def test_generate_default(art_warning, fix_get_mnist_subset,
image_dl_estimator):
try:
classifier, _ = image_dl_estimator(from_logits=True)
attack = AutoAttack(
estimator=classifier,
norm=np.inf,
eps=0.3,
eps_step=0.1,
attacks=None,
batch_size=32,
estimator_orig=None,
)
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.0292,
abs=0.105)
assert np.max(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.3, abs=0.05)
except ARTTestException as e:
art_warning(e)
def test_generate_default(fix_get_mnist_subset, is_tf_version_2):
if is_tf_version_2:
classifier, _ = get_image_classifier_tf(from_logits=True)
attack = AutoAttack(
estimator=classifier,
norm=np.inf,
eps=0.3,
eps_step=0.1,
attacks=None,
batch_size=32,
estimator_orig=None,
)
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.0292,
abs=0.105)
assert np.max(np.abs(x_train_mnist_adv -
x_train_mnist)) == pytest.approx(0.3, abs=0.05)
def test_check_params(art_warning, image_dl_estimator_for_attack):
try:
from art.attacks.evasion import FastGradientMethod
classifier = image_dl_estimator_for_attack(AutoAttack)
attacks = [FastGradientMethod(estimator=classifier)]
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, norm=0)
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, eps="1")
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, eps=-1.0)
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, eps_step="1")
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, eps_step=-1.0)
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, batch_size=1.0)
with pytest.raises(ValueError):
_ = AutoAttack(classifier, attacks=attacks, batch_size=-1)
except ARTTestException as e:
art_warning(e)
def test_generate_attacks_and_targeted(fix_get_mnist_subset, is_tf_version_2):
classifier, _ = get_image_classifier_tf(from_logits=True)
norm = np.inf
eps = 0.3
eps_step = 0.1
batch_size = 32
attacks = list()
attacks.append(
AutoProjectedGradientDescent(
estimator=classifier,
norm=norm,
eps=eps,
eps_step=eps_step,
max_iter=100,
targeted=True,
nb_random_init=5,
batch_size=batch_size,
loss_type="cross_entropy",
))
if is_tf_version_2:
loss_type_2 = "difference_logits_ratio"
else:
loss_type_2 = "cross_entropy"
attacks.append(
AutoProjectedGradientDescent(
estimator=classifier,
norm=norm,
eps=eps,
eps_step=eps_step,
max_iter=100,
targeted=False,
nb_random_init=5,
batch_size=batch_size,
loss_type=loss_type_2,
))
attacks.append(
DeepFool(classifier=classifier,
max_iter=100,
epsilon=1e-6,
nb_grads=3,
batch_size=batch_size))
attacks.append(
SquareAttack(estimator=classifier,
norm=norm,
max_iter=5000,
eps=eps,
p_init=0.8,
nb_restarts=5))
(x_train_mnist, y_train_mnist, x_test_mnist,
y_test_mnist) = fix_get_mnist_subset
# First test with defined_attack_only=False
attack = AutoAttack(
estimator=classifier,
norm=norm,
eps=eps,
eps_step=eps_step,
attacks=attacks,
batch_size=batch_size,
estimator_orig=None,
targeted=False,
)
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
0.0182, abs=0.105)
assert np.max(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
0.3, abs=0.05)
# Then test with defined_attack_only=True
attack = AutoAttack(
estimator=classifier,
norm=norm,
eps=eps,
eps_step=eps_step,
attacks=attacks,
batch_size=batch_size,
estimator_orig=None,
targeted=True,
)
x_train_mnist_adv = attack.generate(x=x_train_mnist, y=y_train_mnist)
assert np.mean(x_train_mnist_adv - x_train_mnist) == pytest.approx(
0.0179, abs=0.0075)
assert np.max(np.abs(x_train_mnist_adv - x_train_mnist)) == pytest.approx(
eps, abs=0.005)