def main(modulename, imagename):
'''
Kera的应用模块Application提供了带有预训练权重的Keras模型,这些模型可以用来进行预测、特征提取和finetune
模型的预训练权重将下载到~/.keras/models/并在载入模型时自动载入
'''
# 设置为测试模式
keras.backend.set_learning_phase(0)
model = ResNet50(weights=modulename)
#model = InceptionV3(weights=modulename)
logging.info(model.summary())
img = image.load_img(imagename, target_size=(224, 224))
raw_imagedata = image.img_to_array(img)
raw_imagedata = np.expand_dims(raw_imagedata, axis=0)
# 'RGB'->'BGR'
imagedata = raw_imagedata[:, :, :, ::-1]
#logging.info(raw_imagedata)
#logging.info(imagedata)
#logit fc1000
logits = model.get_layer('fc1000').output
#keras中获取指定层的方法为:
#base_model.get_layer('block4_pool').output)
# advbox demo
# 因为原始数据没有归一化 所以bounds=(0, 255) KerasMode内部在进行预测和计算梯度时会进行预处理
# imagenet数据集归一化时 标准差为1 mean为[104, 116, 123]
# featurefqueezing_bit_depth featurefqueezing防御算法 提高生成攻击样本的质量 为特征数据的bit位 一般8就ok了
m = KerasModel(model,
model.input,
None,
logits,
None,
bounds=(0, 255.0),
channel_axis=3,
preprocess=([104, 116, 123], 1),
featurefqueezing_bit_depth=8)
attack = FGSM(m)
#设置epsilons时不用考虑特征范围 算法实现时已经考虑了取值范围的问题 epsilons取值范围为(0,1)
#epsilon支持动态调整 epsilon_steps为epsilon变化的个数
#epsilons为下限 epsilons_max为上限
#attack_config = {"epsilons": 0.3, "epsilons_max": 0.5, "epsilon_steps": 100}
#静态epsilons
attack_config = {
"epsilons": 1,
"epsilons_max": 10,
"epsilon_steps": 1,
"steps": 100
}
#y设置为空 会自动计算
adversary = Adversary(imagedata.copy(), None)
# FGSM non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
logging.info("adversary_image label={0} ".format(
np.argmax(m.predict(adversary_image))))
#logging.info(adversary_image)
#强制类型转换 之前是float 现在要转换成uint8
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
#logging.info(adversary_image)
adversary_image = adversary_image[:, :, ::-1]
logging.info(adversary_image - raw_imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_nontarget.jpg')
print("fgsm non-target attack done")
attack = FGSMT(m)
#静态epsilons
attack_config = {
"epsilons": 10,
"epsilons_max": 10,
"epsilon_steps": 1,
"steps": 100
}
adversary = Adversary(imagedata, None)
tlabel = 489
adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# FGSM targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成int8
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
adversary_image = adversary_image[:, :, ::-1]
logging.info(adversary_image - raw_imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_target.jpg')
print("fgsm target attack done")
def main(modulename, imagename):
'''
Kera的应用模块Application提供了带有预训练权重的Keras模型,这些模型可以用来进行预测、特征提取和finetune
模型的预训练权重将下载到~/.keras/models/并在载入模型时自动载入
'''
# 设置为测试模式
keras.backend.set_learning_phase(0)
model = ResNet50(weights=modulename)
logging.info(model.summary())
img = image.load_img(imagename, target_size=(224, 224))
imagedata = image.img_to_array(img)
imagedata = np.expand_dims(imagedata, axis=0)
#keras数据预处理后范围为(-128,128)
imagedata = preprocess_input(imagedata)
preds = model.predict(imagedata)
#logit fc1000
logits = model.get_layer('fc1000').output
print('Predicted:', decode_predictions(preds, top=3)[0])
#keras中获取指定层的方法为:
#base_model.get_layer('block4_pool').output)
# advbox demo
# 因为原始数据没有归一化 所以bounds=(0, 255)
m = KerasModel(model,
model.input,
None,
logits,
None,
bounds=(-128, 128),
channel_axis=3,
preprocess=None)
attack = FGSM(m)
#设置epsilons时不用考虑特征范围 算法实现时已经考虑了取值范围的问题 epsilons取值范围为(0,1)
#epsilon支持动态调整 epsilon_steps为epsilon变化的个数
#epsilons为下限 epsilons_max为上限
attack_config = {
"epsilons": 0.1,
"epsilons_max": 0.5,
"epsilon_steps": 100
}
#y设置为空 会自动计算
adversary = Adversary(imagedata, None)
# FGSM non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成int8
#print(adversary_image)
adversary_image = np.array(adversary_image).astype("int8").reshape(
[224, 224, 3])
#logging.info(adversary_image-imagedata)
