def ssim_distance(model,
x,
attack_name=None,
adv_x=None,
norm=2,
distance_only=False,
run_parallel=0):
if adv_x is None:
adv_x = craft_attack(model, x, attack_name, norm)
image = np.uint8(x * 255)
adv_image = np.uint8(adv_x * 255)
def f(i):
img = Image.fromarray(image[i], 'RGB')
adv_img = Image.fromarray(adv_image[i], 'RGB')
distance = compute_ssim(img, adv_img)
if distance_only:
return distance
else:
return x[i], adv_x[i], distance
if run_parallel > 0:
with Pool(run_parallel) as p:
return p.map(f, range(len(x)))
else:
for i in range(len(image)):
yield f(i)
def _encode(msg,dataset, model_type, epochs, experiment_id,attack_name, attack_strength=2.0, extension=None, transformation=None):
if not extension:
extension = default_extension
encoded_msg = _encodeString(msg)
logger.info("Encode message {}=>{}".format(msg,encoded_msg))
test_size = len(encoded_msg)
model, x_train, x_test, y_train, y_test = load_model(dataset=dataset, model_type=model_type, epochs=epochs)
num_classes= 10
combined = list(zip(x_test, y_test))
random.shuffle(combined)
x_test[:], y_test[:] = zip(*combined)
#keep only correctly predicted inputs
batch_size = 64
preds_test = np.argmax(model.predict(x_test,verbose=0), axis=1)
inds_correct = np.where(preds_test == y_test.argmax(axis=1))[0]
x, y = x_test[inds_correct], y_test[inds_correct]
x, y = x[:test_size], y[:test_size]
targets = np.array(to_categorical([int(i) for i in encoded_msg], num_classes), "int32")
#print(targets)
adv_x = craft_attack(model,x,attack_name,y=targets, epsilon=attack_strength)
yadv = np.argmax(model.predict(adv_x), axis=1)
pictures_path = default_path.format(experiment_id,attack_name, experiment_time)
os.makedirs(pictures_path, exist_ok =True)
os.makedirs("{}/ref".format(pictures_path), exist_ok =True)
advs = []
for i, _adv in enumerate(adv_x):
predicted = yadv[i]
encoded = np.argmax(targets[i])
truth = np.argmax(y[i])
adv_path = "{}/{}_predicted{}_encoded{}_truth{}.{}".format(pictures_path,i,predicted,encoded,truth, extension)
real_path = "{}/ref/{}.{}".format(pictures_path,i,extension)
adv = array_to_img(_adv)
if transformation=="rotate":
adv = adv.rotate(10)
elif transformation=="crop":
adv = adv.crop((2,2,30,30))
elif transformation=="upscale":
adv = adv.resize((64,64),Image.BILINEAR)
elif transformation=="compress":
adv = _compress_img(adv)
yield {"time":experiment_time,"file":adv_path,"img":adv}
# adv.save(adv_path)
return experiment_time
def lpips_distance(model,
x,
attack_name=None,
adv_x=None,
norm=2,
distance_only=False,
run_parallel=0):
import tensorflow as tf
if adv_x is None:
adv_x = craft_attack(model, x, attack_name, norm)
batch_size = 32
image_shape = (batch_size, x.shape[1], x.shape[2], x.shape[3])
image0_ph = tf.placeholder(tf.float32)
image1_ph = tf.placeholder(tf.float32)
distance_t = lpips_tf.lpips(image0_ph,
image1_ph,
model='net-lin',
net='alex',
model_dir="./metrics")
def f(i):
with tf.Session() as session:
distance = session.run(distance_t,
feed_dict={
image0_ph: x[i],
image1_ph: adv_x[i]
})
if distance_only:
return distance
else:
return x[i], adv_x[i], distance
if run_parallel > 0:
with Pool(run_parallel) as p:
return p.map(f, range(len(x)))
else:
for i in range(len(x)):
yield f(i)
def _encode_adv(msg,
dataset,
model_type,
epochs,
experiment_id,
attack_name,
attack_strength=2.0):
encoded_msg = _encodeString(msg)
logger.info("Encode message {}=>{}".format(msg, encoded_msg))
test_size = len(encoded_msg)
model, x_train, x_test, y_train, y_test = load_model(dataset=dataset,
model_type=model_type,
epochs=epochs)
num_classes = 10
combined = list(zip(x_test, y_test))
random.shuffle(combined)
x_test[:], y_test[:] = zip(*combined)
#keep only correctly predicted inputs
batch_size = 64
preds_test = np.argmax(model.predict(x_test, verbose=0), axis=1)
inds_correct = np.where(preds_test == y_test.argmax(axis=1))[0]
x, y = x_test[inds_correct], y_test[inds_correct]
x, y = x[:test_size], y[:test_size]
targets = np.array(
to_categorical([int(i) for i in encoded_msg], num_classes), "int32")
#print(targets)
adv_x = craft_attack(model,
x,
attack_name,
y=targets,
epsilon=attack_strength)
return x, y, adv_x, model, targets
def _encode(msg,
dataset,
model_type,
epochs,
experiment_id,
attack_name,
keep_one=False,
quality=100,
attack_strength=2.0,
extension=None):
if not extension:
extension = default_extension
