def main(args): assert args.dataset in ['mnist', 'cifar', 'svhn'], \ "Dataset parameter must be either 'mnist', 'cifar' or 'svhn'" assert args.attack in ['fgsm', 'bim-a', 'bim-b', 'jsma', 'cw-l2', 'all', 'cw-lid'], \ "Attack parameter must be either 'fgsm', 'bim-a', 'bim-b', " \ "'jsma', 'cw-l2', 'all' or 'cw-lid' for attacking LID detector" model_file = os.path.join(PATH_DATA, "model_%s.h5" % args.dataset) # model_file = "../data_v1/model_%s.h5" % args.dataset print(model_file) assert os.path.isfile(model_file), \ 'model file not found... must first train model using train_model.py.' if args.dataset == 'svhn' and args.attack == 'cw-l2': assert args.batch_size == 16, \ "svhn has 26032 test images, the batch_size for cw-l2 attack should be 16, " \ "otherwise, there will be error at the last batch!" print('Dataset: %s. Attack: %s' % (args.dataset, args.attack)) # Create TF session, set it as Keras backend sess = tf.Session() K.set_session(sess) if args.attack == 'cw-l2' or args.attack == 'cw-lid': warnings.warn("Important: remove the softmax layer for cw attacks!") # use softmax=False to load without softmax layer model = get_model(args.dataset, softmax=False) model.compile(loss=cross_entropy, optimizer='adadelta', metrics=['accuracy']) model.load_weights(model_file) else: model = load_model(model_file) _, _, X_test, Y_test = get_data(args.dataset) _, acc = model.evaluate(X_test, Y_test, batch_size=args.batch_size, verbose=0) print("Accuracy on the test set: %0.2f%%" % (100 * acc)) if args.attack == 'cw-lid': # breaking LID detector - test X_test = X_test[:1000] Y_test = Y_test[:1000] if args.attack == 'all': # Cycle through all attacks for attack in ['fgsm']: craft_one_type(sess, model, X_test, Y_test, args.dataset, attack, args.batch_size) else: # Craft one specific attack type craft_one_type(sess, model, X_test, Y_test, args.dataset, args.attack, args.batch_size) print('Adversarial samples crafted and saved to %s ' % PATH_DATA) sess.close()
atck = 'cw_pgd' f = open(os.path.join(args.log_dir, 'Adv_%s_%s.p' % (dataset, atck)), "w") else: f = open(os.path.join(args.log_dir, "custom.p"), "w") pickle.dump({"adv_input": adv_x_samples, "adv_labels": adv_y_samples}, f) f.close() with tf.Session() as sess: dataset = 'mnist' K.set_session(sess) K.set_image_data_format('channels_first') _, _, X_test, Y_test = get_data(dataset) num_samples = np.shape(X_test)[0] num_rand_samples = 1328 random_samples = np.random.randint(0, num_samples, num_rand_samples) new_X_test = np.zeros((num_rand_samples, 1, 28, 28)) for i, sample_no in enumerate(random_samples): new_X_test[i, 0, :, :] = (X_test[sample_no, :, :, 0]) new_Y_test = Y_test[random_samples, :] f = open(os.path.join(args.log_dir, 'Random_Test_%s_.p' % (dataset)), 'w') pickle.dump({"adv_input": new_X_test, "adv_labels": new_Y_test}, f) f.close() if (args.attack == 'cw-l2' or args.attack == 'all'): #No softmax for Carlini attack pytorch_network = Net() pytorch_network.load_state_dict(torch.load(args_ckpt))