)) / y_test[is_poison_test].shape[0] print("\nPoisonous test set accuracy (i.e. effectiveness of poison) after backdoor fix: %.2f%%" % (acc_after * 100)) print("\n Improvement after training: ", improvement) print('before: ', acc, ' after: ', acc_after) print("done :) ")
verbose=1, save_best_only=True) lr_scheduler = LearningRateScheduler(lr_schedule) lr_reducer = ReduceLROnPlateau(factor=np.sqrt(0.1), cooldown=0, patience=5, min_lr=0.5e-6) callbacks = [checkpoint, lr_reducer, lr_scheduler] _c = KerasClassifier(model=model) _c.fit(x_train, y_train, batch_size=batch_size, nb_epochs=50, validation_data=(x_test, y_test), shuffle=True, callbacks=callbacks) # Score trained model. scores = model.evaluate(x_test, y_test, verbose=1) print('Test loss:', scores[0]) print('Test accuracy:', scores[1]) save_clf(_c, '/home/surthi/models/cifar10/', 'resnet_clf_bn.h5', 'resnet_clf_model_bn.h5') return _c # Train CIFAR RESNET WITH AND WITHOUT BN MODELS cifar_resnet_bn = fitResNet(batch_normalization=True) cifar_resnet_no_bn = fitResNet(batch_normalization=False)
def get_vanilla_model(x_train, y_train, batch_norm=False): # os.chdir('/home/surthi') # _m = tf.keras.models.load_model('data/lid_model_cifar.h5') m = Sequential() m.add(Conv2D(32, (3, 3), padding='same', input_shape=(32, 32, 3))) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(Conv2D(32, (3, 3), padding='same')) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(MaxPooling2D(pool_size=(2, 2))) # layer 5 m.add(Conv2D(64, (3, 3), padding='same')) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(Conv2D(64, (3, 3), padding='same')) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(MaxPooling2D(pool_size=(2, 2))) # layer 10 m.add(Conv2D(128, (3, 3), padding='same')) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(Conv2D(128, (3, 3), padding='same')) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(MaxPooling2D(pool_size=(2, 2))) # layer 15 m.add(Flatten()) m.add(Dropout(0.5)) m.add(Dense(1024, kernel_regularizer=l2(0.001), bias_regularizer=l2(0.001))) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) # layer19 m.add(Dropout(0.5)) m.add(Dense(512, kernel_regularizer=l2(0.001), bias_regularizer=l2(0.001))) m.add(Activation('relu')) if(batch_norm): m.add(BatchNormalization()) m.add(Dropout(0.5)) m.add(Dense(10)) m.add(Activation('softmax')) m.compile( loss='categorical_crossentropy', optimizer='adam', metrics=['accuracy'] ) c = KerasClassifier(model=m) c.fit(x_train, y_train, nb_epochs=50, batch_size=128) # os.chdir('/home/surthi/adversarial-robustness-toolbox/') return c
kernel_size=(5, 5), strides=1, activation='relu', input_shape=(28, 28, 1))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add( Conv2D(filters=10, kernel_size=(5, 5), strides=1, activation='relu', input_shape=(23, 23, 4))) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(100, activation='relu')) model.add(Dense(10, activation='softmax')) model.compile(loss=keras.losses.categorical_crossentropy, optimizer=keras.optimizers.SGD(lr=0.01), metrics=['accuracy']) # Step 3: Create the ART classifier classifier = KerasClassifier(model=model, clip_values=(min_pixel_value, max_pixel_value), use_logits=False) # Step 4: Train the ART classifier classifier.fit(x_train, y_train, batch_size=32, nb_epochs=10) classifier.save('cnn_simple_mnist.model')