def run(self, x, y, ds_init=None, *args, **kargs): x = CArray(x).atleast_2d() y = CArray(y).atleast_2d() x_init = None if ds_init is None else CArray(ds_init.X).atleast_2d() # only consider samples that can be manipulated v = self.is_attack_class(y) idx = CArray(v.find(v)).ravel() # print(v, idx) # number of modifiable samples n_mod_samples = idx.size adv_ds = CDataset(x.deepcopy(), y.deepcopy()) # If dataset is sparse, set the proper attribute if x.issparse is True: self._issparse = True # array in which the value of the optimization function are stored fs_opt = CArray.zeros(n_mod_samples, ) y_pred = CArray.zeros(n_mod_samples, ) scores = CArray.zeros((n_mod_samples, 2)) for i in range(n_mod_samples): k = idx[i].item() # idx of sample that can be modified xi = x[k, :] if x_init is None else x_init[k, :] x_opt, f_opt = self._run(x[k, :], y[k], x_init=xi, *args, **kargs) self.logger.info( "Point: {:}/{:}, dmax:{:}, f(x):{:}, eval:{:}/{:}".format( k, x.shape[0], self._dmax, f_opt, self.f_eval, self.grad_eval)) if x_opt.shape[-1] > adv_ds.X.shape[-1]: # Need to resize the whole adv dataset, since CDataset can't deal with varying vector sizes new_length = x_opt.shape[-1] adv_ds.X = adv_ds.X.resize((adv_ds.X.shape[0], new_length), 256) adv_ds.X[k, :min(adv_ds.X.shape[-1], x_opt.shape[-1])] = x_opt fs_opt[i] = f_opt y_p, score = self.problem.model_wrapper.predict( x_opt, return_decision_function=True) scores[i, :] = score[0, :] y_pred[i] = y_p # Return the mean objective function value on the evasion points ( # computed from the outputs of the surrogate classifier) f_obj = fs_opt.mean() return y_pred, scores, adv_ds, f_obj
tr_X, tr_Y, cv_X, cv_Y, te_X, te_Y = load_sentiment_dataset( classification_type='binary') all_classes = list(np.unique(te_Y)) print(all_classes) tr_X, tr_Y = CArray(tr_X), CArray(tr_Y) cv_X, cv_Y = CArray(cv_X), CArray(cv_Y) te_X, te_Y = CArray(te_X), CArray(te_Y) ds_tr_secml = CDataset(tr_X, tr_Y) #print(ds_tr_secml.classes, ds_tr_secml.num_classes, ds_tr_secml.num_features, ds_tr_secml.num_samples) ds_te_secml = CDataset(te_X, te_Y) ds_cv_secml = CDataset(cv_X, cv_Y) normalizer = CNormalizerMinMax() ds_tr_secml.X = normalizer.fit_transform(ds_tr_secml.X) ds_te_secml.X = normalizer.transform(ds_te_secml.X) ds_cv_secml.X = normalizer.transform(ds_cv_secml.X) # ============================================================================= # #TEST WITH SKLEARN SVM # sklearn_clf = svm.SVC(C = 1, kernel = 'rbf', gamma = 1.0) # secml_sklearn_clf = c_classifier_sklearn.CClassifierSkLearn(sklearn_clf) # secml_sklearn_clf.fit(ds_tr_secml) # preds = secml_sklearn_clf.predict(ds_te_secml.X) # metric = CMetricAccuracy() # acc = metric.performance_score(y_true = ds_te_secml.Y, y_pred = preds) # print("Accuracy on test set: {:.2%}".format(acc)) # probs = secml_sklearn_clf.predict_proba(ds_te_secml.X) #Doesn't work # # #sklearn here isn't supported for performing adversarial attacks, only the native SVM of secml supports adversarial attacks
def run(self, x, y, ds_init=None) -> Tuple[CArray, CArray, CDataset, Any]: """ Runs the genetic algorithms. Parameters ---------- x : CArray input sample to perturb y : CArray original class ds_init : CDataset, optional, default None the initialization point. Default is None Returns ------- CArray y_pred : the predicted label after the attack CArray scores : the scores after the attack CDataset adv_ds : the CDataset containing the adversarial points CArray f_obj : the mean value for the objective function """ x = CArray(x).atleast_2d() y = CArray(y).atleast_2d() x_init = None if ds_init is None else CArray(ds_init.X).atleast_2d() # only consider samples that can be manipulated v = self.is_attack_class(y) idx = CArray(v.find(v)).ravel() # print(v, idx) # number of modifiable samples n_mod_samples = idx.size adv_ds = CDataset(x.deepcopy(), y.deepcopy()) # If dataset is sparse, set the proper attribute if x.issparse is True: self._issparse = True # array in which the value of the optimization function are stored fs_opt = CArray.zeros(n_mod_samples, ) y_pred = CArray.zeros(n_mod_samples, ) scores = CArray.zeros((n_mod_samples, 2)) for i in range(n_mod_samples): k = idx[i].item() # idx of sample that can be modified xi = x[k, :] if x_init is None else x_init[k, :] x_opt, f_opt = self._run(x[k, :], y[k], x_init=xi) self.logger.info("Point: {:}/{:}, f(x):{:}, eval:{:}/{:}".format( k, x.shape[0], f_opt, self.f_eval, self.grad_eval)) if x_opt.shape[-1] > adv_ds.X.shape[-1]: # Need to resize the whole adv dataset, since CDataset can't deal with varying vector sizes new_length = x_opt.shape[-1] adv_ds.X = adv_ds.X.resize((adv_ds.X.shape[0], new_length), 256) adv_ds.X[k, :min(adv_ds.X.shape[-1], x_opt.shape[-1])] = x_opt fs_opt[i] = f_opt y_p, score = self.problem.model_wrapper.predict( x_opt, return_decision_function=True) scores[i, :] = score[0, :] y_pred[i] = y_p # Return the mean objective function value on the evasion points ( # computed from the outputs of the surrogate classifier) f_obj = fs_opt.mean() return y_pred, scores, adv_ds, f_obj