コード例 #1
0
    def test_classifier_type_check_fail_classifier(self):
        # Use a useless test classifier to test basic classifier properties
        class ClassifierNoAPI:
            pass

        classifier = ClassifierNoAPI
        with self.assertRaises(TypeError) as context:
            _ = AdversarialPatch(classifier=classifier)

        self.assertIn(
            'For `AdversarialPatch` classifier must be an instance of '
            '`art.classifiers.classifier.Classifier`, the provided classifier is instance of '
            '(<class \'object\'>,).', str(context.exception))
コード例 #2
0
    def test_tfclassifier(self):
        """
        First test with the TFClassifier.
        :return:
        """
        # Build TFClassifier
        tfc, sess = get_classifier_tf()

        # Get MNIST
        (x_train, _), (_, _) = self.mnist

        # Attack
        attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
                         "learning_rate": 5.0, "number_of_steps": 5, "patch_shape": (28, 28, 1), "batch_size": 10}
        attack_ap = AdversarialPatch(tfc)
        patch_adv, _ = attack_ap.generate(x_train, **attack_params)

        self.assertTrue(patch_adv[8, 8, 0] - (-3.1106631027725005) < 0.01)
        self.assertTrue(patch_adv[14, 14, 0] - 18.954278294246386 < 0.01)
        self.assertTrue(np.sum(patch_adv) - 794.2447019737851 < 0.01)

        sess.close()
        tf.reset_default_graph()
コード例 #3
0
    def test_tensorflow(self):
        """
        First test with the TensorFlowClassifier.
        :return:
        """
        tfc, sess = get_classifier_tf()

        attack_ap = AdversarialPatch(tfc,
                                     rotation_max=22.5,
                                     scale_min=0.1,
                                     scale_max=1.0,
                                     learning_rate=5.0,
                                     batch_size=10,
                                     max_iter=500)
        patch_adv, _ = attack_ap.generate(self.x_train)

        self.assertAlmostEqual(patch_adv[8, 8, 0],
                               -3.1106631027725005,
                               delta=0.1)
        self.assertAlmostEqual(patch_adv[14, 14, 0], 18.101, delta=0.1)
        self.assertAlmostEqual(float(np.sum(patch_adv)), 624.867, delta=0.1)

        sess.close()
コード例 #4
0
    def test_failure_feature_vectors(self):
        attack_params = {"rotation_max": 22.5, "scale_min": 0.1, "scale_max": 1.0,
                         "learning_rate": 5.0, "number_of_steps": 5, "batch_size": 10}
        attack = AdversarialPatch(classifier=None)
        attack.set_params(**attack_params)
        data = np.random.rand(10, 4)

        # Assert that value error is raised for feature vectors
        with self.assertRaises(ValueError) as context:
            attack.generate(data)

        self.assertIn('Feature vectors detected.', str(context.exception))
コード例 #5
0
import numpy as np
from art.classifiers import KerasClassifier
from art.attacks import AdversarialPatch
from dataset import load_carla_test_dataset
from keras.models import load_model

test_data = load_carla_test_dataset()
x_test = np.array([i[0] for i in test_data], dtype='float32').reshape(
    (-1, 64, 64, 1))
y_test = np.array([i[1] for i in test_data])

model = load_model('model.h5')
classifier = KerasClassifier(model=model, clip_values=(0, 255))
model.summary()
predictions = classifier.predict(x_test)
acc = np.sum(
    np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on bening test examples: {}%".format(accuracy * 100))
attack = AdversarialPatch(classifier)
adv = attack.generate(x_test, y_test)

predictions = classifier.predict(adv)
accuracy = np.sum(
    np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on adversarial test examples: {}%".format(accuracy * 100))
コード例 #6
0
    im = image.img_to_array(im)
    im = np.expand_dims(im, axis=0)
    im = preprocessing_fn(im)
    images_list.append(im)

print(len(images_list))
images = images_list[:batch_size]
images = np.concatenate(images, axis=0)
mean, std = mean_std()

