コード例 #1
0
def create_adv(sess, dataset, attack):
    img, label, target_label = get_attack_original(cfg.attack_name, dataset, n=cfg.number_img, targeted=True)
    att_dir = get_dir(cfg.data_dir, dataset.name, cfg.attack_name, attack.model.name)
    att_file = os.path.join(att_dir, 'adv_images.npy')
    if os.path.isfile(att_file):
        tf.logging.debug('Loading adv img from %s', att_file)
        adv_img = np.load(att_file)
    else:
        tf.logging.debug('Creating empty array for adv img')
        adv_img = np.empty(shape=(0, *dataset.shape), dtype='float32')
        
    c_prop = _c_prop(att_dir)
    num_adv = len(adv_img)
    tf.logging.info('Starting at img %d', num_adv)
    for i in range(num_adv, cfg.number_img):
        tic = time.time()
        adv = cw_attack(sess, img[i], target_label[i], attack, cfg.max_opt_iter, cfg.max_bin_iter, c_prop)
        if adv is None:
            tf.logging.info('Attack failed...')
            # If attack didn't succeed, mark image with NaN
            adv = np.empty_like(img[i])
            adv[:] = np.nan
        adv_img = np.append(adv_img, [adv], axis=0)
        np_save_bak(att_file, adv_img)
        tf.logging.info('Number of adv images: %d', i)
        tf.logging.info('Finished iteration in %.2f', time.time()-tic)
コード例 #2
0
def main(args):
    
    model_class = get_model(args[1])
    dataset = dataset_by_name(args[2])

    params = get_params(args[1], dataset.name)
    
    tf.logging.debug('Creating attack ops')
    attack = CWAttackOp(model_class,
                        params,
                        dataset.shape,
                        dataset.num_classes,
                        kappa=cfg.kappa,
                        rand_start_std=cfg.rand_start_std)
    
    ckpt_dir = get_dir(cfg.ckpt_dir, dataset.name, attack.model.name)
    saver = tf.train.Saver(var_list=tf.global_variables(scope=attack.model.scope))
    
    tf.logging.debug('Starting session')
    with tf.Session() as sess:
        try:
            save_path = tf.train.latest_checkpoint(ckpt_dir)
            saver.restore(sess, save_path)
            create_adv(sess, dataset, attack)
        except KeyboardInterrupt:
            print("Manual interrupt occured")
コード例 #3
0
def create_adv(sess, dataset, fgsm):
    img, label = get_attack_original(attack_name, dataset)
    att_dir = get_dir(cfg.data_dir, dataset.name, attack_name, fgsm.model.name)
    # max_norm = max_norm_ratio * _avg_norm(dataset)
    # tf.logging.info('Using max norm %f', max_norm)

    for idx in np.array_split(np.arange(len(label)), num_split):
        tf.logging.info('Attacking range {}-{}'.format(idx.min(), idx.max()))
        att_file = os.path.join(
            att_dir, 'adv_perts{}-{}.npy'.format(idx.min(), idx.max()))
        if os.path.isfile(att_file):
            tf.logging.debug('Loading pert from %s', att_file)
            perts = np.load(att_file)
        else:
            tf.logging.debug('Creating empty array for perts')
            perts = np.empty(shape=(0, *dataset.shape), dtype='float32')

        num_adv = len(perts)
        for i in range(num_adv, pert_per_split):
            attack = UniversalPerturbation(fgsm,
                                           img[idx],
                                           label[idx],
                                           batch_size=batch_size,
                                           max_it=max_it,
                                           target_rate=target_rate)
            tic = time.time()
            attack.fit(sess)
            perts = np.append(perts, [attack.perturbation], axis=0)
            np_save_bak(att_file, perts, num_bak=2)
            tf.logging.info('Finished iteration in %.2f', time.time() - tic)
コード例 #4
0
def main(args):

    model_class = get_model(args[1])
    dataset = dataset_by_name(args[2])

    params = get_params(args[1], dataset.name)

    tf.logging.debug('Building model')
    model = model_class(trainable=False,
                        num_classes=dataset.num_classes,
                        shape=dataset.shape,
                        **params)

    tf.logging.debug('Creating attack ops')
    fgsm = FGSM(model, fgsm_eps)

    ckpt_dir = get_dir(cfg.ckpt_dir, dataset.name, model.name)
    saver = tf.train.Saver(var_list=tf.global_variables(scope=model.scope))

    tf.logging.debug('Starting session')
    with tf.Session() as sess:
        try:
            save_path = tf.train.latest_checkpoint(ckpt_dir)
            saver.restore(sess, save_path)
            create_adv(sess, dataset, fgsm)
        except KeyboardInterrupt:
            print("Manual interrupt occurred")
コード例 #5
0
def measure_universal(dataset_name, model, sess, source_name):
    attack_name = 'universal_perturbation'
    tf.logging.info('Measuring %s: source %s, target %s', attack_name, source_name, model.name)

