def zoo_attack(dataset):
if dataset == 'cifar10':
train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data()
net = CIFAR10()
else:
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
net = MNIST()
if torch.cuda.is_available():
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
if dataset == 'cifar10':
load_model(net, 'models/cifar10_gpu.pt')
else:
load_model(net, 'models/mnist_gpu.pt')
#save_model(net,'./models/mnist.pt')
net.eval()
model = net.module
#num_images = 10
test_dataset = dsets.MNIST(root='./data/mnist', train=True, transform=transforms.ToTensor(), download=False)
test_loader = torch.utils.data.DataLoader(dataset=test_dataset, batch_size=1, shuffle=False)
for i, (image, label) in enumerate(test_loader):
#print("\n\n\n\n======== Image %d =========" % i)
#show_image(image.numpy())
print("Original label:" , label)
print("Predicted label:" , model.predict_batch(image))
adversarial = attack(image, label, model, 1)
print("Predicted label for adversarial example: ", model.predict_batch(adversarial))
#print("mindist: ", mindist)
#print(theta)
'''
def boundary_attack_mnist():
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
net = MNIST()
if torch.cuda.is_available():
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
#net = torch.nn.DataParallel(net, device_ids=range(torch.cuda.device_count()))
load_model(net, 'models/mnist_gpu.pt')
#load_model(net, 'models/mnist.pt')
net.eval()
model = net.module if torch.cuda.is_available() else net
num_images = 50
print("\n\n\n\n\n Running on first {} images \n\n\n".format(num_images))
distortion_fix_sample = 0.0
for i, (image, label) in enumerate(test_dataset):
if i >= num_images:
break
print("\n\n\n\n======== Image %d =========" % i)
#show_image(image.numpy())
print("Original label: ", label)
print("Predicted label: ", model.predict(image))
adversarial = attack_untargeted(model,
train_dataset,
image,
label,
alpha=alpha,
beta=beta)
#show_image(adversarial.numpy())
print("Predicted label for adversarial example: ",
model.predict(adversarial))
distortion_fixsample += torch.norm(adversarial - image)
print("\n\n\n\n\n Running on {} random images \n\n\n".format(num_images))
distortion_random_sample = 0.0
def attack_mnist(alpha):
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
net = MNIST()
#train_loader, test_loader, train_dataset, test_dataset = load_cifar10_data()
#net = CIFAR10()
if torch.cuda.is_available():
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
#net = torch.nn.DataParallel(net, device_ids=range(torch.cuda.device_count()))
load_model(net, 'models/mnist_gpu.pt')
#load_model(net, 'models/cifar10.pt')
net.eval()
model = net.module if torch.cuda.is_available() else net
num_images = 10
print("\n\n\n\n\n Running on {} random images \n\n\n".format(num_images))
distortion_random_sample = 0.0
random.seed(0)
for _ in range(num_images):
idx = random.randint(100, len(test_dataset)-1)
#idx = 3743
image, label = test_dataset[idx]
print("\n\n\n\n======== Image %d =========" % idx)
targets = list(range(10))
targets.pop(label)
target = random.choice(targets)
#target = 4
#target = None #--> uncomment of untarget
distortion_random_sample += attack_single(model, train_loader, image, label, target, alpha)
#print("\n\n\n\n\n Running on first {} images \n\n\n".format(num_images))
print("Average distortion on random {} images is {}".format(num_images, distortion_random_sample/num_images))
'''
def attack_mnist(alpha=0.2, beta=0.001, isTarget=False, num_attacks=100):
train_loader, test_loader, train_dataset, test_dataset = load_mnist_data()
print("Length of test_set: ", len(test_dataset))
#dataset = train_dataset
net = MNIST()
if torch.cuda.is_available():
net.cuda()
net = torch.nn.DataParallel(net, device_ids=[0])
load_model(net, 'models/mnist_gpu.pt')
#load_model(net, 'models/mnist_cpu.pt')
net.eval()
model = net.module if torch.cuda.is_available() else net
def single_attack(image, label, target=None):
show_image(image.numpy())
print("Original label: ", label)
print("Predicted label: ", model.predict(image))
if target == None:
adversarial = attack_untargeted(model,
image,
label,
alpha=alpha,
beta=beta,
iterations=1000)
else:
print("Targeted attack: %d" % target)
adversarial = attack_targeted(model,
image,
label,
target,
alpha=alpha,
beta=beta,
iterations=1000)
show_image(adversarial.numpy())
print("Predicted label for adversarial example: ",
model.predict(adversarial))
return torch.norm(adversarial - image)
print(
"\n\n Running {} attack on {} random MNIST test images for alpha= {} beta= {}\n\n"
.format("targetted" if isTarget else "untargetted", num_attacks, alpha,
beta))
total_distortion = 0.0
samples = [
6312, 6891, 4243, 8377, 7962, 6635, 4970, 7809, 5867, 9559, 3579, 8269,
2282, 4618, 2290, 1554, 4105, 9862, 2408, 5082, 1619, 1209, 5410, 7736,
9172, 1650, 5181, 3351, 9053, 7816, 7254, 8542, 4268, 1021, 8990, 231,
1529, 6535, 19, 8087, 5459, 3997, 5329, 1032, 3131, 9299, 3910, 2335,
8897, 7340, 1495, 5244, 8323, 8017, 1787, 4939, 9032, 4770, 2045, 8970,
5452, 8853, 3330, 9883, 8966, 9628, 4713, 7291, 9770, 6307, 5195, 9432,
3967, 4757, 3013, 3103, 3060, 541, 4261, 7808, 1132, 1472, 2134, 634,
1315, 8858, 6411, 8595, 4516, 8550, 3859, 3526
]
#true_labels = [3, 1, 6, 6, 9, 2, 7, 5, 5, 3, 3, 4, 5, 6, 7, 9, 1, 6, 3, 4, 0, 6, 5, 9, 7, 0, 3, 1, 6, 6, 9, 6, 4, 7, 6, 3, 4, 3, 4, 3, 0, 7, 3, 5, 3, 9, 3, 1, 9, 1, 3, 0, 2, 9, 9, 2, 2, 3, 3, 3, 0, 5, 2, 5, 2, 7, 2, 2, 5, 7, 4, 9, 9, 0, 0, 7, 9, 4, 5, 5, 2, 3, 5, 9, 3, 0, 9, 0, 1, 2, 9, 9]
for idx in samples:
#idx = random.randint(100, len(test_dataset)-1)
image, label = test_dataset[idx]
print("\n\n\n\n======== Image %d =========" % idx)
#target = None if not isTarget else random.choice(list(range(label)) + list(range(label+1, 10)))
target = None if not isTarget else (1 + label) % 10
total_distortion += single_attack(image, label, target)
print("Average distortion on random {} images is {}".format(
num_attacks, total_distortion / num_attacks))