tf.keras.layers.Flatten(input_shape=(28,28)), tf.keras.layers.Dense(128, activation='relu'), tf.keras.layers.Dropout(0.2), tf.keras.layers.Dense(10) ]) loss_fn=tf.keras.losses.SparseCategoricalCrossentropy(from_logits=True) model.compile(optimizer='adam',loss=loss_fn,metrics=['accuracy']) model.fit(x_train,y_train, epochs=5) model.evaluate(x_test,y_test,verbose=2) #instantiate the model fmodel=TensorFlowModel(model, bounds=(0,1)) #get data and test the model #wrapping the tensors with ep.astensors is optional, but it allows #us to work with EagerPy tensors in the following ########################################################## images, labels = samples(fmodel, dataset="mnist", batchsize=100) images1, labels1=ep.astensors(*samples(fmodel, dataset="mnist", batchsize=100)) print(accuracy(fmodel, images1, labels1)) predict=fmodel(images).numpy() tf.nn.softmax(predict).numpy() correct_pred=tf.math.argmax(predict,1) print(correct_pred)
#!/usr/bin/env python3 import tensorflow as tf import eagerpy as ep from foolbox import TensorFlowModel, accuracy, samples from foolbox.attacks import LinfPGD if __name__ == "__main__": # instantiate a model model = tf.keras.applications.ResNet50(weights="imagenet") pre = dict(flip_axis=-1, mean=[104.0, 116.0, 123.0]) # RGB to BGR fmodel = TensorFlowModel(model, bounds=(0, 255), preprocessing=pre) # get data and test the model # wrapping the tensors with ep.astensors is optional, but it allows # us to work with EagerPy tensors in the following images, labels = ep.astensors( *samples(fmodel, dataset="imagenet", batchsize=16)) print(accuracy(fmodel, images, labels)) # apply the attack attack = LinfPGD() epsilons = [0.0, 0.001, 0.01, 0.03, 0.1, 0.3, 0.5, 1.0] advs, _, success = attack(fmodel, images, labels, epsilons=epsilons) # calculate and report the robust accuracy robust_accuracy = 1 - success.float32().mean(axis=-1) for eps, acc in zip(epsilons, robust_accuracy): print(eps, acc.item()) # we can also manually check this for eps, advs_ in zip(epsilons, advs):
scoresvec.append((100 - scores[1] * 100)) #CUDA, total of three #cuda 10.1... y_pred = model.predict(X_test[0:101]) #model.fit(X_train, y_train, validation_data=(X_test, y_test), epochs=10, batch_size=200) #images = X_test[0:101] #labels = y_test[0:101] #fmodel = create() #fmodel = fb.PyTorchModel(model=model, bounds=(0, 1)) #return fmodel # https://foolbox.readthedocs.io/en/v2.3.0/user/examples.html #fmodel = fb.models.TensorFlowModel(model=model, bounds = (0.0,1.0), device = None) #this one crashes fmodel = TensorFlowModel(model, bounds=(0, 1)) #nooo it crashed images, labels = samples(fmodel, dataset="mnist", batchsize=100) images1, labels1 = ep.astensors( *samples(fmodel, dataset="mnist", batchsize=100)) print(accuracy(fmodel, images1, labels1)) images_arr = np.array(images) #plot images before attack fig, axes = plt.subplots(1, 100, figsize=(28, 28)) axes = axes.flatten() for img, ax in zip(images_arr, axes): ax.imshow(np.squeeze(img), cmap="gray") ax.axis("off") plt.tight_layout()
