def mnist_lstm_backdoor_test(r, threshold_SC, threshold_BC, symbols_TC, seq, TestCaseNum, minimalTest, TargMetri, modelName): r.resetTime() seeds = 3 np.random.seed(seeds) # set up oracle radius oracleRadius = 0.01 # load model mn = mnistclass(modelName) mn.load_model() # test layer layer = 1 # choose time steps to cover t1 = int(seq[0]) t2 = int(seq[1]) indices = slice(t1, t2 + 1) # calculate mean and std for z-norm h_train = mn.cal_hidden_keras(mn.X_train, layer) mean_TC, std_TC, max_SC, min_SC, max_BC, min_BC = aggregate_inf( h_train, indices) # get the seeds pool test_set1 = mn.X_train[mn.y_train_org == 0] test_set2 = mn.X_poison[mn.y_test_org == 0] test_set3 = mn.X_test[mn.y_test_org == 0] test_set = np.concatenate((test_set1, test_set2)) # test case test = mn.X_test[1] h_t = mn.cal_hidden_keras(np.array([test]), layer)[0] # test objective SC SCtoe = SCTestObjectiveEvaluation(r) SC_test_obj = 'h' act_SC = SCtoe.get_activations(np.array([h_t])) SCtoe.testObjective.setParamters(mn.model, SC_test_obj, layer, float(threshold_SC), indices, max_SC, min_SC, np.squeeze(act_SC)) # test objective BC BCtoe = BCTestObjectiveEvaluation(r) BC_test_obj = 'h' act_BC = BCtoe.get_activations(np.array([h_t])) BCtoe.testObjective.setParamters(mn.model, BC_test_obj, layer, float(threshold_BC), indices, max_BC, min_BC, np.squeeze(act_BC)) # test objective TC TCtoe = TCTestObjectiveEvaluation(r) seq_len = 10 TC_test_obj = 'h' TCtoe.testObjective.setParamters(mn.model, TC_test_obj, layer, int(symbols_TC), seq_len, indices, mean_TC, std_TC) # calculate the hidden state h_test1 = mn.cal_hidden_keras(test_set1, layer) # update the coverage # update SC coverage SCtoe.update_features(h_test1, 0) # update BC coverage BCtoe.update_features(h_test1, 0) # update TC coverage TCtoe.update_features(h_test1, 0) print("statistics: \n") SCtoe.displayCoverage() BCtoe.displayCoverage() TCtoe.displayCoverage()
def mnist_lstm_adv_test(r, threshold_SC, threshold_BC, symbols_TC, seq, TestCaseNum, Mutation, CoverageStop): r.resetTime() seeds = 1 np.random.seed(seeds) random.seed(seeds) # set up oracle radius oracleRadius = 0.01 # load model mn = mnistclass() mn.load_model() # test layer layer = 1 mean = 0 # choose time steps to cover t1 = int(seq[0]) t2 = int(seq[1]) indices = slice(t1, t2 + 1) # calculate mean and std for z-norm h_train = mn.cal_hidden_keras(mn.X_train, layer) mean_TC, std_TC, max_SC, min_SC, max_BC, min_BC = aggregate_inf( h_train, indices) # get the seeds pool X_seeds = [] # input seeds for label_idx in range(10): x_class = mn.X_train[mn.y_train_org == label_idx] for i in range(89, 99): X_seeds.append(x_class[i]) # X_seeds = mn.X_train[mn.y_train_org == 2] # X_seeds = mn.X_train[:50000] # test case test = mn.X_test[11] h_t = mn.cal_hidden_keras(np.array([test]), layer)[0] # h_t, c_t, f_t = mn.cal_hidden_state(test, layer) # output digit image # img = test.reshape((28, 28, 1)) # pred_img = image.array_to_img(img) # pred_img.save('2.jpg') # test objective NC nctoe = NCTestObjectiveEvaluation(r) threshold_nc = 0 nctoe.testObjective.setParamters(mn.model, layer, threshold_nc, test) # test objective KMNC kmnctoe = KMNCTestObjectiveEvaluation(r) k_sec = 10 kmnctoe.testObjective.setParamters(mn.model, layer, k_sec, test) # test objective NBC nbctoe = NBCTestObjectiveEvaluation(r) ub = 0.7 lb = -0.7 nbctoe.testObjective.setParamters(mn.model, layer, ub, lb, test) # test objective SNAC snactoe = NCTestObjectiveEvaluation(r) threshold_snac = 0.7 