ap = AdversarialPatch(
    classifier=model,
    target=NUM,
    scale_min=scale_min,
    scale_max=scale_max,
    learning_rate=learning_rate,
    max_iter=max_iter,
    batch_size=batch_size, 
    clip_patch=[(-mean[0]/std[0], (1.0 - mean[0])/std[0]), 
                (-mean[1]/std[1], (1.0 - mean[1])/std[1]),
                (-mean[2]/std[2], (1.0 - mean[2])/std[2])]
)

label = NUM
y_one_hot = np.zeros(45)
y_one_hot[NUM] = 1.0
y_target = np.tile(y_one_hot, (images.shape[0], 1))
patch, patch_mask = ap.generate(x=images, y=y_target)
PATCH = (patch * patch_mask).astype(np.uint8)
IMAGE = Image.fromarray(PATCH)
IMAGE.save('patch.png')
print("Patch Generated and saved")
コード例 #7
0
def GetAttackers(classifier, x_test, attacker_name):
    """
    Function:
        Load classifier and generate adversarial samples
    """
    t_start = time.time()
    if attacker_name == "FGSM":
        attacker = FastGradientMethod(classifier=classifier, eps=0.03)
    elif attacker_name == "Elastic":
        attacker = ElasticNet(
            classifier=classifier,
            confidence=0.5,
            batch_size=x_test.shape[0],
        )
        # beta=1e-2, binary_search_steps=5, max_iter=20)
    elif attacker_name == "FGSM":
        attacker = FastGradientMethod(classifier=classifier, eps=0.05)
    elif attacker_name == "Elastic":
        attacker = ElasticNet(classifier=classifier,
                              binary_search_steps=5,
                              max_iter=20)
    elif attacker_name == "NewtonFool":
        attacker = NewtonFool(classifier=classifier, max_iter=20)
    elif attacker_name == "BasicIterativeMethod":
        attacker = BasicIterativeMethod(classifier=classifier, max_iter=20)
    elif attacker_name == "HopSkipJump":
        attacker = HopSkipJump(classifier=classifier, max_iter=20)
    elif attacker_name == "ZooAttack":
        attacker = ZooAttack(classifier=classifier, max_iter=20)
    elif attacker_name == "VirtualAdversarialMethod":
        attacker = VirtualAdversarialMethod(classifier=classifier, max_iter=20)
    elif attacker_name == "UniversalPerturbation":
        attacker = UniversalPerturbation(classifier=classifier,
                                         max_iter=1,
                                         eps=10.0)
    elif attacker_name == "CarliniL2":
        attacker = CarliniL2Method(classifier=classifier,
                                   confidence=0.5,
                                   learning_rate=0.001,
                                   max_iter=15)
    elif attacker_name == "CarliniLinf":
        attacker = CarliniLInfMethod(classifier=classifier,
                                     confidence=0.5,
                                     learning_rate=0.001,
                                     max_iter=15)
    elif attacker_name == "DeepFool":
        attacker = DeepFool(classifier, max_iter=2, nb_grads=5)
    elif attacker_name == "AdversarialPatch":
        attacker = AdversarialPatch(classifier=classifier, max_iter=20)
    elif attacker_name == "Attack":
        attacker = Attack(classifier=classifier)
    elif attacker_name == "BoundaryAttack":
        attacker = BoundaryAttack(classifier=classifier,
                                  targeted=False,
                                  epsilon=0.05,
                                  max_iter=20)  #, max_iter=20
    elif attacker_name == "SMM":
        attacker = SaliencyMapMethod(classifier=classifier, theta=.5, gamma=1.)
    elif attacker_name == "PGD":
        attacker = ProjectedGradientDescent(classifier=classifier,
                                            norm=1,
                                            eps=1,
                                            eps_step=0.5,
                                            max_iter=100,
                                            targeted=False,
                                            num_random_init=0,
                                            batch_size=1)
    else:
        raise ValueError("Please get the right attacker's name for the input.")
    test_adv = attacker.generate(x_test)
    dt = time.time() - t_start
    return test_adv, dt