class TestLBFGS(CleverHansTest):
def setUp(self):
super(TestLBFGS, self).setUp()
self.sess = tf.Session()
self.model = SimpleModel()
self.attack = LBFGS(self.model, sess=self.sess)
def test_generate_np_targeted_gives_adversarial_example(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x_adv = self.attack.generate_np(x_val, max_iterations=100,
binary_search_steps=3,
initial_const=1,
clip_min=-5, clip_max=5,
batch_size=100, y_target=feed_labs)
new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1)
self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs)
> 0.9)
def test_generate_targeted_gives_adversarial_example(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x = tf.placeholder(tf.float32, x_val.shape)
y = tf.placeholder(tf.float32, feed_labs.shape)
x_adv_p = self.attack.generate(x, max_iterations=100,
binary_search_steps=3,
initial_const=1,
clip_min=-5, clip_max=5,
batch_size=100, y_target=y)
x_adv = self.sess.run(x_adv_p, {x: x_val, y: feed_labs})
new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1)
self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs)
> 0.9)
def test_generate_np_gives_clipped_adversarial_examples(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x_adv = self.attack.generate_np(x_val, max_iterations=10,
binary_search_steps=1,
initial_const=1,
clip_min=-0.2, clip_max=0.3,
batch_size=100, y_target=feed_labs)
self.assertTrue(-0.201 < np.min(x_adv))
self.assertTrue(np.max(x_adv) < .301)
class TestLBFGS(CleverHansTest):
def setUp(self):
super(TestLBFGS, self).setUp()
self.sess = tf.Session()
self.model = SimpleModel()
self.attack = LBFGS(self.model, sess=self.sess)
def test_generate_np_targeted_gives_adversarial_example(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x_adv = self.attack.generate_np(x_val, max_iterations=100,
binary_search_steps=3,
initial_const=1,
clip_min=-5, clip_max=5,
batch_size=100, y_target=feed_labs)
new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1)
self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs)
> 0.9)
def test_generate_targeted_gives_adversarial_example(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x = tf.placeholder(tf.float32, x_val.shape)
y = tf.placeholder(tf.float32, feed_labs.shape)
x_adv_p = self.attack.generate(x, max_iterations=100,
binary_search_steps=3,
initial_const=1,
clip_min=-5, clip_max=5,
batch_size=100, y_target=y)
x_adv = self.sess.run(x_adv_p, {x: x_val, y: feed_labs})
new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1)
self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs)
> 0.9)
def test_generate_np_gives_clipped_adversarial_examples(self):
x_val = np.random.rand(100, 2)
x_val = np.array(x_val, dtype=np.float32)
feed_labs = np.zeros((100, 2))
feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1
x_adv = self.attack.generate_np(x_val, max_iterations=10,
binary_search_steps=1,
initial_const=1,
clip_min=-0.2, clip_max=0.3,
batch_size=100, y_target=feed_labs)
self.assertTrue(-0.201 < np.min(x_adv))
self.assertTrue(np.max(x_adv) < .301)
def lbfgs_attack(train_data,model,sess,tar_class):
adv_x = []
wrap = KerasModelWrapper(model)
lbfgs = LBFGS(wrap,sess=sess)
one_hot_target = np.zeros((train_data.shape[0], 10), dtype=np.float32)
one_hot_target[:, tar_class-1] = 1
for i in range(train_data.shape[0]//100):
print(one_hot_target[i*100:(i+1)*100].shape)
if i == 0:
adv_x = lbfgs.generate_np(x_val=train_data[i*100:(i+1)*100], max_iterations=10,
binary_search_steps=3,
initial_const=1,
batch_size=1,clip_min=-5, clip_max=5, y_target=one_hot_target[i*100:(i+1)*100])
else:
adv_x = np.concatenate((adv_x,lbfgs.generate_np(x_val=train_data[i*100:(i+1)*100], max_iterations=10,
binary_search_steps=3,
initial_const=1,
batch_size=1,clip_min=-5, clip_max=5, y_target=one_hot_target[i*100:(i+1)*100])))
return adv_x
def lbfgs_attack(train_data, model, sess, tar_class):
wrap = KerasModelWrapper(model)
lbfgs = LBFGS(wrap, sess=sess)
one_hot_target = np.zeros((train_data.shape[0], 10), dtype=np.float32)
one_hot_target[:, tar_class] = 1
adv_x = lbfgs.generate_np(train_data,
max_iterations=10,
binary_search_steps=3,
initial_const=1,
clip_min=-5,
clip_max=5,
batch_size=1,
y_target=one_hot_target)
return adv_x