def test_ptclassifier(self): """ Third test with the PyTorchClassifier. :return: """ # Get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:nb_train], np.argmax(y_train[:nb_train], axis=1) x_test, y_test = x_test[:nb_test], np.argmax(y_test[:nb_test], axis=1) x_train = np.swapaxes(x_train, 1, 3) x_test = np.swapaxes(x_test, 1, 3) # Create simple CNN # Define the network model = Model() # Define a loss function and optimizer loss_fn = nn.CrossEntropyLoss() optimizer = optim.Adam(model.parameters(), lr=0.01) # Get classifier ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28), (10, )) ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=1) # Attack # TODO Launch with all possible attacks attack_params = { "attacker": "newtonfool", "attacker_params": { "max_iter": 20 } } up = UniversalPerturbation(ptc) x_train_adv = up.generate(x_train, **attack_params) self.assertTrue((up.fooling_rate >= 0.2) or not up.converged) x_test_adv = x_test + up.v self.assertFalse((x_test == x_test_adv).all()) train_y_pred = np.argmax(ptc.predict(x_train_adv), axis=1) test_y_pred = np.argmax(ptc.predict(x_test_adv), axis=1) self.assertFalse((y_test == test_y_pred).all()) self.assertFalse((y_train == train_y_pred).all())
def test_ptclassifier(self): """ Third test with the PyTorchClassifier. :return: """ # Get MNIST batch_size, nb_train, nb_test = 100, 1000, 10 (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:nb_train], np.argmax(y_train[:nb_train], axis=1) x_test, y_test = x_test[:nb_test], np.argmax(y_test[:nb_test], axis=1) x_train = np.swapaxes(x_train, 1, 3) x_test = np.swapaxes(x_test, 1, 3) # Create simple CNN # Define the network model = Model() # Define a loss function and optimizer loss_fn = nn.CrossEntropyLoss() optimizer = optim.Adam(model.parameters(), lr=0.01) # Get classifier ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28), (10,)) ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=1) # Attack nf = NewtonFool(ptc) nf.set_params(max_iter=5) x_test_adv = nf.generate(x_test) self.assertFalse((x_test == x_test_adv).all()) y_pred = ptc.predict(x_test) y_pred_adv = ptc.predict(x_test_adv) y_pred_bool = y_pred.max(axis=1, keepdims=1) == y_pred y_pred_max = y_pred.max(axis=1) y_pred_adv_max = y_pred_adv[y_pred_bool] self.assertTrue((y_pred_max >= y_pred_adv_max).all())
def test_fit_predict(self): # Get MNIST (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:NB_TRAIN], np.argmax(y_train[:NB_TRAIN], axis=1) x_test, y_test = x_test[:NB_TEST], np.argmax(y_test[:NB_TEST], axis=1) x_train = np.swapaxes(x_train, 1, 3) x_test = np.swapaxes(x_test, 1, 3) # Test fit and predict ptc = PyTorchClassifier(None, self._model, self._loss_fn, self._optimizer, (1, 28, 28), (10, )) ptc.fit(x_train, y_train, batch_size=100, nb_epochs=1) preds = ptc.predict(x_test) preds_class = np.argmax(preds, axis=1) acc = np.sum(preds_class == y_test) / len(y_test) print("\nAccuracy: %.2f%%" % (acc * 100)) self.assertGreater(acc, 0.1)
def test_fit_predict(self): # Get MNIST (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN] x_test, y_test = x_test[:NB_TEST], y_test[:NB_TEST] x_train = np.swapaxes(x_train, 1, 3) x_test = np.swapaxes(x_test, 1, 3) # Create model model, loss_fn, optimizer = self._model_setup_module() # Test fit and predict ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28), 10) ptc.fit(x_train, y_train, batch_size=100, nb_epochs=1) preds = ptc.predict(x_test) acc = np.sum(np.argmax(preds, axis=1) == np.argmax( y_test, axis=1)) / len(y_test) print("\nAccuracy: %.2f%%" % (acc * 100)) self.assertGreater(acc, 0.1)
criterion = nn.CrossEntropyLoss() optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5) # Initialize the classifier cifar_classifier = PyTorchClassifier(clip_values=(0, 1), model=model, loss=criterion, optimizer=optimizer, input_shape=(1, 28, 28), nb_classes=10) # Train the classifier cifar_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=10) # Test the classifier predictions = cifar_classifier.predict(x_test) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test) print('Accuracy before attack: {}%'.format(accuracy * 100)) # Craft the adversarial examples epsilon = 0.2 # Maximum perturbation adv_crafter = FastGradientMethod(cifar_classifier, eps=epsilon) x_test_adv = adv_crafter.generate(x=x_test) # Test the classifier on adversarial exmaples predictions = cifar_classifier.predict(x_test_adv) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test) print('Accuracy after attack: {}%'.format(accuracy * 100))
