def test_deepfool_auto_p0(bn_adversarial): adv = bn_adversarial attack = DeepFoolAttack() with pytest.raises(ValueError): attack(adv, p=0) assert adv.perturbed is None assert adv.distance.value == np.inf
def test_deepfool_auto_mae(bn_adversarial_mae): adv = bn_adversarial_mae attack = DeepFoolAttack() with pytest.raises(NotImplementedError): attack(adv) assert adv.perturbed is None assert adv.distance.value == np.inf
def test_attack_convergence(bn_adversarial): adv = bn_adversarial attack1 = DeepFoolAttack() attack1(adv) attack2 = BoundaryAttack() attack2(adv, iterations=5000, verbose=True) # should converge assert adv.image is not None assert adv.distance.value < np.inf
def run(): run_button.config(state='disabled') test_loader = load_data() torch_model = select_model() if use_cuda.get(): log_text = 'Move model to cuda.' torch_model = torch_model.cuda() torch_model.eval() fmodel = PyTorchModel(torch_model, bounds=[0, 1], num_classes=10) method = attack_comboxlist.get() log_text = 'Perform {} attack... \n'.format(method) send_information(Receive_window, log_text) if method == 'FGSM': from foolbox.attacks import FGSM attack = FGSM(model=fmodel, criterion=Misclassification()) if method == 'iFGSM': from foolbox.attacks import IterativeGradientSignAttack attack = IterativeGradientSignAttack(model=fmodel, criterion=Misclassification()) if method == 'DeepFool': from foolbox.attacks import DeepFoolAttack attack = DeepFoolAttack(model=fmodel, criterion=Misclassification()) attack_root = 'attacks/' + comboxlist.get() + '/' + method + '_ms' hacked_path = attack_root + '/hacked' hacked_data_path = attack_root + '/hacked_data' original_path = attack_root + '/original' original_data_path = attack_root + '/original_data' if os.path.exists(attack_root) is False: os.makedirs(attack_root) os.mkdir(hacked_path) os.mkdir(hacked_data_path) os.mkdir(original_path) os.mkdir(original_data_path) count = 1 for data, label in test_loader: data = data[0].numpy() label = label.item() adversarial = attack(data, label) if adversarial is not None: if np.linalg.norm(adversarial - data) == 0: continue adv_label = np.argmax(fmodel.predictions(adversarial)) if np.linalg.norm(adversarial - data) > 0: dataset = comboxlist.get() if dataset == 'MNIST': image_data = adversarial[0] * 255 ori_data = data[0] * 255 if dataset == 'CIFAR10': image_data = adversarial.transpose(1, 2, 0) * 255 ori_data = data.transpose(1, 2, 0) * 255 if save_adv.get(): hackedname = hacked_data_path + '/' + str( count) + '-' + str(label) + '-' + str( adv_label) + ".npy" np.save(hackedname, image_data) image = Image.fromarray(image_data.astype(np.uint8)) image.save( "{hackedpath}/{name}-{label}-{adv_label}.png".format( hackedpath=hacked_path, name=count, label=label, adv_label=adv_label)) if save_ori.get(): oriname = original_data_path + '/' + str( count) + '-' + str(label) + ".npy" np.save(oriname, ori_data) oriimage = Image.fromarray(ori_data.astype(np.uint8)) oriimage.save("{originalpath}/{name}-{label}.png".format( originalpath=original_path, name=count, label=label)) count = count + 1 if count % (int(att_num.get()) / 10) == 0: log_text = "Attack: {}/{}".format(count, att_num.get()) send_information(Receive_window, log_text) if count > int(att_num.get()): break log_text = "Done! The adversarial images and correspoinding data are stored in attacks for next use in step4!" send_information(Receive_window, log_text) run_button.config(state='normal')
def test_deepfool_auto_linf(bn_adversarial_linf): adv = bn_adversarial_linf attack = DeepFoolAttack() attack(adv) assert adv.perturbed is not None assert adv.distance.value < np.inf
def test_deepfool_auto_p0(bn_model, bn_criterion, bn_images, bn_labels): attack = DeepFoolAttack(bn_model, bn_criterion) with pytest.raises(ValueError): attack(bn_images, bn_labels, unpack=False, p=0)
def test_deepfool_auto_mae(bn_model, bn_criterion, bn_images, bn_labels): attack = DeepFoolAttack(bn_model, bn_criterion, distance=MAE) with pytest.raises(NotImplementedError): attack(bn_images, bn_labels, unpack=False)
def test_deepfool_auto_linf(bn_model, bn_criterion, bn_images, bn_labels): attack = DeepFoolAttack(bn_model, bn_criterion, distance=Linf) advs = attack(bn_images, bn_labels, unpack=False) for adv in advs: assert adv.perturbed is not None assert adv.distance.value < np.inf