def main() -> None: # instantiate a model (could also be a TensorFlow or JAX model) model = tf.keras.applications.ResNet50(weights="imagenet") pre = dict(flip_axis=-1, mean=[104.0, 116.0, 123.0]) # RGB to BGR fmodel: Model = TensorFlowModel(model, bounds=(0, 255), preprocessing=pre) fmodel = fmodel.transform_bounds((0, 1)) # get data and test the model # wrapping the tensors with ep.astensors is optional, but it allows # us to work with EagerPy tensors in the following images, labels = ep.astensors( *samples(fmodel, dataset="imagenet", batchsize=16)) clean_acc = accuracy(fmodel, images, labels) print(f"clean accuracy: {clean_acc * 100:.1f} %") # apply the attack attack = LinfPGD() epsilons = [ 0.0, 0.0002, 0.0005, 0.0008, 0.001, 0.0015, 0.002, 0.003, 0.01, 0.1, 0.3, 0.5, 1.0, ] raw_advs, clipped_advs, success = attack(fmodel, images, labels, epsilons=epsilons) # calculate and report the robust accuracy (the accuracy of the model when # it is attacked) robust_accuracy = 1 - success.float32().mean(axis=-1) print("robust accuracy for perturbations with") for eps, acc in zip(epsilons, robust_accuracy): print(f" Linf norm ≤ {eps:<6}: {acc.item() * 100:4.1f} %") # we can also manually check this # we will use the clipped advs instead of the raw advs, otherwise # we would need to check if the perturbation sizes are actually # within the specified epsilon bound print() print("we can also manually check this:") print() print("robust accuracy for perturbations with") for eps, advs_ in zip(epsilons, clipped_advs): acc2 = accuracy(fmodel, advs_, labels) print(f" Linf norm ≤ {eps:<6}: {acc2 * 100:4.1f} %") print(" perturbation sizes:") perturbation_sizes = (advs_ - images).norms.linf(axis=(1, 2, 3)).numpy() print(" ", str(perturbation_sizes).replace("\n", "\n" + " ")) if acc2 == 0: break
import matplotlib.pyplot as plt import foolbox as fb paths = [ '/om/user/aunell/data/0model', '/om/user/aunell/data/0.1model', '/om/user/aunell/data/0.1N2C', '/om/user/aunell/data/0C2N', '/om/user/aunell/data/blurNoise', '/om/user/aunell/data/baseline' ] paths = ['/om/user/aunell/data/0C2N', '/om/user/aunell/data/baseline'] from foolbox import TensorFlowModel, accuracy, samples, Model from foolbox.attacks import LinfPGD for path in paths: model = tf.keras.models.load_model(path) preprocessing = dict() bounds = (0, 32) fmodel = TensorFlowModel(model, bounds=bounds, preprocessing=preprocessing) images, labels = fb.utils.samples(fmodel, dataset='cifar10', batchsize=16) print('pre-accuracy', fb.utils.accuracy(fmodel, images, labels)) epsilons = np.linspace(0.0, 0.5, num=20) attack = fb.attacks.LinfDeepFoolAttack() raw, clipped, is_adv = attack(fmodel, images, labels, epsilons=epsilons) is_adv = is_adv.numpy() print(is_adv) robust_accuracy = 1 - is_adv.mean(axis=-1) print(is_adv.mean(axis=-1)) plt.plot(epsilons, robust_accuracy, label=path[21:]) plt.ylabel('Accuracy') plt.legend()
np.random.seed(0) tensorflow.random.set_seed(0) model = tensorflow.keras.models.load_model('iris_ffn.h5') dataframe = pd.read_csv("../Data/iris_scaled.csv", header=0) dataset = dataframe.values X = dataset[:,:4].astype(float) labels = dataset[:,4] print(labels) le = LabelEncoder() Y = le.fit_transform(labels) fmodel = TensorFlowModel(model, bounds=(-10, 10)) attack = L2AdditiveGaussianNoiseAttack() epsilons = np.linspace(0.0, 6.0, num=480, endpoint=False) advs, _, success = attack(fmodel, X, K.constant(Y), epsilons=epsilons) perturbed = np.zeros((len(X),4)) added = np.zeros(len(X)) for eps, adv in zip(epsilons, advs): if 0 not in added: break pred = model.predict(adv) pred_class = np.argmax(pred, axis=1) dif = [True if i[0]==i[1] else False for i in zip(pred_class, Y)] #True if class is correct for i in range(len(dif)): if dif[i]==False and added[i]==0: