def test_add_attack(self): """Test that an attack can be added""" classifier = DummyClassifier() attack = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier, attack, 1) assert attack_pairs.attack_pairs == [{ 'classifier': classifier, 'attack': attack, 'belief': 1 }]
def test_get_beliefs(self): """Test that you can get the current beliefs as a numpy array""" classifier = DummyClassifier() attack = DummyPoisonAttack() attack_pairs = AttackPairs() assert np.array_equal(attack_pairs.get_beliefs(), np.zeros((0, ))) attack_pairs.add(classifier, attack, 1) assert np.array_equal(attack_pairs.get_beliefs(), np.array([1])) attack_pairs.add(classifier, attack, 1) assert np.array_equal(attack_pairs.get_beliefs(), np.array([1, 1]))
def test_fit_predict_all(self): """Test that you can fit and predict on all classifiers""" classifier_1 = DummyClassifier() attack_1 = DummyPoisonAttack() classifier_2 = DummyClassifier() attack_2 = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier_1, attack_1, 1) attack_pairs.add(classifier_2, attack_2, 1) attack_pairs.fit_all(X, Y) y_out = attack_pairs.predict_all(X) assert isinstance(y_out, np.ndarray) assert y_out.shape == (X.shape[0], 2)
def test_get_attack_point(self): """Test that you can get an attack point from a particular attack""" classifier_1 = DummyClassifier() attack_1 = DummyPoisonAttack() classifier_2 = DummyClassifier() attack_2 = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier_1, attack_1, 1) attack_pairs.add(classifier_2, attack_2, 1) attack_pairs.fit_all(X, Y) (x_attack_1, y_attack_1) = attack_pairs.get_attack_point(0) assert isinstance(x_attack_1, np.ndarray) assert x_attack_1.shape == (1, 2) (x_attack_2, y_attack_2) = attack_pairs.get_attack_point(1) assert isinstance(x_attack_1, np.ndarray) assert x_attack_1.shape == (1, 2)
def test_poison_ensemble(self): classifier_1 = DummyClassifier() attack_1 = DummyPoisonAttack() classifier_2 = DummyClassifier() attack_2 = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier_1, attack_1, 1) attack_pairs.add(classifier_2, attack_2, 1) attack_pairs.fit_all(X, Y) ensemble = PoisonEnsemble(attack_pairs, X) defender = DummyClassifier() ensemble.poison(defender)
def test_set_beliefs(self): """Test that you can set the current beliefs as a numpy array""" classifier = DummyClassifier() attack = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier, attack, 1) rand_beliefs_1 = np.random.rand(1) attack_pairs.set_beliefs(rand_beliefs_1) assert np.array_equal(attack_pairs.get_beliefs(), rand_beliefs_1) attack_pairs.add(classifier, attack, 1) rand_beliefs_2 = np.random.rand(2) attack_pairs.set_beliefs(rand_beliefs_2) assert np.array_equal(attack_pairs.get_beliefs(), rand_beliefs_2) attack_pairs.add(classifier, attack, 1) rand_beliefs_3 = np.random.rand(3) attack_pairs.set_beliefs(rand_beliefs_3) assert np.array_equal(attack_pairs.get_beliefs(), rand_beliefs_3)
def test_setup_empty(self): """Test that the list of attack pairs is empty initially""" attack_pairs = AttackPairs() assert attack_pairs.attack_pairs == list()
def test_normalize_belief(self): """Test that the beliefs can be normalized""" classifier = DummyClassifier() attack = DummyPoisonAttack() attack_pairs = AttackPairs() attack_pairs.add(classifier, attack, 1) attack_pairs.add(classifier, attack, 1) attack_pairs.add(classifier, attack, 1) attack_pairs.normalize_beliefs() assert np.array_equal(attack_pairs.get_beliefs(), np.array([1.0, 1.0, 1.0]) / 3) rand_beliefs_3 = np.random.rand(3) attack_pairs.set_beliefs(rand_beliefs_3) attack_pairs.normalize_beliefs() assert np.array_equal(attack_pairs.get_beliefs(), rand_beliefs_3 / np.sum(rand_beliefs_3))
X, y = make_blobs(n_samples=100, centers=centers, cluster_std=0.4, n_features=2, random_state=0) y = (y * 2) - 1 matplotlib.rcParams['axes.unicode_minus'] = False fig, ax = plt.subplots() ax.scatter(X[:, 0], X[:, 1], c=y) ax.set_autoscale_on(True) ax.set_title('Toy Gaussian Dataset') plt.show() # Attack Stuff attack_pairs = AttackPairs() # Setup Regular Lasso lasso_classifier = OnlineLasso() lasso_attack = LinearAttack(boundary=np.array([[-10, -10], [10, 10]]), lasso_lambda=0.01) attack_pairs.add(lasso_classifier, lasso_attack, 1) # Setup Outlier Lasso steps = [('KthNeighbor', KthNeighbor(outlier_distance_threshold=1)), ('OnlineLasso', OnlineLasso())] lasso_outlier_classifier = Pipeline(steps) lasso_outlier_attack = LinearAttack(boundary=np.array([[-10, -10], [10, 10]]), lasso_lambda=0.01, outlier_method='distancethreshold', outlier_distance_threshold=1)
steps = [('KthNeighbor', KthNeighbor(outlier_distance_threshold=distance_threshold)), ('Lasso', OnlineLasso(alpha=alpha_lambda))] lasso_outlier = Pipeline(steps) # Setup Attacks attack_lasso = GeneralTikhonovAttack(lasso_lambda=alpha_lambda, step_size=5000, max_steps=1000) attack_lasso_outlier = GeneralTikhonovAttack(lasso_lambda=alpha_lambda, step_size=5000, max_steps=1000, outlier_method='distancethreshold', outlier_distance_threshold=distance_threshold) # Setup Attack Pairs attack_pairs = AttackPairs() attack_pairs.add(lasso, attack_lasso, 1) attack_pairs.add(lasso_outlier, attack_lasso_outlier, 1) attack_pairs.fit_all(data_train_x, data_train_y) # Setup Ensemble ensemble = PoisonEnsemble(attack_pairs, data_test_x, defender=defender) beliefs = np.zeros((num_steps+1, 2)) beliefs[0, :] = np.array([0.5, 0.5]) for t in range(num_steps): ensemble.poison_single() beliefs[t+1, :] = ensemble.attack_pairs.get_beliefs() print(beliefs)