def main(args): imgs_dir = args.imgs_dir input_dir = os.path.join(args.data_dir, imgs_dir, "benign") if not DEBUG: output_dir = os.path.join(args.data_dir, imgs_dir, "adv") if os.path.exists(output_dir): shutil.rmtree(output_dir) os.mkdir(output_dir) image_name_list = os.listdir(input_dir) kmodel = YOLOv3() model = KerasYOLOv3Model(kmodel, bounds=(0, 1)) if args.attack_mtd == 'cw_targetclsmiss': attack = CarliniWagnerLinfMetric(model, criterion=TargetClassMiss(2)) elif args.attack_mtd == 'noise_numberchange': attack = AdditiveGaussianNoiseMetric( model, criterion=TargetClassNumberChange(-1)) elif args.attack_mtd == 'bright_numberchange': attack = BrightnessMetric(model, criterion=TargetClassNumberChange(-1)) else: raise ValueError('Invalid attack method {0}'.format(args.attack_mtd)) for _, image_name in enumerate(tqdm(image_name_list)): temp_img_path_benign = os.path.join(input_dir, image_name) image_benign = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_benign, absolute_path=True) try: annotation_ori = model.predictions(image_benign) if args.attack_mtd == 'cw_targetclsmiss': image_adv_benign = attack(image_benign, binary_search_steps=1, unpack=True) else: image_adv_benign = attack(image_benign, annotation_ori, epsilons=1000, unpack=True) except: print('Attack failed.') continue image_adv_benign_pil = Image.fromarray( (image_adv_benign * 255).astype(np.uint8)) if not DEBUG: image_adv_benign_pil.save(os.path.join(output_dir, image_name))
def get_patch_adv(): from perceptron.utils.image import letterbox_image, draw_letterbox from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model from perceptron.zoo.yolov3.model import YOLOv3 from perceptron.attacks.vanish_patch import PatchVanishAttack from perceptron.utils.criteria.detection import TargetClassMiss, RegionalTargetClassMiss from perceptron.defences.bit_depth import BitDepth benign_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_det") adv_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_det") benign_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_bit4_det") adv_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_bit4_det") kmodel = YOLOv3() kmodel.load_weights('/home/yantao/workspace/projects/baidu/aisec/perceptron/perceptron/zoo/yolov3/model_data/yolov3.h5') model = KerasYOLOv3Model(kmodel, bounds=(0, 1)) squz_fn = BitDepth(4) for idx in range(frame_range[0], frame_range[1]): img_name_noext = 'frame_{0:05d}'.format(idx) patch_bbox = patch_dic[img_name_noext] img_path = os.path.join("../../../../../../../../datasets/bdd_parts", video_name, "patch", img_name_noext + '.png') image, shape = letterbox_image( data_format='channels_last', fname=img_path ) output_benign = model.predictions(image) with open(os.path.join(benign_output_dir, img_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL) image_squz = squz_fn(image) output_benign_squz = model.predictions(image_squz) with open(os.path.join(benign_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign_squz, f, protocol=pickle.HIGHEST_PROTOCOL) attack = PatchVanishAttack(model, criterion=RegionalTargetClassMiss(2, patch_bbox)) draw = draw_letterbox(image, output_benign, shape[:2], model.class_names()) draw.save('letterbox_{0}.png'.format(idx)) image_adv = attack(image, mask=patch_bbox, binary_search_steps=1) ''' mask_img = np.zeros((image.shape)) mask_img[patch_bbox[0] : patch_bbox[2] + 1, patch_bbox[1] : patch_bbox[3] + 1, :] = 1.0 for idx_0 in range(mask_img.shape[0]): for idx_1 in range(mask_img.shape[1]): for idx_2 in range(mask_img.shape[2]): if mask_img[idx_0, idx_1, idx_2] == 0: image_adv[idx_0, idx_1, idx_2] = image[idx_0, idx_1, idx_2] ''' if image_adv is None: image_adv = attack(image, mask=patch_bbox, binary_search_steps=5) if image_adv is None: continue output_adv = model.predictions(image_adv) with open(os.path.join(adv_output_dir, img_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL) draw = draw_letterbox(image_adv, output_adv, shape[:2], model.class_names()) draw.save('letterbox_adv_{0}.png'.format(idx)) image_adv_squz = squz_fn(image_adv) output_adv_squz = model.predictions(image_adv_squz) with open(os.path.join(adv_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv_squz, f, protocol=pickle.HIGHEST_PROTOCOL)
def main(args): imgs_dir = args.imgs_dir input_benign_dir = os.path.join(args.data_dir, imgs_dir, "benign") input_adv_dir = os.path.join(args.data_dir, imgs_dir, "adv") input_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type) input_adv_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type + '_adv') output_benign_dir = os.path.join(args.data_dir, imgs_dir, "results_benign") output_adv_dir = os.path.join(args.data_dir, imgs_dir, "results_adv") output_squz_dir = os.path.join(args.data_dir, imgs_dir, 'results_' + args.squeeze_type) output_adv_squz_dir = os.path.join(args.data_dir, imgs_dir, 'results_' + args.squeeze_type + '_adv') for check_dir in [ output_benign_dir, output_adv_dir, output_squz_dir, output_adv_squz_dir ]: if os.path.exists(check_dir): shutil.rmtree(check_dir) os.mkdir(check_dir) image_name_list = os.listdir(input_adv_dir) kmodel = YOLOv3() model = KerasYOLOv3Model(kmodel, bounds=(0, 1)) for _, image_name in enumerate(tqdm(image_name_list)): image_name_noext = os.path.splitext(image_name)[0] temp_img_path_benign = os.path.join(input_benign_dir, image_name) temp_img_path_squz = os.path.join(input_squz_dir, image_name) temp_img_path_adv = os.path.join(input_adv_dir, image_name) temp_img_path_adv_squz = os.path.join(input_adv_squz_dir, image_name) try: print(temp_img_path_benign) image_benign = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_benign, absolute_path=True) image_benign_squz = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_squz, absolute_path=True) image_adv = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_adv, absolute_path=True) image_adv_squz = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_adv_squz, absolute_path=True) except: print('loading images error.') continue try: output_benign = model.predictions(image_benign) output_adv = model.predictions(image_adv) output_benign_squz = model.predictions(image_benign_squz) output_adv_squz = model.predictions(image_adv_squz) with open( os.path.join(output_benign_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL) with open(os.path.join(output_adv_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL) with open(os.path.join(output_squz_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign_squz, f, protocol=pickle.HIGHEST_PROTOCOL) with open( os.path.join(output_adv_squz_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv_squz, f, protocol=pickle.HIGHEST_PROTOCOL) # draw = draw_letterbox(image_benign, output_benign, (416, 416), model.class_names()) # draw.save('./temp/{0}_benign.png'.format(image_name_noext)) # draw = draw_letterbox(image_adv, output_adv, (416, 416), model.class_names()) # draw.save('./temp/{0}_adv.png'.format(image_name_noext)) # draw = draw_letterbox(image_benign_squz, output_benign_squz, (416, 416), model.class_names()) # draw.save('./temp/{0}_benign_squz.png'.format(image_name_noext)) # draw = draw_letterbox(image_adv_squz, output_adv_squz, (416, 416), model.class_names()) # draw.save('./temp/{0}_adv_squz.png'.format(image_name_noext)) except: print(image_name, ' generating error.') continue
def _load_yolov3_model(): from perceptron.zoo.yolov3.model import YOLOv3 model = YOLOv3() return model
""" Test case for Keras """ from perceptron.zoo.yolov3.model import YOLOv3 from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model from perceptron.utils.image import load_image from perceptron.benchmarks.carlini_wagner import CarliniWagnerLinfMetric from perceptron.utils.criteria.detection import TargetClassMiss from perceptron.utils.tools import bcolors from perceptron.utils.tools import plot_image_objectdetection # instantiate the model from keras applications yolov3 = YOLOv3() # initialize the KerasYOLOv3Model kmodel = KerasYOLOv3Model(yolov3, bounds=(0, 1)) # get source image and label # the model expects values in [0, 1], and channles_last image = load_image(shape=(416, 416), bounds=(0, 1), fname='car.png') metric = CarliniWagnerLinfMetric(kmodel, criterion=TargetClassMiss(2)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, binary_search_steps=1, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1)