# Define the loss function and the optimizer criterion = nn.CrossEntropyLoss() optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5) # Initialize the classifier mnist_classifier = PyTorchClassifier(clip_values=(0, 1), model=model, loss=criterion, optimizer=optimizer, input_shape=(1, 28, 28), nb_classes=10) # Train the classifier mnist_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=10) # Test the classifier predictions = mnist_classifier.predict(x_test) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test) print('Accuracy before attack: {}%'.format(accuracy * 100)) # Craft the adversarial examples epsilon = 0.2 # Maximum perturbation adv_crafter = FastGradientMethod(mnist_classifier, eps=epsilon) x_test_adv = adv_crafter.generate(x=x_test) # Test the classifier on adversarial exmaples predictions = mnist_classifier.predict(x_test_adv) accuracy = np.sum( np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test) print('Accuracy after attack: {}%'.format(accuracy * 100))
# Define the loss function and the optimizer criterion = nn.CrossEntropyLoss() optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5) # Initialize the classifier mnist_classifier = PyTorchClassifier(clip_values=(0, 1), model=model, loss=criterion, optimizer=optimizer, input_shape=(1, 28, 28), nb_classes=10) # Train the classifier # mnist_classifier.fit(x_train, y_train, batch_size=64, nb_epochs=50) # torch.save(model.state_dict(), "./minst.pt") model.load_state_dict(torch.load("../checkpoints/model-nn-epoch100.pt")) # Test the classifier predictions = mnist_classifier.predict(test_dataset_array) # print(predictions) accuracy = np.sum(np.argmax(predictions, axis=1) == test_label_dataset_array) / len(y_test) print('Accuracy before attack: {}%'.format(accuracy * 100)) # Craft the adversarial examples epsilon = 0.2 # Maximum perturbation # adv_crafter = AdversarialPatch(mnist_classifier, batch_size=16, max_iter=10) # adv_crafter = FastGradientMethod(mnist_classifier, eps=epsilon) # adv_crafter = CarliniL2Method(mnist_classifier) adv_crafter = ProjectedGradientDescent(mnist_classifier) # adv_crafter = DeepFool(mnist_classifier, epsilon=epsilon, max_iter=10) x_test_adv = adv_crafter.generate(x=x_test)
def test_ptclassifier(self): """ Third test with the PyTorchClassifier. :return: """ # Get MNIST batch_size, nb_train, nb_test = 100, 5000, 10 (x_train, y_train), (x_test, y_test), _, _ = load_mnist() x_train, y_train = x_train[:nb_train], y_train[:nb_train] x_test, y_test = x_test[:nb_test], y_test[:nb_test] x_train = np.swapaxes(x_train, 1, 3) x_test = np.swapaxes(x_test, 1, 3) # Create simple CNN # Define the network model = Model() # Define a loss function and optimizer loss_fn = nn.CrossEntropyLoss() optimizer = optim.Adam(model.parameters(), lr=0.01) # Get classifier ptc = PyTorchClassifier((0, 1), model, loss_fn, optimizer, (1, 28, 28), 10) ptc.fit(x_train, y_train, batch_size=batch_size, nb_epochs=10) # First attack cl2m = CarliniL2Method(classifier=ptc, targeted=True, max_iter=100, binary_search_steps=1, learning_rate=1, initial_const=10, decay=0) params = {'y': random_targets(y_test, ptc.nb_classes)} x_test_adv = cl2m.generate(x_test, **params) self.assertFalse((x_test == x_test_adv).all()) self.assertTrue((x_test_adv <= 1.0001).all()) self.assertTrue((x_test_adv >= -0.0001).all()) target = np.argmax(params['y'], axis=1) y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1) self.assertTrue((target == y_pred_adv).any()) # Second attack cl2m = CarliniL2Method(classifier=ptc, targeted=False, max_iter=100, binary_search_steps=1, learning_rate=1, initial_const=10, decay=0) params = {'y': random_targets(y_test, ptc.nb_classes)} x_test_adv = cl2m.generate(x_test, **params) self.assertFalse((x_test == x_test_adv).all()) self.assertTrue((x_test_adv <= 1.0001).all()) self.assertTrue((x_test_adv >= -0.0001).all()) target = np.argmax(params['y'], axis=1) y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1) self.assertTrue((target != y_pred_adv).any()) # Third attack cl2m = CarliniL2Method(classifier=ptc, targeted=False, max_iter=100, binary_search_steps=1, learning_rate=1, initial_const=10, decay=0) params = {} x_test_adv = cl2m.generate(x_test, **params) self.assertFalse((x_test == x_test_adv).all()) self.assertTrue((x_test_adv <= 1.0001).all()) self.assertTrue((x_test_adv >= -0.0001).all()) y_pred = np.argmax(ptc.predict(x_test), axis=1) y_pred_adv = np.argmax(ptc.predict(x_test_adv), axis=1) self.assertTrue((y_pred != y_pred_adv).any())
criterion = nn.CrossEntropyLoss() optimizer = optim.SGD(model.parameters(), lr=0.01, momentum=0.5) # Initialize the classifier cifar_classifier = PyTorchClassifier(clip_values=(0, 1), model=model, loss=criterion, optimizer=optimizer, input_shape=(1, 28, 28), nb_classes=10) # Load the model model.load_state_dict(torch.load("../checkpoints/model_cifar_wrn.pt")) # Test the natural accuracy predictions = cifar_classifier.predict(test_dataset_array) accuracy = np.sum( np.argmax(predictions, axis=1) == test_label_dataset_array) / len( test_label_dataset_array) print('Accuracy before attack: {}%'.format(accuracy * 100)) # Craft the adversarial examples # # PGD-20 # adv_crafter_pgd_20 = ProjectedGradientDescent(cifar_classifier, eps=epsilon, eps_step=0.01, max_iter=20, batch_size=batch_size) # # x_test_adv = adv_crafter_pgd_20.generate(x=test_dataset_array) # # # Test the classifier on adversarial exmaples # predictions = cifar_classifier.predict(x_test_adv)