Esempio n. 1
0
def zoo_attack(dataset):
    if dataset == 'cifar10':
        train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data()
        net = CIFAR10()
    else:
        train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
        net = MNIST()

    if torch.cuda.is_available():
        net.cuda()
        net = torch.nn.DataParallel(net, device_ids=[0])
    
    if dataset == 'cifar10':
        load_model(net, 'models/cifar10_gpu.pt')
    else:
        load_model(net, 'models/mnist_gpu.pt')
    #save_model(net,'./models/mnist.pt')
    net.eval()

    model = net.module

    #num_images = 10
    test_dataset = dsets.MNIST(root='./data/mnist', train=True, transform=transforms.ToTensor(), download=False)
    test_loader = torch.utils.data.DataLoader(dataset=test_dataset, batch_size=1, shuffle=False)

    for i, (image, label) in enumerate(test_loader):
        #print("\n\n\n\n======== Image %d =========" % i)
        #show_image(image.numpy())
        print("Original label:" , label)
        print("Predicted label:" , model.predict_batch(image))
        adversarial = attack(image, label, model, 1)
        print("Predicted label for adversarial example: ", model.predict_batch(adversarial))
        #print("mindist: ", mindist)
        #print(theta)
    '''
Esempio n. 2
0
def boundary_attack_mnist():
    train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
    net = MNIST()
    if torch.cuda.is_available():
        net.cuda()
        net = torch.nn.DataParallel(net, device_ids=[0])
        #net = torch.nn.DataParallel(net, device_ids=range(torch.cuda.device_count()))

    load_model(net, 'models/mnist_gpu.pt')
    #load_model(net, 'models/mnist.pt')
    net.eval()

    model = net.module if torch.cuda.is_available() else net

    num_images = 50

    print("\n\n\n\n\n Running on first {} images \n\n\n".format(num_images))

    distortion_fix_sample = 0.0

    for i, (image, label) in enumerate(test_dataset):
        if i >= num_images:
            break
        print("\n\n\n\n======== Image %d =========" % i)
        #show_image(image.numpy())
        print("Original label: ", label)
        print("Predicted label: ", model.predict(image))

        adversarial = attack_untargeted(model,
                                        train_dataset,
                                        image,
                                        label,
                                        alpha=alpha,
                                        beta=beta)
        #show_image(adversarial.numpy())
        print("Predicted label for adversarial example: ",
              model.predict(adversarial))
        distortion_fixsample += torch.norm(adversarial - image)

    print("\n\n\n\n\n Running on {} random images \n\n\n".format(num_images))

    distortion_random_sample = 0.0
Esempio n. 3
0
def attack_mnist(alpha):
    train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
    net = MNIST()
    #train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data()
    #net = CIFAR10()
    if torch.cuda.is_available():
        net.cuda()
        net = torch.nn.DataParallel(net, device_ids=[0])
        #net = torch.nn.DataParallel(net, device_ids=range(torch.cuda.device_count()))
        
    load_model(net, 'models/mnist_gpu.pt')
    #load_model(net, 'models/cifar10.pt')
    net.eval()

    model = net.module if torch.cuda.is_available() else net

    num_images = 10
    
    print("\n\n\n\n\n Running on {} random images \n\n\n".format(num_images))
    distortion_random_sample = 0.0

    random.seed(0)
    for _ in range(num_images):
        idx = random.randint(100, len(test_dataset)-1)
        #idx = 3743
        image, label = test_dataset[idx]
        print("\n\n\n\n======== Image %d =========" % idx)
        targets = list(range(10))
        targets.pop(label)
        target = random.choice(targets)
        #target = 4
        #target = None   #--> uncomment of untarget
        distortion_random_sample += attack_single(model, train_loader, image, label, target, alpha)

    #print("\n\n\n\n\n Running on first {} images \n\n\n".format(num_images))
    print("Average distortion on random {} images is {}".format(num_images, distortion_random_sample/num_images))
    '''
def attack_mnist(alpha=0.2, beta=0.001, isTarget=False, num_attacks=100):
    train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
    print("Length of test_set: ", len(test_dataset))
    #dataset = train_dataset

    net = MNIST()
    if torch.cuda.is_available():
        net.cuda()
        net = torch.nn.DataParallel(net, device_ids=[0])

    load_model(net, 'models/mnist_gpu.pt')
    #load_model(net, 'models/mnist_cpu.pt')
    net.eval()

    model = net.module if torch.cuda.is_available() else net

    def single_attack(image, label, target=None):
        show_image(image.numpy())
        print("Original label: ", label)
        print("Predicted label: ", model.predict(image))
        if target == None:
            adversarial = attack_untargeted(model,
                                            image,
                                            label,
                                            alpha=alpha,
                                            beta=beta,
                                            iterations=1000)
        else:
            print("Targeted attack: %d" % target)
            adversarial = attack_targeted(model,
                                          image,
                                          label,
                                          target,
                                          alpha=alpha,
                                          beta=beta,
                                          iterations=1000)
        show_image(adversarial.numpy())
        print("Predicted label for adversarial example: ",
              model.predict(adversarial))
        return torch.norm(adversarial - image)

    print(
        "\n\n Running {} attack on {} random  MNIST test images for alpha= {} beta= {}\n\n"
        .format("targetted" if isTarget else "untargetted", num_attacks, alpha,
                beta))
    total_distortion = 0.0

    samples = [
        6312, 6891, 4243, 8377, 7962, 6635, 4970, 7809, 5867, 9559, 3579, 8269,
        2282, 4618, 2290, 1554, 4105, 9862, 2408, 5082, 1619, 1209, 5410, 7736,
        9172, 1650, 5181, 3351, 9053, 7816, 7254, 8542, 4268, 1021, 8990, 231,
        1529, 6535, 19, 8087, 5459, 3997, 5329, 1032, 3131, 9299, 3910, 2335,
        8897, 7340, 1495, 5244, 8323, 8017, 1787, 4939, 9032, 4770, 2045, 8970,
        5452, 8853, 3330, 9883, 8966, 9628, 4713, 7291, 9770, 6307, 5195, 9432,
        3967, 4757, 3013, 3103, 3060, 541, 4261, 7808, 1132, 1472, 2134, 634,
        1315, 8858, 6411, 8595, 4516, 8550, 3859, 3526
    ]
    #true_labels = [3, 1, 6, 6, 9, 2, 7, 5, 5, 3, 3, 4, 5, 6, 7, 9, 1, 6, 3, 4, 0, 6, 5, 9, 7, 0, 3, 1, 6, 6, 9, 6, 4, 7, 6, 3, 4, 3, 4, 3, 0, 7, 3, 5, 3, 9, 3, 1, 9, 1, 3, 0, 2, 9, 9, 2, 2, 3, 3, 3, 0, 5, 2, 5, 2, 7, 2, 2, 5, 7, 4, 9, 9, 0, 0, 7, 9, 4, 5, 5, 2, 3, 5, 9, 3, 0, 9, 0, 1, 2, 9, 9]
    for idx in samples:
        #idx = random.randint(100, len(test_dataset)-1)
        image, label = test_dataset[idx]
        print("\n\n\n\n======== Image %d =========" % idx)
        #target = None if not isTarget else random.choice(list(range(label)) + list(range(label+1, 10)))
        target = None if not isTarget else (1 + label) % 10
        total_distortion += single_attack(image, label, target)

    print("Average distortion on random {} images is {}".format(
        num_attacks, total_distortion / num_attacks))