def adv_data(self, data, output, ep=0.3, num_steps=40):
# """
# Generate input(adversarial) data for training.
# """
adversary = FGSM(self.model)
data_adv = adversary.generate(data, output.flatten(), epsilon=ep)
output = self.model(data_adv)
return data_adv, output
def adv_data(self, data, output, ep = 0.3, num_steps = 40):
# """
# Generate input(adversarial) data for training.
# """
delta = torch.zeros_like(data).uniform_(-ep, ep).to(self.device)
data = delta + data
adversary = FGSM(self.model)
data_adv = adversary.generate(data, output.flatten(), epsilon = ep)
output = self.model(data_adv)
return data_adv, output
def adv_data(self, data, output, ep=0.3, num_steps=40):
"""Generate adversarial data for training.
Parameters
----------
data :
data
output :
output
ep :
epsilon, perturbation budget.
num_steps :
iteration steps
"""
# """
# Generate input(adversarial) data for training.
# """
adversary = FGSM(self.model)
data_adv = adversary.generate(data, output.flatten(), epsilon=ep)
output = self.model(data_adv)
return data_adv, output
# load model
model = load_net(args.attack_model, args.file_name, args.path)
print("===== START ATTACK =====")
if(args.attack_method == "PGD"):
from deeprobust.image.attack.pgd import PGD
test_loader = generate_dataloader(args.dataset, args.batch_size)
attack_method = PGD(model, args.device)
utils.tab_printer(args)
run_attack(attack_method, args.batch_size, args.batch_num, args.device, test_loader, epsilon = args.epsilon)
elif(args.attack_method == "FGSM"):
from deeprobust.image.attack.fgsm import FGSM
test_loader = generate_dataloader(args.dataset, args.batch_size)
attack_method = FGSM(model, args.device)
utils.tab_printer(args)
run_attack(attack_method, args.batch_size, args.batch_num, args.device, test_loader, epsilon = args.epsilon)
elif(args.attack_method == "LBFGS"):
from deeprobust.image.attack.lbfgs import LBFGS
try:
if (args.batch_size >1):
raise ValueError("batch_size shouldn't be larger than 1.")
except ValueError:
args.batch_size = 1
try:
if (args.random_targeted == 0 and args.target_label == -1):
raise ValueError("No target label assigned. Random generate target for each input.")
except ValueError:
model.load_state_dict(torch.load(args.destination + args.filename))
model.eval()
print("Finish loading network.")
xx = datasets.MNIST('./', download=False).data[999:1000].to('cuda')
xx = xx.unsqueeze_(1).float() / 255
#print(xx.size())
## Set Target
yy = datasets.MNIST('./', download=False).targets[999:1000].to('cuda')
"""
Generate adversarial examples
"""
F1 = FGSM(model, device="cuda") ### or cuda
AdvExArray = F1.generate(xx, yy, **attack_params['FGSM_MNIST'])
predict0 = model(xx)
predict0 = predict0.argmax(dim=1, keepdim=True)
predict1 = model(AdvExArray)
predict1 = predict1.argmax(dim=1, keepdim=True)
print("original prediction:")
print(predict0)
print("attack prediction:")
print(predict1)
xx = xx.cpu().detach().numpy()
print('Downloading example model...')
with open(example_model_path, 'wb') as f:
f.write(r.content)
print('Downloaded.')
# set parameters
n_splits = 10
batch_size = 32
batch_num = 1000
device = 'cuda'
epsilon = 0.3
attack_model = 'CNN'
file_name = 'MNIST_CNN_epoch_20.pt'
path = './trained_models/'
model = load_net(attack_model, file_name, path)
attack_method = FGSM(model, device)
evaluate_perturbation(n_splits,
attack_method,
batch_size,
batch_num,
device,
train_loader,
epsilon=epsilon)
# # read arguments
# args = parameter_parser() # read argument and creat an argparse object
# # download example model
# example_model_path = './trained_models/MNIST_CNN_epoch_20.pt'
# if not (os.path.exists('./trained_models')):