snactoe.testObjective.setParamters(mn.model, layer, threshold_snac, test) # test objective SC SCtoe = SCTestObjectiveEvaluation(r) SC_test_obj = 'h' act_SC = SCtoe.get_activations(np.array([h_t])) SCtoe.testObjective.setParamters(mn.model, SC_test_obj, layer, float(threshold_SC), indices, max_SC, min_SC, np.squeeze(act_SC)) # test objective BC BCtoe = BCTestObjectiveEvaluation(r) BC_test_obj = 'h' act_BC = BCtoe.get_activations(np.array([h_t])) BCtoe.testObjective.setParamters(mn.model, BC_test_obj, layer, float(threshold_BC), indices, max_BC, min_BC, np.squeeze(act_BC)) # test objective TC TCtoe = TCTestObjectiveEvaluation(r) seq_len = 5 TC_test_obj = 'h' act_TC = TCtoe.get_activations(np.array([h_t])) TCtoe.testObjective.setParamters(mn.model, TC_test_obj, layer, int(symbols_TC), seq_len, indices, mean_TC, std_TC) # visualize internal structure information # act_TC = Z_ScoreNormalization(np.squeeze(act_TC), mean_TC, std_TC) # act_BC = np.sum(f_t, axis=1) / float(f_t.shape[1]) # act_SC = (np.squeeze(act_SC) -min_SC) / (max_SC - min_SC) # plt.figure(1) # plot_x = np.arange(len(act_TC)) # plt.plot(plot_x, act_TC) # plt.ylabel('$\\xi_t^{h}$', fontsize=14) # plt.xticks(fontsize=14) # plt.yticks(fontsize=14) # plt.figure(2) # plot_x = np.arange(len(act_BC)) # plt.bar(plot_x, act_BC) # plt.ylabel('$\\xi_t^{f, avg}$', fontsize=14) # plt.xticks(fontsize=14) # plt.yticks(fontsize=14) # plt.figure(3) # plot_x = np.arange(len(act_SC)) # plt.bar(plot_x, act_SC) # plt.xlabel('Input', fontsize=14) # plt.ylabel('$\Delta\\xi_t^{h}$', fontsize=14) # plt.xticks(fontsize=14) # plt.yticks(fontsize=14) # plt.show() X_test = [] r_t = 1000 // len(X_seeds) while mn.numSamples < int(TestCaseNum): # generate test cases test1 = np.repeat(X_seeds, r_t, axis=0) unique_test = np.repeat(np.arange(len(X_seeds)), r_t, axis=0) var = np.random.uniform(0.005, 0.02) noise = np.random.normal(mean, var**0.5, test1.shape) test2 = test1 + noise test2 = np.clip(test2, 0.0, 1.0) if mn.numSamples > 0 and Mutation == 'genetic': test1 = np.concatenate( (test1, np.array([sc_test_1]), np.array([bc_test_1]), np.array([tc_test_1]))) test2 = np.concatenate( (test2, np.array([sc_test_2]), np.array([bc_test_2]), np.array([tc_test_2]))) unique_test = np.concatenate( (unique_test, np.array([seed_id_sc]), np.array([seed_id_bc]), np.array([seed_id_tc]))) # display statistics of adv. o, m = oracle(test1, test2, 2, oracleRadius) mn.displayInfo(test1, test2, o, m, unique_test) # calculate the hidden state h_test = mn.cal_hidden_keras(test2, layer) # update the coverage # update NC coverage nctoe.update_features(test2) # update KMNC coverage kmnctoe.update_features(test2) # update NBC coverage nbctoe.update_features(test2) # update SNAC coverage snactoe.update_features(test2) # update SC coverage SCtoe.update_features(h_test, len(X_test)) # update BC coverage BCtoe.update_features(h_test, len(X_test)) # update TC coverage TCtoe.update_features(h_test, len(X_test)) X_test = X_test + test2.tolist() if Mutation == 'genetic': num_generation = 10 sc_test_record = SCtoe.testObjective.test_record bc_test_record = BCtoe.testObjective.test_record tc_test_record = TCtoe.testObjective.test_record if len(sc_test_record) != 0: print('boost coverage for SC') sc_feature, sc_cov_fit = random.choice( list(sc_test_record.items())) seed_id_sc = sc_cov_fit[0] % len(X_seeds) sc_test_1 = X_seeds[seed_id_sc] # boost coverage with GA sc_test_2 = getNextInputByGA(mn, SCtoe, sc_feature, np.array(X_test[sc_cov_fit[0]]), num_generation, mn.numSamples) print('\n') if