def test_untargeted_Xception(image, label=None): import keras from perceptron.models.classification.keras import KerasModel mean = np.array([0.485, 0.456, 0.406]).reshape((1, 1, 3)) std = np.array([0.229, 0.224, 0.225]).reshape((1, 1, 3)) model_keras = keras.applications.xception.Xception(weights='imagenet') model = KerasModel(model_keras, bounds=(0, 1), preprocessing=(mean, std)) print(np.argmax(model.predictions(image))) attack = Attack(model, criterion=Misclassification()) adversarial_obj = attack(image, label, unpack=False, epsilons=10000) distance = adversarial_obj.distance adversarial = adversarial_obj.image return distance, adversarial
def test_untargeted_resnet18(image, label=None): import torch import torchvision.models as models from perceptron.models.classification import PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) resnet18 = models.resnet18(pretrained=True).eval() if torch.cuda.is_available(): resnet18 = resnet18.cuda() model = PyTorchModel( resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) print(np.argmax(model.predictions(image))) attack = Attack(model, criterion=Misclassification()) adversarial = attack(image, label, unpack=True)
def test_untargeted_resnet50(image, label=None): import torch import torchvision.models as models from perceptron.models.classification import PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) model_pyt = models.resnet50(pretrained=True).eval() if torch.cuda.is_available(): model_pyt = model_pyt.cuda() model = PyTorchModel(model_pyt, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) print(np.argmax(model.predictions(image))) attack = Attack(model, criterion=Misclassification()) adversarial_obj = attack(image, label, unpack=False, epsilons=10000) distance = adversarial_obj.distance adversarial = adversarial_obj.image return distance, adversarial
std = np.array([0.229, 0.224, 0.225]).reshape((1, 1, 3)) #kmodel = KerasModel(xception, bounds=(0, 1), preprocessing=(mean, std)) kmodel = KerasModelUpload(bounds=(0, 1), preprocessing=(mean, std)) # get source image and label # the model Xception expects values in [0, 1] with shape (299, 299), and channles_last image, _ = imagenet_example(shape=(299, 299), data_format='channels_last') image /= 255.0 # initialize the KerasModel # keras resnet50 has input bound (0, 255) # get source image and label # the model expects values in [0, 255], and channles_last label = np.argmax(kmodel.predictions(image)) metric = CarliniWagnerL2Metric(kmodel, criterion=Misclassification()) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, label, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info ##################################### keywords = [ 'KerasUserUpload', 'InceptionResnetV2', 'Misclassification', 'CarliniWagnerL2' ]
mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) models = ['alexnet', 'vgg16', 'vgg19', 'resnet18', 'resnet34', 'resnet50', 'resnet101', 'resnet152', 'inception_v3', 'squeezenet1_0', 'densenet121'] mse_dict = {} output_folder = './out/cw2/' for i in range(10): image_name = '0%s.jpg' % i image = load_imagenet_image(image_name, data_format='channels_first') for model_name in models: pmodel = load_pytorch_model(model_name) fmodel = PyTorchModel( pmodel, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) label = np.argmax(fmodel.predictions(image)) ################ metric = perceptron.benchmarks.CarliniWagnerL2Metric(fmodel, criterion=Misclassification()) ################ adversary = metric(image, label, unpack=False) # set 'unpack' as false so we can access the detailed info of adversary if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) continue if model_name in mse_dict: mse_dict[model_name] += adversary.distance.value else: mse_dict[model_name] = adversary.distance.value adv_image = adversary.image output_adv_folder = output_folder + str(i) + '/' if not os.path.exists(output_adv_folder): os.makedirs(output_adv_folder) adv_file_name = os.path.join(output_adv_folder, '%s.jpg' % model_name) if adv_image.shape[0] == 3 :
resnet18 = models.resnet18(pretrained=True).eval() if torch.cuda.is_available(): resnet18 = resnet18.cuda() # initialize the PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) fmodel = PyTorchModel( resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) # get source image and print the predicted label image, _ = imagenet_example(data_format='channels_first') image = image / 255. # because our model expects values in [0, 1] # set the type of noise which will used to generate the adversarial examples metric = FrostMetric(fmodel, criterion=Misclassification()) # set the label as the predicted one label = np.argmax(fmodel.predictions(image)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) # set 'unpack' as false so we can access the detailed info of adversary adversary = metric(image, label, scenario=5, verify=True, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print( bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1)
method=param["model_method"], train_epsilon=param["train_epsilon"] ).eval() if torch.cuda.is_available(): net = net.cuda() fmodel = PyTorchModel( net, bounds=param["bounds"], num_classes=param["num_classes"] ) label = np.argmax(fmodel.predictions(image)) metric1 = NaiveIntervalMetric(fmodel,\ criterion=Misclassification(), threshold=epsilon) metric2 = SymbolicIntervalMetric(fmodel,\ criterion=Misclassification(), threshold=epsilon) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) print("Analyze with naive interval analysis") adversary1 = metric1(image, optimal_bound=param["optimal_bound"],\ epsilon=epsilon, parallel=param["parallel"],\ original_pred=label, unpack=False,\ threshold=param["threshold"],\ normalize=param["normalize"] ) print("Analyze with symbolic interval analysis") adversary2 = metric2(image, optimal_bound=param["optimal_bound"],\
# initialize the PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) fmodel = PyTorchModel(vgg11, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) # get source image image, label = imagenet_example(data_format='channels_first') image = image / 255. # because our model expects values in [0, 1] # set the label as the predicted one true_label = np.argmax(fmodel.predictions(image)) # set the type of noise which will used to generate the adversarial examples metric = SaltAndPepperNoiseMetric(fmodel, criterion=Misclassification()) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric( image, true_label, unpack=False ) # set 'unpack' as false so we can access the detailed info of adversary print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info ##################################### keywords = ['PyTorch', 'Vgg11', 'Misclassification', 'SaltAndPepper']
resnet18 = resnet18.cuda() # initialize the PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) fmodel = PyTorchModel(resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) # get source image and print the predicted label image, _ = imagenet_example(data_format='channels_first') image = image / 255. # because our model expects values in [0, 1] # set the type of noise which will used to generate the adversarial examples metric = SnowMetric(fmodel, criterion=Misclassification()) # set the label as the predicted one label = np.argmax(fmodel.predictions(image)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) # set 'unpack' as false so we can access the detailed info of adversary adversary = metric(image, label, verify=True, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info #####################################
from perceptron.utils.tools import bcolors from perceptron.models.classification.pytorchmodelupload import PyModelUpload # initialize the PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) fmodel = PyModelUpload(bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) # get source image and print the predicted label image, _ = imagenet_example(data_format='channels_first') image = image / 255. # because our model expects values in [0, 1] # set the type of noise which will used to generate the adversarial examples metric = BrightnessMetric(fmodel, criterion=Misclassification()) # set the label as the predicted one label = np.argmax(fmodel.predictions(image)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric( image, label, verify=True, unpack=False ) # set 'unpack' as false so we can access the detailed info of adversary print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1)