    attack_path = os.path.join(cfg.data_dir, dataset_name, attack_name, 'originals.npz')
    with np.load(attack_path) as npz:
        img = npz['img']

    source_path = os.path.join(cfg.data_dir, dataset_name, attack_name, source_name)
    adv_files = [fn for fn in os.listdir(source_path) if fn.endswith('.npy')]
    for adv_file_name in adv_files:
        pert_file = os.path.join(source_path, adv_file_name)

        perts = np.load(pert_file)

        if cfg.amplify_perturbation is not None:
            tf.logging.debug('Amplifying perturbations')
            perts *= cfg.amplify_perturbation

        tf.logging.info('Loaded adv images %s', pert_file)

        prob_list = []
        for pert in perts:
            prob_list.append(get_probabilities(model, img+pert, sess, cfg.batch_size))

        save_dir = get_dir(cfg.data_dir, dataset_name, attack_name, 'Measure_' + source_name + '_' + model.name)
        save_file = os.path.join(save_dir, 'probabilities_' + adv_file_name)

        np.save(save_file, prob_list)
コード例 #6
0
def measure_normal_attack(attack_name, dataset_name, model, sess, source_name):
    tf.logging.info('Measuring %s: source %s, target %s', attack_name, source_name, model.name)

    source_path = os.path.join(cfg.data_dir, dataset_name, attack_name, source_name)
    adv_files = [fn for fn in os.listdir(source_path) if fn.endswith('.npy')]

    assert len(adv_files) == 1, 'No valid .npy file found for {},{}'.format(attack_name, source_name)

    adv_file_name = adv_files[0]
    adv_file = os.path.join(source_path, adv_file_name)

    adv_img = np.load(adv_file)
    tf.logging.info('Loaded adv images %s', adv_file)

    if cfg.amplify_perturbation is not None:
        tf.logging.debug('Amplifying perturbations')
        attack_path = os.path.join(cfg.data_dir, dataset_name, attack_name, 'originals.npz')
        with np.load(attack_path) as npz:
            img = npz['img']
        img = img[:len(adv_img)]
        pert = adv_img - img
        pert *= cfg.amplify_perturbation
        adv_img = img + pert

    probs = get_probabilities(model, adv_img, sess, cfg.batch_size)

    amp_str = ('amp' + str(cfg.amplify_perturbation) + '_') if cfg.amplify_perturbation is not None else ''
    save_dir = get_dir(cfg.data_dir, dataset_name, attack_name,
            'Measure_' + source_name + '_' + amp_str + model.name)
    save_file = os.path.join(save_dir, 'probabilities_' + adv_file_name)

    np.save(save_file, probs)
コード例 #7
0
def main(args):

    model_name = args[1]
    model_class = get_model(model_name)
    source_name = args[2]
    dataset = dataset_by_name(args[3])

    if len(args) < 5:
        attacks = ['carlini_wagner', 'boundary_attack', 'deepfool', 'universal_perturbation']
    else:
        attacks = args[4].split(',')

    params = get_params(model_name, dataset.name)

    tf.logging.debug('Creating model graph')
    model = model_class(trainable=False, num_classes=dataset.num_classes, shape=dataset.shape, **params)

    ckpt_dir = get_dir(cfg.ckpt_dir, dataset.name, model.name)
    saver = tf.train.Saver(var_list=tf.global_variables(scope=model.scope))

    if cfg.stop_before_session:
        exit()

    tf.logging.debug('Starting session')
    with tf.Session() as sess:
        try:
            save_path = tf.train.latest_checkpoint(ckpt_dir)
            saver.restore(sess, save_path)
            for attack in attacks:
                measure_attack(attack, dataset.name, model, sess, source_name)

        except KeyboardInterrupt:
            print("Manual interrupt occurred")
コード例 #8
0
def main(args):

    model_class = get_model(args[1])
    dataset = dataset_by_name(args[2])

    params = get_params(args[1], dataset.name)
    load_config(dataset.name, optional=True)

    with tf.variable_scope('data'):
        tf.logging.debug('Load data')
        train_data = to_tf_dataset(dataset, is_train=True, batch_size=cfg.batch_size,
                                   aug_strength=cfg.data_aug, 
                                   aug_prob=cfg.aug_prob,
                                   aug_flip=cfg.aug_flip)
        test_data = to_tf_dataset(dataset, is_train=False, batch_size=cfg.batch_size)

        iterator = tf.data.Iterator.from_structure(train_data.output_types,
                                                   train_data.output_shapes)
        img, label = iterator.get_next()

        tf.logging.debug('Creating iterator initializer')
        train_init = iterator.make_initializer(train_data)
        test_init = iterator.make_initializer(test_data)

    tf.train.create_global_step()
    create_epoch()