len(bc_test_record) != 0: print('boost coverage for BC') bc_feature, bc_cov_fit = random.choice( list(bc_test_record.items())) seed_id_bc = bc_cov_fit[0] % len(X_seeds) bc_test_1 = X_seeds[seed_id_bc] # boost coverage with GA bc_test_2 = getNextInputByGA(mn, BCtoe, bc_feature, np.array(X_test[bc_cov_fit[0]]), num_generation, mn.numSamples) print('\n') if len(tc_test_record) != 0: print('boost coverage for TC') tc_feature, tc_cov_fit = random.choice( list(tc_test_record.items())) seed_id_tc = tc_cov_fit[1] % len(X_seeds) tc_test_1 = X_seeds[seed_id_tc] # boost coverage with GA tc_test_2 = getNextInputByGA(mn, TCtoe, tc_feature, np.array(X_test[tc_cov_fit[1]]), num_generation, mn.numSamples) # write information to file writeInfo(r, mn.numSamples, mn.numAdv, mn.perturbations, nctoe.coverage, kmnctoe.coverage, nbctoe.coverage, snactoe.coverage, SCtoe.coverage, BCtoe.coverage, TCtoe.coverage, len(mn.unique_adv)) print("statistics: \n") nctoe.displayCoverage() kmnctoe.displayCoverage() nbctoe.displayCoverage() snactoe.displayCoverage() SCtoe.displayCoverage() BCtoe.displayCoverage() TCtoe.displayCoverage() print('unique adv.', len(mn.unique_adv)) mn.displaySuccessRate()
def mnist_lstm_test(r, threshold_CC, threshold_MC, symbols_SQ, seq, TestCaseNum, minimalTest, TargMetri, CoverageStop): r.resetTime() # epsilon value range (a, b] random.seed(3) a = 0.05 b = 0.1 step_bound = 5 # set up oracle radius oracleRadius = 0.005 # load model mn = mnistclass() mn.load_model() # test layer layer = 1 termin = 0 # test case test = mn.X_test[15] h_t, c_t, f_t = mn.cal_hidden_state(test, layer) # input seeds X_train = mn.X_train[random.sample(range(20000), 5000)] # minimal test dataset generation if minimalTest != '0': ncdata = [] ccdata = [] mcdata = [] sqpdata = [] sqndata = [] # test objective NC nctoe = NCTestObjectiveEvaluation(r) nctoe.model = mn.model nctoe.testObjective.layer = layer nctoe.testCase = test activations_nc = nctoe.get_activations() nctoe.testObjective.feature = (np.argwhere( activations_nc >= np.min(activations_nc))).tolist() nctoe.testObjective.setOriginalNumOfFeature() # test objective CC cctoe = CCTestObjectiveEvaluation(r) cctoe.model = mn.model cctoe.testObjective.layer = layer cctoe.hidden = h_t cctoe.threshold = float(threshold_CC) activations_cc = cctoe.get_activations() total_features_cc = (np.argwhere( activations_cc >= np.min(activations_cc))).tolist() cctoe.testObjective.feature = total_features_cc cctoe.testObjective.setOriginalNumOfFeature() cctoe.testObjective.setfeaturecount() # test objective MC mctoe = MCTestObjectiveEvaluation(r) mctoe.model = mn.model mctoe.testObjective.layer = layer mctoe.hidden = f_t mctoe.threshold = float(threshold_MC) activations_mc = mctoe.get_activations() total_features_mc = (np.argwhere( activations_mc >= np.min(activations_mc))).tolist() mctoe.testObjective.feature = total_features_mc mctoe.testObjective.setOriginalNumOfFeature() mctoe.testObjective.setfeaturecount() # test objective SQ sqtoe = SQTestObjectiveEvaluation(r) sqtoe.model = mn.model sqtoe.testObjective.layer = layer sqtoe.symbols = int(symbols_SQ) # generate all the features # choose time steps to cover t1 = int(seq[0]) t2 = int(seq[1]) indices = slice(t1, t2 + 1) # characters to represent time series alpha_list = [chr(i) for i in range(97, 97 + int(symbols_SQ))] symb = ''.join(alpha_list) sqtoe.testObjective.feature_p = list(iter.product(symb, repeat=t2 - t1 + 1)) sqtoe.testObjective.feature_n = list(iter.product(symb, repeat=t2 - t1 + 1)) sqtoe.testObjective.setOriginalNumOfFeature() # get gradient function for the mnist f, nodes_names = get_gradients_function(mn.model, mn.layerName(0)) for test in X_train: for i in range(4): o = oracle(test, 2, oracleRadius) last_activation = np.squeeze(mn.model.predict(test[np.newaxis, :])) (label1, conf1) = mn.displayInfo(test) epsilon = random.uniform(a, b) # get next input test2 from the current input test step = random.randint(1, step_bound) test2 = getNextInputByGradient(f, nodes_names, mn, epsilon, test, last_activation, step) if not (test2 is None): (label2, conf2) = mn.displayInfo(test2) h_t, c_t, f_t = mn.cal_hidden_state(test2, layer) mn.updateSample(label2, label1, o.measure(test2), o.passOracle(test2)) # update NC coverage nctoe.testCase = test2 nctoe.update_features() # update CC coverage cctoe.hidden = h_t cctoe.update_features() # update MC coverage mctoe.hidden = f_t mctoe.update_features() # update SQ coverage sqtoe.hidden = h_t sqtoe.update_features(indices) # write information to file writeInfo(r, mn.numSamples, mn.numAdv, mn.perturbations, nctoe.coverage, cctoe.coverage, mctoe.coverage, sqtoe.coverage_p, sqtoe.coverage_n) # terminate condition if TargMetri == 'CC': termin = cctoe.coverage elif TargMetri == 'GC': termin = mctoe.coverage elif TargMetri == 'SQN': termin = sqtoe.coverage_n elif TargMetri == 'SQP': termin = sqtoe.coverage_p # output test cases and adversarial example if minimalTest == '0': img = test2.reshape((28, 28, 1)) pred_img = image.array_to_img(img) pred_img.save('output/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) if label2 != label1 and o.passOracle(test2) == True: pred_img.save('adv_output/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) else: img = test2.reshape((28, 28, 1)) pred_img = image.array_to_img(img) if nctoe.minimal == 1: ncdata.append(test2) pred_img.save('minimal_nc/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) if cctoe.minimal == 1: ccdata.append(test2) pred_img.save('minimal_cc/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) if mctoe.minimal == 1: mcdata.append(test2) pred_img.save('minimal_mc/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) if sqtoe.minimalp == 1: sqpdata.append(test2) pred_img.save('minimal_sqp/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) if sqtoe.minimaln == 1: sqndata.append(test2) pred_img.save('minimal_sqn/output_%d_%d_%d.jpg' % (mn.numSamples, label1, label2)) # check termination condition if mn.numSamples < int(TestCaseNum) and termin < float( CoverageStop): continue else: io.savemat( 'log_folder/feature_count_CC.mat', {'feature_count_CC': cctoe.testObjective.feature_count}) io.savemat( 'log_folder/feature_count_GC.mat', {'feature_count_GC': mctoe.testObjective.feature_count}) # if minimalTest != '0': # np.save('minimal_nc/ncdata', ncdata) # np.save('minimal_cc/ccdata', ccdata) # np.save('minimal_mc/mcdata', mcdata) # np.save('minimal_sqp/sqpdata', sqpdata) # np.save('minimal_sqn/sqndata', sqndata) break if mn.numSamples < int(TestCaseNum) and termin < float(CoverageStop): continue else: break print("statistics: \n") nctoe.displayCoverage() cctoe.displayCoverage() mctoe.displayCoverage() sqtoe.displayCoverage1() sqtoe.displayCoverage2() mn.displaySamples() mn.displaySuccessRate()
def mnist_lstm_train(): mn = mnistclass() mn.train_model()
def mnist_lstm_train(modelName): mn = mnistclass(modelName) mn.train_model()