def test_pytorch(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
ptc = get_image_classifier_pt()
x_train = np.reshape(self.x_train_mnist,
(self.n_train, 1, 28, 28)).astype(np.float32)
attack_ap = AdversarialPatch(ptc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5)
master_seed(seed=1234)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(x_train, target)
self.assertAlmostEqual(patch_adv[0, 8, 8], 0.5002671, delta=0.05)
self.assertAlmostEqual(patch_adv[0, 14, 14], 0.5109714, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
393.09832763671875,
delta=1.0)
def test_4_pytorch(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
ptc = get_image_classifier_pt(from_logits=True)
x_train = np.reshape(self.x_train_mnist,
(self.n_train, 1, 28, 28)).astype(np.float32)
attack_ap = AdversarialPatch(
ptc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5,
verbose=False,
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(x_train, target)
self.assertAlmostEqual(patch_adv[0, 8, 8], 0.6715167, delta=0.05)
self.assertAlmostEqual(patch_adv[0, 14, 14], 0.6292826, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
424.31439208984375,
delta=1.0)
def test_tensorflow_v2_framework(self):
"""
First test with the TensorFlowClassifier.
:return:
"""
tfc, _ = get_image_classifier_tf(from_logits=True)
attack_ap = AdversarialPatch(
tfc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=10,
patch_shape=(28, 28, 1),
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist,
target,
shuffle=False)
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.21282613, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 0.5411238, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
378.3399658203125,
delta=1.0)
def test_6_keras(self):
"""
Second test with the KerasClassifier.
:return:
"""
krc = get_image_classifier_kr(from_logits=True)
attack_ap = AdversarialPatch(
krc, rotation_max=0.5, scale_min=0.4, scale_max=0.41, learning_rate=5.0, batch_size=10, max_iter=5
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist, target)
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.67151666, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 0.6292826, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)), 424.31439208984375, delta=1.0)
# insert_transformed_patch
x_out = attack_ap.insert_transformed_patch(
self.x_train_mnist[0], np.ones((14, 14, 1)), np.asarray([[2, 13], [2, 18], [12, 22], [8, 13]])
)
x_out_expexted = np.array(
[
0.0,
0.0,
1.0,
1.0,
1.0,
1.0,
1.0,
1.0,
1.0,
0.84313726,
0.0,
0.0,
0.0,
0.0,
0.1764706,
0.7294118,
0.99215686,
0.99215686,
0.5882353,
0.10588235,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
],
dtype=np.float32,
)
np.testing.assert_almost_equal(x_out[15, :, 0], x_out_expexted, decimal=3)
def test_tensorflow(self):
"""
First test with the TensorFlowClassifier.
:return:
"""
import tensorflow as tf
tfc, sess = get_image_classifier_tf()
attack_ap = AdversarialPatch(
tfc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5,
patch_shape=(28, 28, 1),
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist,
target,
shuffle=False)
if tf.__version__[0] == "2":
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.55935985, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 0.5917497, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
400.0701904296875,
delta=1.0)
else:
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.5332792, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0],
0.54590017,
delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
398.8515625,
delta=1.0)
if sess is not None:
sess.close()
def test_5_failure_feature_vectors(self):
classifier = get_tabular_classifier_kr()
classifier._clip_values = (0, 1)
# Assert that value error is raised for feature vectors
with self.assertRaises(ValueError) as context:
_ = AdversarialPatch(classifier=classifier)
self.assertIn(
"Unexpected input_shape in estimator detected. AdversarialPatch is expecting images or videos as input.",
str(context.exception),
)
def test_keras(self):
"""
Second test with the KerasClassifier.
:return:
"""
krc = get_image_classifier_kr()
attack_ap = AdversarialPatch(krc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5)
master_seed(seed=1234)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist, target)
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.7993435, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 1.0, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
392.3392333984375,
delta=1.0)
def test_keras(self):
"""
Second test with the KerasClassifier.
