def test_mnist_untargeted(self): session = tf.Session() k.set_session(session) comp_params = {"loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy']} # Get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train = X_train[:nb_train], Y_train[:nb_train] X_test, Y_test = X_test[:nb_test], Y_test[:nb_test] im_shape = X_train[0].shape # Get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=batch_size, verbose=0) scores = classifier.evaluate(X_test, Y_test) print("\naccuracy on test set: %.2f%%" % (scores[1] * 100)) # Perform attack df = SaliencyMapMethod(classifier, sess=session) df.set_params(clip_min=0, clip_max=1, theta=1) x_test_adv = df.generate(X_test) self.assertFalse((X_test == x_test_adv).all()) y_pred = get_labels_np_array(classifier.predict(x_test_adv)) self.assertFalse((Y_test == y_pred).all()) scores = classifier.evaluate(x_test_adv, Y_test) print('\naccuracy on adversarial examples: %.2f%%' % (scores[1] * 100))
def test_mnist(self): session = tf.Session() k.set_session(session) comp_params = { "loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy'] } # get MNIST batch_size, nb_train, nb_test = 100, 1000, 11 (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train = X_train[:nb_train], Y_train[:nb_train] X_test, Y_test = X_test[:nb_test], Y_test[:nb_test] im_shape = X_train[0].shape # get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=batch_size, verbose=0) # Attack nf = NewtonFool(classifier, sess=session) nf.set_params(max_iter=20) x_test_adv = nf.generate(X_test) self.assertFalse((X_test == x_test_adv).all()) y_pred = classifier.predict(X_test) y_pred_adv = classifier.predict(x_test_adv) y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred y_pred_max = y_pred.max(axis=1) y_pred_adv_max = y_pred_adv[y_pred_bool] self.assertTrue((y_pred_max >= y_pred_adv_max).all()) scores1 = classifier.evaluate(X_test, Y_test) print("\nAccuracy on test set: %.2f%%" % (scores1[1] * 100)) scores2 = classifier.evaluate(x_test_adv, Y_test) print('\nAccuracy on adversarial examples: %.2f%%' % (scores2[1] * 100)) self.assertTrue(scores1[1] != scores2[1])
def test_label_smooth(self): session = tf.Session() keras.backend.set_session(session) # get MNIST (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train, X_test, Y_test = X_train[: NB_TRAIN], Y_train[: NB_TRAIN], X_test[: NB_TEST], Y_test[: NB_TEST] im_shape = X_train[0].shape classifier = CNN(im_shape, act="relu", defences=["labsmooth"]) classifier.compile({ 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] }) # Fit the classifier classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE) scores = classifier.evaluate(X_test, Y_test) print("\naccuracy: %.2f%%" % (scores[1] * 100))
def test_mnist(self): session = tf.Session() k.set_session(session) comp_params = { "loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy'] } # get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train = X_train[:nb_train], Y_train[:nb_train] X_test, Y_test = X_test[:nb_test], Y_test[:nb_test] im_shape = X_train[0].shape # get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=batch_size, verbose=0) scores = classifier.evaluate(X_test, Y_test) print("\naccuracy on test set: %.2f%%" % (scores[1] * 100)) df = CarliniL2Method(classifier, sess=session, targeted=False, max_iterations=100, binary_search_steps=2, learning_rate=1e-2, initial_const=1) params = { 'y_val': random_targets(Y_test, classifier.model.get_output_shape_at(-1)[-1]) } x_test_adv = df.generate(X_test, **params) self.assertFalse((X_test == x_test_adv).all()) y_pred = get_labels_np_array(classifier.predict(x_test_adv)) self.assertFalse((Y_test == y_pred).all()) scores = classifier.evaluate(x_test_adv, Y_test) print('\naccuracy on adversarial examples: %.2f%%' % (scores[1] * 100))
def test_cnn_brelu(self): session = tf.Session() keras.backend.set_session(session) # get MNIST (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train, X_test, Y_test = X_train[: NB_TRAIN], Y_train[: NB_TRAIN], X_test[: NB_TEST], Y_test[: NB_TEST] im_shape = X_train[0].shape classifier = CNN(im_shape, act="brelu", act_params={ "alpha": 1, "max_value": 2 }) classifier.compile({ 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] }) # Fit the classifier classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE) act_config = classifier.model.layers[1].get_config() self.assertEqual(act_config["alpha"], 1) self.assertEqual(act_config["max_value"], 2)
def test_cnn_batchnorm(self): session = tf.Session() keras.backend.set_session(session) # get MNIST (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train, X_test, Y_test = X_train[: NB_TRAIN], Y_train[: NB_TRAIN], X_test[: NB_TEST], Y_test[: NB_TEST] im_shape = X_train[0].shape classifier = CNN(im_shape, act="relu", bnorm=True) classifier.compile({ 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] }) # Fit the classifier classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE) bnorm_layer = classifier.model.layers[2] self.assertIsInstance(bnorm_layer, keras.layers.normalization.BatchNormalization)
def test_mnist_targeted(self): session = tf.Session() k.set_session(session) comp_params = {"loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy']} # Get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:nb_train], y_train[:nb_train] x_test, y_test = x_test[:nb_test], y_test[:nb_test] im_shape = x_train[0].shape # Get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(x_train, y_train, epochs=1, batch_size=batch_size, verbose=0) scores = classifier.evaluate(x_test, y_test) print("\naccuracy on test set: %.2f%%" % (scores[1] * 100)) # Generate random target classes import numpy as np nb_classes = np.unique(np.argmax(y_test, axis=1)).shape[0] targets = np.random.randint(nb_classes, size=nb_test) while (targets == np.argmax(y_test, axis=1)).any(): targets = np.random.randint(nb_classes, size=nb_test) # Perform attack df = SaliencyMapMethod(classifier, sess=session, clip_min=0, clip_max=1, theta=1) x_test_adv = df.generate(x_test, y_val=targets) self.assertFalse((x_test == x_test_adv).all()) y_pred = get_labels_np_array(classifier.predict(x_test_adv)) self.assertFalse((y_test == y_pred).all()) scores = classifier.evaluate(x_test_adv, y_test) print('\naccuracy on adversarial examples: %.2f%%' % (scores[1] * 100))
def test_save_load_cnn(self): NB_TRAIN = 100 NB_TEST = 10 comp_params = { 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] } session = tf.Session() keras.backend.set_session(session) # get MNIST (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train, X_test, Y_test = X_train[: NB_TRAIN], Y_train[: NB_TRAIN], X_test[: NB_TEST], Y_test[: NB_TEST] im_shape = X_train[0].shape classifier = CNN(im_shape, act="brelu") classifier.compile(comp_params) # Fit the classifier classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE) path = "./tests/save/cnn/" # Test saving save_classifier(classifier, path) self.assertTrue(os.path.isfile(path + "model.json")) self.assertTrue(os.path.getsize(path + "model.json") > 0) self.assertTrue(os.path.isfile(path + "weights.h5")) self.assertTrue(os.path.getsize(path + "weights.h5") > 0) # Test loading loaded_classifier = load_classifier(path) scores = classifier.evaluate(X_test, Y_test) scores_loaded = loaded_classifier.evaluate(X_test, Y_test) self.assertAlmostEqual(scores, scores_loaded)
def test_emp_robustness_mnist(self): session = tf.Session() K.set_session(session) comp_params = { "loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy'] } # get MNIST (X_train, Y_train), (_, _), _, _ = load_mnist() X_train, Y_train = X_train[:NB_TRAIN], Y_train[:NB_TRAIN] im_shape = X_train[0].shape # Get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE) # Compute minimal perturbations params = {"eps_step": 1.1, "clip_min": 0., "clip_max": 1.} emp_robust = empirical_robustness(X_train, classifier, session, "fgsm", params) self.assertEqual(emp_robust, 0.) params = { "eps_step": 1., "eps_max": 1., "clip_min": None, "clip_max": None } emp_robust = empirical_robustness(X_train, classifier, session, "fgsm", params) self.assertAlmostEqual(emp_robust, 1., 3) params = { "eps_step": 0.1, "eps_max": 0.2, "clip_min": None, "clip_max": None } emp_robust = empirical_robustness(X_train, classifier, session, "fgsm", params) self.assertLessEqual(emp_robust, 0.2)