encoded_msg = _encodeString(msg)
logger.info("Encode message {}=>{}".format(msg, encoded_msg))
test_size = len(encoded_msg)
model, x_train, x_test, y_train, y_test = load_model(dataset=dataset,
model_type=model_type,
epochs=epochs)
num_classes = 10
combined = list(zip(x_test, y_test))
random.shuffle(combined)
x_test[:], y_test[:] = zip(*combined)
#keep only correctly predicted inputs
batch_size = 64
preds_test = np.argmax(model.predict(x_test, verbose=0), axis=1)
inds_correct = np.where(preds_test == y_test.argmax(axis=1))[0]
x, y = x_test[inds_correct], y_test[inds_correct]
x, y = x[:test_size], y[:test_size]
targets = np.array(
to_categorical([int(i) for i in encoded_msg], num_classes), "int32")
#print(targets)
if keep_one:
x = np.repeat(np.array([x[0, :, :, :]]), y.shape[0], axis=0)
y = model.predict(x)
adv_x = craft_attack(model,
x,
attack_name,
y=targets,
epsilon=attack_strength)
yadv = np.argmax(model.predict(adv_x), axis=1)
pictures_path = default_path.format(experiment_id, attack_name,
experiment_time)
os.makedirs(pictures_path, exist_ok=True)
os.makedirs("{}/ref".format(pictures_path), exist_ok=True)
for i, adv in enumerate(adv_x):
predicted = yadv[i]
encoded = np.argmax(targets[i])
truth = np.argmax(y[i])
adv_path = "{}/{}_predicted{}_encoded{}_truth{}.{}".format(
pictures_path, i, predicted, encoded, truth, extension)
real_path = "{}/ref/{}.{}".format(pictures_path, i, extension)
if extension == "png":
q = int(10 - quality / 100)
save_img(adv_path, adv, compress_level=q)
save_img(real_path, x[i], compress_level=q)
elif extension == "jpg":
save_img(adv_path, adv, quality=quality)
save_img(real_path, x[i], quality=quality)
return experiment_time
def _encode(msg,
dataset,
model_type,
epochs,
experiment_id,
attack_name,
keep_one=False,
quality=100,
attack_strength=2.0,
extension=None):
if not extension:
extension = default_extension
encoded_msg = _encodeString(msg)
logger.info("Encode message {}=>{}".format(msg, encoded_msg))
test_size = len(encoded_msg)
model, x_train, x_test, y_train, y_test = load_model(dataset=dataset,
model_type=model_type,
epochs=epochs)
num_classes = 10
combined = list(zip(x_test, y_test))
random.shuffle(combined)
x_test[:], y_test[:] = zip(*combined)
#keep only correctly predicted inputs
batch_size = 64
preds_test = np.argmax(model.predict(x_test, verbose=0), axis=1)
inds_correct = np.where(preds_test == y_test.argmax(axis=1))[0]
x, y = x_test[inds_correct], y_test[inds_correct]
x, y = x[:test_size], y[:test_size]
targets = np.array(
to_categorical([int(i) for i in encoded_msg], num_classes), "int32")
#print(targets)
if keep_one:
x = np.repeat(np.array([x[0, :, :, :]]), y.shape[0], axis=0)
y = model.predict(x)
adv_x = craft_attack(model,
x,
attack_name,
y=targets,
epsilon=attack_strength)
yadv = np.argmax(model.predict(adv_x), axis=1)
pictures_path = default_path.format(experiment_id, attack_name,
experiment_time)
os.makedirs(pictures_path, exist_ok=True)
os.makedirs("{}/ref".format(pictures_path), exist_ok=True)
SSIM = 1 - np.array(
list(ssim_distance(model, x, adv_x=adv_x, distance_only=True)))
LPIPS = np.array(
list(lpips_distance(model, x, adv_x=adv_x, distance_only=True)))
PSNR = np.array([_psnr_loss(x[i], adv_x[i]) for i in range(len(x))])
_compressed = _compress_batch(adv_x)
SSIM1 = 1 - np.array(
list(ssim_distance(model, x, adv_x=_compressed, distance_only=True)))
LPIPS1 = np.array(
list(lpips_distance(model, x, adv_x=_compressed, distance_only=True)))
PSNR1 = np.array([_psnr_loss(x[i], _compressed[i]) for i in range(len(x))])
mean_LPIPS, var_LPIPS = LPIPS.mean(axis=0), LPIPS.var(axis=0)
mean_LPIPS1, var_LPIPS1 = LPIPS1.mean(axis=0), LPIPS1.var(axis=0)
logger.info("LPIPS mean:{} var:{}".format(mean_LPIPS, var_LPIPS))
logger.info("LPIPS1 mean:{} var:{}".format(mean_LPIPS1, var_LPIPS1))
mean_PSNR, var_PSNR = PSNR.mean(axis=0), PSNR.var(axis=0)
mean_PSNR1, var_PSNR1 = PSNR1.mean(axis=0), PSNR1.var(axis=0)
logger.info("PSNR mean:{} var:{}".format(mean_PSNR, var_PSNR))
logger.info("PSNR1 mean:{} var:{}".format(mean_PSNR1, var_PSNR1))
mean_SSIM, var_SSIM = SSIM.mean(axis=0), SSIM.var(axis=0)
mean_SSIM1, var_SSIM1 = SSIM1.mean(axis=0), SSIM1.var(axis=0)
logger.info("SSIM mean:{} var:{}".format(mean_SSIM, var_SSIM))
logger.info("SSIM1 mean:{} var:{}".format(mean_SSIM1, var_SSIM1))
return experiment_time