    tf.logging.debug('Creating model graph')
    model = model_class(img=img, label=label, num_classes=dataset.num_classes, **params)

    ckpt_dir = get_dir(cfg.ckpt_dir, dataset.name, model.name)
    log_dir = get_dir(cfg.log_dir, dataset.name, model.name)

    if cfg.stop_before_session:
        exit()

    tf.logging.debug('Starting session')
    with tf.Session() as sess:
        try:
            train_with_test(sess, model, train_init, test_init, ckpt_dir, log_dir)
        except KeyboardInterrupt:
            print("Manual interrupt occured")
コード例 #9
0
def measure_original(attack_name, dataset_name, model, sess):
    tf.logging.info('Measuring %s: source %s on originals', attack_name, model.name)
    original_file = os.path.join(cfg.data_dir, dataset_name, attack_name, 'originals.npz')
    with np.load(original_file) as npz:
        img = npz['img']

    tf.logging.info('Loaded adv images %s', original_file)

    probs = get_probabilities(model, img, sess, cfg.batch_size)

    save_dir = get_dir(cfg.data_dir, dataset_name, attack_name, 'Measure_original_' + model.name)
    save_file = os.path.join(save_dir, 'probabilities_originals.npy')

    np.save(save_file, probs)
コード例 #10
0
def attack_activations(sess, attack_name, dataset, model):
    tf.logging.info('Activations for %s', attack_name)

    orig, _ = get_attack_original(attack_name, dataset)
    adv = get_adv(model.name, attack_name, dataset.name)

    orig = orig[:cfg.batch_size]

    if 'universal' in attack_name.lower():
        adv = orig + adv[0]
    else:
        adv = adv[:cfg.batch_size]

    directory = get_dir(cfg.data_dir, dataset.name, attack_name, 'activations')

    tf.logging.info('Measuring originals')
    save_activations(sess, feed_dict={model.img: orig, model.label: [0]}, directory=directory, file_prefix='original_')
    tf.logging.info('Measuring adversarial examples')
    save_activations(sess, feed_dict={model.img: adv, model.label: [0]}, directory=directory, file_prefix='adversarial_')
コード例 #11
0
def main(args):

    model_class = get_model(args[1])
    dataset = dataset_by_name(args[2])

    params = get_params(args[1], dataset.name)

    tf.logging.debug('Creating attack ops')
    deepfool = DeepfoolOp(model_class, dataset=dataset, params=params)

    ckpt_dir = get_dir(cfg.ckpt_dir, dataset.name, deepfool.model.name)
    saver = tf.train.Saver(var_list=tf.global_variables(
        scope=deepfool.model.scope))

    tf.logging.debug('Starting session')
    with tf.Session() as sess:
        try:
            sess.graph.finalize()
            save_path = tf.train.latest_checkpoint(ckpt_dir)
            saver.restore(sess, save_path)
            create_adv(sess, dataset, deepfool)
        except KeyboardInterrupt:
            print("Manual interrupt occured")
コード例 #12
0
def get_attack_original(attack_name,
                        dataset,
                        n=None,
                        targeted=False,
                        override=False):
    """
    Loads original images from file, or creates file with random test images.
    Args:
        attack_name: string, name of the attack
        dataset: ImgDataset instance
        n: number of images. If image file already exists, None will load all.
           If file doesn't exists yet, or override is True, n must not be None
        override: If true, generate a new file
    """
    num_classes = dataset.num_classes
    path = get_dir(cfg.data_dir, dataset.name, attack_name)
    file_name = os.path.join(path, 'originals.npz')

    if not os.path.isfile(file_name) or override:
        _, (img, label) = dataset.data

        idx = np.random.permutation(len(img))
        img = img[idx]
        label = label[idx]

        img = img[:n]
        label = label[:n]

        save_kwargs = {'img': img, 'label': label}

        if targeted:
            target_label = np.random.randint(low=0,
                                             high=num_classes,
                                             size=label.size,
                                             dtype=label.dtype)
            # Make sure label and target label are different
            same_idx = np.where(label == target_label)[0]
            while same_idx.size > 0:
                target_label[same_idx] = np.random.randint(low=0,
                                                           high=num_classes,
                                                           size=same_idx.size,
                                                           dtype=label.dtype)
                same_idx = np.where(label == target_label)[0]
            save_kwargs['target_label'] = target_label

        tf.logging.debug('Saving to file %s', file_name)
        np.savez(file_name, **save_kwargs)

    else:
        tf.logging.debug('Loading from file %s', file_name)
        with np.load(file_name) as npzfile:
            img = npzfile['img']
            label = npzfile['label']

            img = img[:n]
            label = label[:n]

            if 'target_label' in npzfile.keys():
                target_label = npzfile['target_label']
                target_label = target_label[:n]

    if targeted:
        return img, label, target_label
    return img, label