Python BP.attackの例

コード例 #1

ファイル: mnist_attack_author.py プロジェクト: hanwei0912/walking-on-the-edge-fast-low-distortion-adversarial-examples

attacker = BP(steps=100, device=DEVICE)
#attacker = DDN(steps=1000, device=DEVICE)

ori_image = []
ori_label = []
adv_image = []
adv_preds = []

requires_grad_(model, False)
model.eval()

for i, (images, labels) in enumerate(tqdm.tqdm(test_loader, ncols=80)):
    t_images, t_labels = images.to(DEVICE), labels.to(DEVICE)

    cadv,adv = attacker.attack(model, t_images, t_labels)
    adv_pred = model(adv).argmax(1)

    ori_image.append(images)
    ori_label.append(labels)
    adv_image.append(adv.cpu())
    adv_preds.append(adv_pred.cpu())

ori_image = torch.cat(ori_image, 0).numpy()
ori_label = torch.cat(ori_label, 0).numpy()
adv_image = torch.cat(adv_image, 0).numpy()
adv_preds = torch.cat(adv_preds, 0).numpy()

# Compute metrics with numpy as PyTorch had some problems with sums on large tensors
success_rate = np.mean(adv_preds != ori_label)
norms = np.linalg.norm((adv_image - ori_image).reshape(ori_image.shape[0], -1), axis=1)

コード例 #2

ファイル: inceptionv3.py プロジェクト: hanwei0912/walking-on-the-edge-fast-low-distortion-adversarial-examples

mean = [0.485, 0.456, 0.406]
std = [0.229, 0.224, 0.225]
preprocess_layer = Preprocessing_Layer(mean, std)
model = nn.Sequential(preprocess_layer, inception)
model.cuda()
model.eval()
top1 = AverageMeter('Acc@1', ':6.2f')
adv1 = AverageMeter('Adv@1', ':6.2f')
Norml2 = AverageMeter('Pnorml2@1', ':6.2f')
progress = ProgressMeter(len(val_loader), [top1, adv1, Norml2],
                         prefix='Test: ')
begin = time.time()
for i, (images, target) in enumerate(val_loader):
    images = images.cuda()
    target = target.cuda()
    currnt_adv, adv = attacker.attack(model, images, target)
    norm = np.sum((images.data.cpu().detach().numpy() -
                   adv.data.cpu().detach().numpy())**2,
                  axis=(1, 2, 3))**.5
    Norml2.update(np.mean(norm), images.size(0))
    torch.cuda.empty_cache()
    output = model(images)
    output_adv = model(adv)
    acc1, acc5 = accuracy(output, target, topk=(1, 5))
    acc11, acc55 = accuracy(output_adv, target, topk=(1, 5))
    top1.update(acc1.cpu().detach().numpy()[0], images.size(0))
    adv1.update(acc11.cpu().detach().numpy()[0], images.size(0))
    del acc11, acc1, output, output_adv, acc5, acc55
    torch.cuda.empty_cache()
    progress.display(i)
print(time.time() - begin)

コード例 #3

attacker = BP(steps=100, device=DEVICE)
#attacker = DDN(steps=100, device=DEVICE)

requires_grad_(model, True)
model.eval()

ori_image = np.zeros((10000, 3, 32, 32))
ori_label = np.zeros((10000, 1))
adv_image = np.zeros((10000, 3, 32, 32))
adv_label = np.zeros((10000, 1))

#requires_grad_(model, False)
for i, (images, labels) in enumerate(tqdm.tqdm(test_loader, ncols=80)):
    images, labels = images.to(DEVICE), labels.to(DEVICE)
    #best_x = attacker.attack(model, images, labels)
    adv, best_x = attacker.attack(model, images, labels)
    adv_pred = model(best_x).argmax(1)
    i_sta = i * 50
    i_end = (i + 1) * 50
    ori_label[i_sta:i_end] = labels.cpu().detach().numpy().reshape((50, 1))
    ori_image[i_sta:i_end] = images.cpu().detach().numpy()
    adv_image[i_sta:i_end] = best_x.cpu().detach().numpy()
    adv_label[i_sta:i_end] = adv_pred.cpu().detach().numpy().reshape((50, 1))

# Compute
success_rate = np.mean(adv_label != ori_label)
norms = np.linalg.norm((adv_image - ori_image).reshape(ori_image.shape[0], -1),
                       axis=1)
mean_l2 = np.mean(norms)
median_l2 = np.median(norms)