def test_mnist(self): session = tf.Session() k.set_session(session) comp_params = {"loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy']} # get MNIST batch_size, nb_train, nb_test = 100, 1000, 100 (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train = X_train[:nb_train], Y_train[:nb_train] X_test, Y_test = X_test[:nb_test], Y_test[:nb_test] im_shape = X_train[0].shape # get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=batch_size, verbose=0) scores = classifier.evaluate(X_train, Y_train) print("\naccuracy on training set: %.2f%%" % (scores[1] * 100)) scores = classifier.evaluate(X_test, Y_test) print("\naccuracy on test set: %.2f%%" % (scores[1] * 100)) attack_params = {"verbose": 0, "clip_min": 0., "clip_max": 1., "eps": 1.} attack = FastGradientMethod(classifier, session) X_train_adv = attack.generate(X_train, **attack_params) X_test_adv = attack.generate(X_test, **attack_params) self.assertFalse((X_train == X_train_adv).all()) self.assertFalse((X_test == X_test_adv).all()) train_y_pred = get_labels_np_array(classifier.predict(X_train_adv)) test_y_pred = get_labels_np_array(classifier.predict(X_test_adv)) self.assertFalse((Y_train == train_y_pred).all()) self.assertFalse((Y_test == test_y_pred).all()) scores = classifier.evaluate(X_train_adv, Y_train) print('\naccuracy on adversarial train examples: %.2f%%' % (scores[1] * 100)) scores = classifier.evaluate(X_test_adv, Y_test) print('\naccuracy on adversarial test examples: %.2f%%' % (scores[1] * 100)) # test minimal perturbations attack_params = {"verbose": 0, "clip_min": 0., "clip_max": 1., "minimal": True, "eps_step": .1, "eps_max": 1.} X_train_adv_min = attack.generate(X_train, **attack_params) X_test_adv_min = attack.generate(X_test, **attack_params) self.assertFalse((X_train_adv_min == X_train_adv).all()) self.assertFalse((X_test_adv_min == X_test_adv).all()) self.assertFalse((X_train == X_train_adv_min).all()) self.assertFalse((X_test == X_test_adv_min).all()) train_y_pred = get_labels_np_array(classifier.predict(X_train_adv_min)) test_y_pred = get_labels_np_array(classifier.predict(X_test_adv_min)) self.assertFalse((Y_train == train_y_pred).all()) self.assertFalse((Y_test == test_y_pred).all()) scores = classifier.evaluate(X_train_adv_min, Y_train) print('\naccuracy on adversarial train examples with minimal perturbation: %.2f%%' % (scores[1] * 100)) scores = classifier.evaluate(X_test_adv_min, Y_test) print('\naccuracy on adversarial test examples with minimal perturbation: %.2f%%' % (scores[1] * 100))
# Get dataset (X_train, Y_train), (X_test, Y_test), _, _ = load_dataset(args.dataset) if os.path.isfile(args.dataset): X_train = np.load(args.dataset) Y_train = Y_train if "train.npy" in args.dataset else Y_test im_shape = X_train[0].shape session = tf.Session() k.set_session(session) if args.classifier == "cnn": classifier = CNN(im_shape, act=args.act, bnorm=False, defences=args.defences, dataset=args.dataset) elif args.classifier == "resnet": classifier = ResNet(im_shape, act=args.act, bnorm=False, defences=args.defences) elif args.classifier == "mlp": classifier = MLP(im_shape, act=args.act, bnorm=False, defences=args.defences, dataset=args.dataset) # Fit the classifier
# Get session session = tf.Session() k.set_session(session) # Read MNIST dataset (x_train, y_train), (x_test, y_test), min_, max_ = load_dataset('mnist') im_shape = x_train[0].shape # Construct and train a Resnet convolutional neural network comp_params = {'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy']} source = ResNet(im_shape, act='relu') source.compile(comp_params) source.fit(x_train, y_train, validation_split=.1, epochs=5, batch_size=128) # Craft adversarial samples with DeepFool epsilon = .1 # Maximum perturbation adv_crafter = DeepFool(source, sess=session) x_train_adv = adv_crafter.generate(x_val=x_train, eps=epsilon, clip_min=min_, clip_max=max_) x_test_adv = adv_crafter.generate(x_val=x_test, eps=epsilon, clip_min=min_, clip_max=max_) # Construct and train a convolutional neural network target = CNN(im_shape, act='relu', dataset='mnist') target.compile(comp_params) target.fit(x_train, y_train, validation_split=.1, epochs=5, batch_size=128) # Evaluate the CNN on the adversarial samples scores = target.evaluate(x_test, y_test) print("\nLoss on adversarial samples: %.2f%%\nAccuracy on adversarial samples: %.2f%%" % (scores[0], scores[1] * 100))
from src.classifiers.cnn import CNN from src.utils import load_dataset # Get session session = tf.Session() k.set_session(session) # Read MNIST dataset (x_train, y_train), (x_test, y_test), min_, max_ = load_dataset('mnist') im_shape = x_train[0].shape # Construct a convolutional neural network comp_params = {'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy']} classifier = CNN(im_shape, act='relu', dataset='mnist') classifier.compile(comp_params) classifier.fit(x_train, y_train, validation_split=.1, epochs=5, batch_size=128) # Evaluate the classifier on the test set scores = classifier.evaluate(x_test, y_test) print("\nTest loss: %.2f%%\nTest accuracy: %.2f%%" % (scores[0], scores[1] * 100)) # Craft adversarial samples with FGSM epsilon = .1 # Maximum perturbation adv_crafter = FastGradientMethod(classifier, sess=session) x_test_adv = adv_crafter.generate(x_val=x_test, eps=epsilon, clip_min=min_, clip_max=max_) # Evaluate the classifier on the adversarial examples scores = classifier.evaluate(x_test_adv, y_test) print("\nTest loss: %.2f%%\nTest accuracy: %.2f%%" % (scores[0], scores[1] * 100))
from src.classifiers.cnn import CNN from src.utils import load_dataset # Read CIFAR10 dataset (x_train, y_train), (x_test, y_test), _, _ = load_dataset('cifar10') im_shape = x_train[0].shape # Construct a convolutional neural network with feature squeezing activated # For CIFAR10, squeezing the features to 3 bits works well comp_params = { 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] } classifier = CNN(im_shape, act='relu', dataset='cifar10', defences='featsqueeze3') classifier.compile(comp_params) classifier.fit(x_train, y_train, validation_split=.1, epochs=10, batch_size=128) # Evaluate the classifier on the test set scores = classifier.evaluate(x_test, y_test) print("\nTest loss: %.2f%%\nTest accuracy: %.2f%%" % (scores[0], scores[1] * 100))
def test_mnist(self): session = tf.Session() k.set_session(session) comp_params = {"loss": 'categorical_crossentropy', "optimizer": 'adam', "metrics": ['accuracy']} # get MNIST batch_size, nb_train, nb_test = 10, 10, 10 (X_train, Y_train), (X_test, Y_test), _, _ = load_mnist() X_train, Y_train = X_train[:nb_train], Y_train[:nb_train] X_test, Y_test = X_test[:nb_test], Y_test[:nb_test] im_shape = X_train[0].shape # get classifier classifier = CNN(im_shape, act="relu") classifier.compile(comp_params) classifier.fit(X_train, Y_train, epochs=1, batch_size=batch_size, verbose=0) scores = classifier.evaluate(X_test, Y_test) print("\naccuracy on test set: %.2f%%" % (scores[1] * 100)) attack_params = {"verbose": 2, "clip_min": 0., "clip_max": 1, "attacker": "deepfool"} attack = UniversalPerturbation(classifier, session) x_train_adv = attack.generate(X_train, **attack_params) self.assertTrue((attack.fooling_rate >= 0.2) or not attack.converged) x_test_adv = X_test + attack.v self.assertFalse((X_test == x_test_adv).all()) train_y_pred = get_labels_np_array(classifier.predict(x_train_adv)) test_y_pred = get_labels_np_array(classifier.predict(x_test_adv)) self.assertFalse((Y_test == test_y_pred).all()) self.assertFalse((Y_train == train_y_pred).all()) scores = classifier.evaluate(x_train_adv, Y_train) print('\naccuracy on adversarial train examples: %.2f%%' % (scores[1] * 100)) scores = classifier.evaluate(x_test_adv, Y_test) print('\naccuracy on adversarial test examples: %.2f%%' % (scores[1] * 100))