tf.keras.layers.Flatten(input_shape=(28,28)),
tf.keras.layers.Dense(128, activation='relu'),
tf.keras.layers.Dropout(0.2),
tf.keras.layers.Dense(10)
])
loss_fn=tf.keras.losses.SparseCategoricalCrossentropy(from_logits=True)
model.compile(optimizer='adam',loss=loss_fn,metrics=['accuracy'])
model.fit(x_train,y_train, epochs=5)
model.evaluate(x_test,y_test,verbose=2)
#instantiate the model
fmodel=TensorFlowModel(model, bounds=(0,1))
#get data and test the model
#wrapping the tensors with ep.astensors is optional, but it allows
#us to work with EagerPy tensors in the following
##########################################################
images, labels = samples(fmodel, dataset="mnist", batchsize=100)
images1, labels1=ep.astensors(*samples(fmodel, dataset="mnist", batchsize=100))
print(accuracy(fmodel, images1, labels1))
predict=fmodel(images).numpy()
tf.nn.softmax(predict).numpy()
correct_pred=tf.math.argmax(predict,1)
print(correct_pred)
#!/usr/bin/env python3
import tensorflow as tf
import eagerpy as ep
from foolbox import TensorFlowModel, accuracy, samples
from foolbox.attacks import LinfPGD
if __name__ == "__main__":
# instantiate a model
model = tf.keras.applications.ResNet50(weights="imagenet")
pre = dict(flip_axis=-1, mean=[104.0, 116.0, 123.0]) # RGB to BGR
fmodel = TensorFlowModel(model, bounds=(0, 255), preprocessing=pre)
# get data and test the model
# wrapping the tensors with ep.astensors is optional, but it allows
# us to work with EagerPy tensors in the following
images, labels = ep.astensors(
*samples(fmodel, dataset="imagenet", batchsize=16))
print(accuracy(fmodel, images, labels))
# apply the attack
attack = LinfPGD()
epsilons = [0.0, 0.001, 0.01, 0.03, 0.1, 0.3, 0.5, 1.0]
advs, _, success = attack(fmodel, images, labels, epsilons=epsilons)
# calculate and report the robust accuracy
robust_accuracy = 1 - success.float32().mean(axis=-1)
for eps, acc in zip(epsilons, robust_accuracy):
print(eps, acc.item())
# we can also manually check this
for eps, advs_ in zip(epsilons, advs):
import matplotlib.pyplot as plt
import foolbox as fb
paths = [
'/om/user/aunell/data/0model', '/om/user/aunell/data/0.1model',
'/om/user/aunell/data/0.1N2C', '/om/user/aunell/data/0C2N',
'/om/user/aunell/data/blurNoise', '/om/user/aunell/data/baseline'
]
paths = ['/om/user/aunell/data/0C2N', '/om/user/aunell/data/baseline']
from foolbox import TensorFlowModel, accuracy, samples, Model
from foolbox.attacks import LinfPGD
for path in paths:
model = tf.keras.models.load_model(path)
preprocessing = dict()
bounds = (0, 32)
fmodel = TensorFlowModel(model, bounds=bounds, preprocessing=preprocessing)
images, labels = fb.utils.samples(fmodel, dataset='cifar10', batchsize=16)
print('pre-accuracy', fb.utils.accuracy(fmodel, images, labels))
epsilons = np.linspace(0.0, 0.5, num=20)
attack = fb.attacks.LinfDeepFoolAttack()
raw, clipped, is_adv = attack(fmodel, images, labels, epsilons=epsilons)
is_adv = is_adv.numpy()
print(is_adv)
robust_accuracy = 1 - is_adv.mean(axis=-1)
print(is_adv.mean(axis=-1))
plt.plot(epsilons, robust_accuracy, label=path[21:])
plt.ylabel('Accuracy')
plt.legend()
def main() -> None:
# instantiate a model (could also be a TensorFlow or JAX model)
model = tf.keras.applications.ResNet50(weights="imagenet")
pre = dict(flip_axis=-1, mean=[104.0, 116.0, 123.0]) # RGB to BGR
fmodel: Model = TensorFlowModel(model, bounds=(0, 255), preprocessing=pre)
fmodel = fmodel.transform_bounds((0, 1))
# get data and test the model
# wrapping the tensors with ep.astensors is optional, but it allows
# us to work with EagerPy tensors in the following
images, labels = ep.astensors(
*samples(fmodel, dataset="imagenet", batchsize=16))
clean_acc = accuracy(fmodel, images, labels)
print(f"clean accuracy: {clean_acc * 100:.1f} %")
# apply the attack
attack = LinfPGD()
epsilons = [
0.0,
0.0002,
0.0005,
0.0008,
0.001,
0.0015,
0.002,
0.003,
0.01,
0.1,
0.3,
0.5,
1.0,
]
raw_advs, clipped_advs, success = attack(fmodel,
images,
labels,
epsilons=epsilons)
# calculate and report the robust accuracy (the accuracy of the model when
# it is attacked)
robust_accuracy = 1 - success.float32().mean(axis=-1)
print("robust accuracy for perturbations with")
for eps, acc in zip(epsilons, robust_accuracy):
print(f" Linf norm ≤ {eps:<6}: {acc.item() * 100:4.1f} %")
# we can also manually check this
# we will use the clipped advs instead of the raw advs, otherwise
# we would need to check if the perturbation sizes are actually
# within the specified epsilon bound
print()
print("we can also manually check this:")
print()
print("robust accuracy for perturbations with")
for eps, advs_ in zip(epsilons, clipped_advs):
acc2 = accuracy(fmodel, advs_, labels)
print(f" Linf norm ≤ {eps:<6}: {acc2 * 100:4.1f} %")
print(" perturbation sizes:")
perturbation_sizes = (advs_ - images).norms.linf(axis=(1, 2,
3)).numpy()
print(" ", str(perturbation_sizes).replace("\n", "\n" + " "))
if acc2 == 0:
break
np.random.seed(0)
tensorflow.random.set_seed(0)
model = tensorflow.keras.models.load_model('iris_ffn.h5')
dataframe = pd.read_csv("../Data/iris_scaled.csv", header=0)
dataset = dataframe.values
X = dataset[:,:4].astype(float)
labels = dataset[:,4]
print(labels)
le = LabelEncoder()
Y = le.fit_transform(labels)
fmodel = TensorFlowModel(model, bounds=(-10, 10))
attack = L2AdditiveGaussianNoiseAttack()
epsilons = np.linspace(0.0, 6.0, num=480, endpoint=False)
advs, _, success = attack(fmodel, X, K.constant(Y), epsilons=epsilons)
perturbed = np.zeros((len(X),4))
added = np.zeros(len(X))
for eps, adv in zip(epsilons, advs):
if 0 not in added:
break
pred = model.predict(adv)
pred_class = np.argmax(pred, axis=1)
dif = [True if i[0]==i[1] else False for i in zip(pred_class, Y)] #True if class is correct
for i in range(len(dif)):
if dif[i]==False and added[i]==0: