def sparsefool_generate(input_path,
output_path,
num=100,
delta=100,
max_iter=25,
fixed_iter=False):
# Check for cuda devices (GPU)
device = 'cuda' if torch.cuda.is_available() else 'cpu'
# Load a pretrained model
# Here we use resnet18 as target model
net = torch.load('./Model_trained/animals10_resnet18.pth',
map_location=torch.device('cpu'))
net = net.to(device)
net.eval()
listing = os.listdir(input_path)
existed_file_list = os.listdir(output_path)
print(existed_file_list)
cnt = 0
cnt_correct = 0
num_pixel_modified = []
for image_name in listing:
print(image_name)
# Generate output file name and path for later the image saving
if image_name[-3:] == 'jpg' or image_name[-3:] == 'bmp':
output_file_path = (output_path + str(delta) + '_' +
image_name)[:-3] + 'bmp'
output_file_path_diff = (output_path + 'diff_' + str(delta) + '_' +
image_name)[:-3] + 'bmp'
output_file_name = str(delta) + '_' + image_name[:-3] + 'bmp'
elif image_name[-4:] == 'jpeg':
output_file_path = (output_path + str(delta) + '_' +
image_name)[:-4] + 'bmp'
output_file_path_diff = (output_path + 'diff_' + str(delta) + '_' +
image_name)[:-4] + 'bmp'
output_file_name = str(delta) + '_' + image_name[:-4] + 'bmp'
else:
print('Only .jpeg of .jpg is supported')
continue
# Check if an image is already processed
# This condition permits the scripts to stop half way and continue after
if output_file_name in existed_file_list:
print('File already processed')
continue
# Count of images process, used to calculate accuracy after attack
cnt += 1
# Load Image and Resize
im_orig = Image.open(input_path + '/' + image_name)
im_sz = 224
im_orig = transforms.Compose([transforms.Resize(
(im_sz, im_sz))])(im_orig)
# Bounds for Validity and Perceptibility
lb, ub = valid_bounds(im_orig, delta)
# Transform image, ub and lb to PyTorch tensors for calculation
im = transforms.Compose([transforms.ToTensor()])(im_orig)
lb = transforms.Compose([transforms.ToTensor()])(lb)
ub = transforms.Compose([transforms.ToTensor()])(ub)
im = im[None, :, :, :].to(device)
lb = lb[None, :, :, :].to(device)
ub = ub[None, :, :, :].to(device)
# Params
lambda_ = 3
# Execute SparseFool
x_adv, r, pred_label, fool_label, loops = sparsefool(
im,
net,
lb,
ub,
lambda_,
max_iter,
device=device,
fixed_iter=fixed_iter)
# count the number of pixel modified and store in an array
num_pixel_modified.append(nnz_pixels(r.cpu().numpy().squeeze()))
# Save image generated and the noise
save_image(x_adv, output_file_path)
save_image(r, output_file_path_diff)
# Print result
if fool_label == int(image_name[0]):
cnt_correct += 1
print('True labels: ', image_name[0])
print('After adding noise, classified as: ', fool_label)
print('Num_pixel_modified: ', num_pixel_modified[-1])
print('\n')
# Summarize results for all images processed
if len(num_pixel_modified) > 0:
print("Accuracy of Network after attack: " +
str(100 * cnt_correct / num) + " %")
print('Average number of pixel modified : ',
sum(num_pixel_modified) / len(num_pixel_modified))
else:
print('No images is processed.')
ub = transforms.Compose(
[transforms.ToTensor(),
transforms.Normalize(mean=mean, std=std)])(ub)
im = im[None, :, :, :].to(device)
lb = lb[None, :, :, :].to(device)
ub = ub[None, :, :, :].to(device)
######################
# Execute SparseFool #
######################
# Params
max_iter = 50
lambda_ = 3.
x_adv, r, pred_label, fool_label, loops = sparsefool(im, net, lb, ub, lambda_,
max_iter, device)
#####################
# Visualize results #
#####################
labels = open(os.path.join('synset_words.txt'), 'r').read().split('\n')
str_label_pred = get_label(labels[np.int(pred_label)].split(',')[0])
str_label_fool = get_label(labels[np.int(fool_label)].split(',')[0])
fig, axes = plt.subplots(1, 3)
axes[0].set_title(str_label_pred)
axes[1].set_title("%s pixels" % repr(nnz_pixels(r.cpu().numpy().squeeze())))
axes[2].set_title(str_label_fool)
axes[0].imshow(im_orig)