:return:
"""
krc = get_image_classifier_kr(from_logits=True)
attack_ap = AdversarialPatch(krc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist, target)
self.assertAlmostEqual(patch_adv[8, 8, 0], 0.67151666, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 0.6292826, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)),
424.31439208984375,
delta=1.0)
def test_failure_feature_vectors(self):
attack_params = {
"rotation_max": 22.5,
"scale_min": 0.1,
"scale_max": 1.0,
"learning_rate": 5.0,
"number_of_steps": 5,
"batch_size": 10,
}
classifier = get_tabular_classifier_kr()
classifier._clip_values = (0, 1)
# Assert that value error is raised for feature vectors
with self.assertRaises(ValueError) as context:
_ = AdversarialPatch(classifier=classifier)
self.assertIn(
"Unexpected input_shape in estimator detected. AdversarialPatch is expecting images or videos as input.",
str(context.exception),
)
def test_failure_feature_vectors(self):
attack_params = {
"rotation_max": 22.5,
"scale_min": 0.1,
"scale_max": 1.0,
"learning_rate": 5.0,
"number_of_steps": 5,
"batch_size": 10,
}
classifier = get_tabular_classifier_kr()
classifier._clip_values = (0, 1)
attack = AdversarialPatch(classifier=classifier)
attack.set_params(**attack_params)
data = np.random.rand(10, 4)
labels = np.random.randint(0, 3, 10)
# Assert that value error is raised for feature vectors
with self.assertRaises(ValueError) as context:
attack.generate(data, labels)
self.assertIn("Feature vectors detected.", str(context.exception))
def test_check_params(self):
ptc = get_image_classifier_pt(from_logits=True)
krc = get_image_classifier_kr(from_logits=True)
# AdversarialPatch
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, rotation_max="1")
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, rotation_max=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, scale_min="1")
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, scale_min=-1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, scale_max=1)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, scale_max=2.0)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, learning_rate=1)
with self.assertRaises(ValueError):
_ = AdversarialPatch(krc, learning_rate=-1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, max_iter=1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, max_iter=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, batch_size=1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, batch_size=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatch(ptc, verbose="true")
# AdversarialPatchPyTorch
with self.assertRaises(ValueError):
_ = AdversarialPatchPyTorch(ptc, distortion_scale_max="1")
with self.assertRaises(ValueError):
_ = AdversarialPatchPyTorch(ptc, patch_type="triangle")
# AdversarialPatchNumpy
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, rotation_max="1")
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, rotation_max=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, scale_min="1")
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, scale_min=-1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, scale_max=1)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, scale_max=2.0)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, learning_rate="1")
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(krc, learning_rate=-1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, max_iter=1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, max_iter=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, batch_size=1.0)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, batch_size=-1)
with self.assertRaises(ValueError):
_ = AdversarialPatchNumpy(ptc, verbose="true")
def test_4_pytorch(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
ptc = get_image_classifier_pt(from_logits=True)
x_train = np.reshape(self.x_train_mnist, (self.n_train, 1, 28, 28)).astype(np.float32)
attack_ap = AdversarialPatch(
ptc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5,
verbose=False,
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(x_train, target)
self.assertAlmostEqual(patch_adv[0, 8, 8], 0.5, delta=0.05)
self.assertAlmostEqual(patch_adv[0, 14, 14], 0.5, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)), 371.88014772999827, delta=4.0)
mask = np.ones((1, 28, 28)).astype(bool)
attack_ap.apply_patch(x=x_train, scale=0.1, mask=mask)
attack_ap.reset_patch(initial_patch_value=None)
attack_ap.reset_patch(initial_patch_value=1.0)
attack_ap.reset_patch(initial_patch_value=patch_adv)
with self.assertRaises(ValueError):
attack_ap.reset_patch(initial_patch_value=np.array([1, 2, 3]))
# Numpy
attack_ap = AdversarialPatchNumpy(
ptc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=5,
verbose=False,
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(x_train, target)
self.assertAlmostEqual(patch_adv[0, 8, 8], 0.6715167, delta=0.05)
self.assertAlmostEqual(patch_adv[0, 14, 14], 0.6292826, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)), 424.31439208984375, delta=4.0)
mask = np.ones((1, 28, 28)).astype(bool)
attack_ap.apply_patch(x=x_train, scale=0.1, mask=mask)
attack_ap.reset_patch(initial_patch_value=None)
attack_ap.reset_patch(initial_patch_value=1.0)
attack_ap.reset_patch(initial_patch_value=patch_adv)
with self.assertRaises(ValueError):
attack_ap.reset_patch(initial_patch_value=np.array([1, 2, 3]))
def test_3_tensorflow_v2_framework(self):
"""
First test with the TensorFlowClassifier.
:return:
"""
tfc, _ = get_image_classifier_tf(from_logits=True)
attack_ap = AdversarialPatch(
tfc,
rotation_max=0.5,
scale_min=0.4,
scale_max=0.41,
learning_rate=5.0,
batch_size=10,
max_iter=10,
patch_shape=(28, 28, 1),
verbose=False,
)
target = np.zeros(self.x_train_mnist.shape[0])
patch_adv, _ = attack_ap.generate(self.x_train_mnist, target, shuffle=False)
self.assertAlmostEqual(patch_adv[8, 8, 0], 1.0, delta=0.05)
self.assertAlmostEqual(patch_adv[14, 14, 0], 0.0, delta=0.05)
self.assertAlmostEqual(float(np.sum(patch_adv)), 377.415771484375, delta=1.0)
# insert_transformed_patch
x_out = attack_ap.insert_transformed_patch(
self.x_train_mnist[0], np.ones((14, 14, 1)), np.asarray([[2, 13], [2, 18], [12, 22], [8, 13]])
)
x_out_expexted = np.array(
[
0.0,
0.0,
1.0,
1.0,
1.0,
1.0,
1.0,
1.0,
1.0,
0.84313726,
0.0,
0.0,
0.0,
0.0,
0.1764706,
0.7294118,
0.99215686,
0.99215686,
0.5882353,
0.10588235,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
0.0,
],
dtype=np.float32,
)
np.testing.assert_almost_equal(x_out[15, :, 0], x_out_expexted, decimal=3)
mask = np.ones((1, 28, 28)).astype(bool)
attack_ap.apply_patch(x=self.x_train_mnist, scale=0.1, mask=mask)
attack_ap.reset_patch(initial_patch_value=None)
attack_ap.reset_patch(initial_patch_value=1.0)
attack_ap.reset_patch(initial_patch_value=patch_adv)