#logging.info(adversary_image)
im = Image.fromarray(adversary_image)
im.save("adversary_image_nontarget.jpg")
print("fgsm non-target attack done")
def main(modulename, imagename):
'''
Kera的应用模块Application提供了带有预训练权重的Keras模型,这些模型可以用来进行预测、特征提取和finetune
模型的预训练权重将下载到~/.keras/models/并在载入模型时自动载入
'''
# 设置为测试模式
keras.backend.set_learning_phase(0)
model = ResNet50(weights=modulename)
logging.info(model.summary())
img = image.load_img(imagename, target_size=(224, 224))
imagedata = image.img_to_array(img)
#imagedata=imagedata[:, :, ::-1]
imagedata = np.expand_dims(imagedata, axis=0)
#logit fc1000
logits = model.get_layer('fc1000').output
#keras中获取指定层的方法为:
#base_model.get_layer('block4_pool').output)
# advbox demo
# 因为原始数据没有归一化 所以bounds=(0, 255) KerasMode内部在进行预测和计算梯度时会进行预处理
# imagenet数据集归一化时 标准差为1 mean为[104, 116, 123]
m = KerasModel(model,
model.input,
None,
logits,
None,
bounds=(0, 255),
channel_axis=3,
preprocess=([104, 116, 123], 1),
featurefqueezing_bit_depth=8)
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 10}
#y设置为空 会自动计算
adversary = Adversary(imagedata[:, :, ::-1], None)
# deepfool non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成iunt8
#::-1 reverses the color channels, because Keras ResNet50 expects BGR instead of RGB
adversary_image = adversary_image[:, :, ::-1]
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
logging.info(adversary_image - imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_nontarget.jpg')
print("deepfool non-target attack done")
attack = DeepFoolAttack(m)
attack_config = {"iterations": 100, "overshoot": 10}
adversary = Adversary(imagedata[:, :, ::-1], None)
tlabel = 489
adversary.set_target(is_targeted_attack=True, target_label=tlabel)
# deepfool targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
#对抗样本保存在adversary.adversarial_example
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成int8
#::-1 reverses the color channels, because Keras ResNet50 expects BGR instead of RGB
adversary_image = adversary_image[:, :, ::-1]
adversary_image = np.array(adversary_image).astype("uint8").reshape(
[224, 224, 3])
logging.info(adversary_image - imagedata)
img = array_to_img(adversary_image)
img.save('adversary_image_target.jpg')
print("deepfool target attack done")
def main(modulename, imagename):
'''
Kera的应用模块Application提供了带有预训练权重的Keras模型,这些模型可以用来进行预测、特征提取和finetune
模型的预训练权重将下载到~/.keras/models/并在载入模型时自动载入
'''
# 设置为测试模式
keras.backend.set_learning_phase(0)
model = ResNet50(weights=modulename)
img = image.load_img(imagename, target_size=(224, 224))
original_image = image.img_to_array(img)
imagedata = np.expand_dims(original_image, axis=0)
#获取logit层
logits = model.get_layer('fc1000').output
# 创建keras对象
# imagenet数据集归一化时 标准差为1 mean为[104, 116, 123]
m = KerasModel(model,
model.input,
None,
logits,
None,
bounds=(0, 255),
channel_axis=3,
preprocess=([104, 116, 123], 1),
featurefqueezing_bit_depth=8)
attack = FGSM(m)
#静态epsilon
attack_config = {
"epsilons": 1,
"epsilons_max": 10,
"epsilon_steps": 1,
"steps": 100
}
#y设置为空 会自动计算
adversary = Adversary(imagedata[:, :, ::-1], None)
# fgsm non-targeted attack
adversary = attack(adversary, **attack_config)
if adversary.is_successful():
print('attack success, adversarial_label=%d' %
(adversary.adversarial_label))
adversary_image = np.copy(adversary.adversarial_example)
#强制类型转换 之前是float 现在要转换成uint8
#BGR -> RGB
adversary_image = adversary_image[:, :, ::-1]
#adversary_image = np.array(adversary_image).astype("uint8").reshape([224,224,3])
#original_image=np.array(original_image).astype("uint8").reshape([224, 224, 3])
adversary_image = np.array(adversary_image).reshape([224, 224, 3])
original_image = np.array(original_image).reshape([224, 224, 3])
show_images_diff(original_image, adversary_image)
print("FGSM non-target attack done")