def main(args):
imgs_dir = args.imgs_dir
input_dir = os.path.join(args.data_dir, imgs_dir, "benign")
if not DEBUG:
output_dir = os.path.join(args.data_dir, imgs_dir, "adv")
if os.path.exists(output_dir):
shutil.rmtree(output_dir)
os.mkdir(output_dir)
image_name_list = os.listdir(input_dir)
kmodel = YOLOv3()
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
if args.attack_mtd == 'cw_targetclsmiss':
attack = CarliniWagnerLinfMetric(model, criterion=TargetClassMiss(2))
elif args.attack_mtd == 'noise_numberchange':
attack = AdditiveGaussianNoiseMetric(
model, criterion=TargetClassNumberChange(-1))
elif args.attack_mtd == 'bright_numberchange':
attack = BrightnessMetric(model, criterion=TargetClassNumberChange(-1))
else:
raise ValueError('Invalid attack method {0}'.format(args.attack_mtd))
for _, image_name in enumerate(tqdm(image_name_list)):
temp_img_path_benign = os.path.join(input_dir, image_name)
image_benign = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_benign,
absolute_path=True)
try:
annotation_ori = model.predictions(image_benign)
if args.attack_mtd == 'cw_targetclsmiss':
image_adv_benign = attack(image_benign,
binary_search_steps=1,
unpack=True)
else:
image_adv_benign = attack(image_benign,
annotation_ori,
epsilons=1000,
unpack=True)
except:
print('Attack failed.')
continue
image_adv_benign_pil = Image.fromarray(
(image_adv_benign * 255).astype(np.uint8))
if not DEBUG:
image_adv_benign_pil.save(os.path.join(output_dir, image_name))
def _load_keras_model(model_name, summary):
import keras.applications as models
switcher = {
'xception': lambda: models.xception.Xception(weights='imagenet'),
'vgg16': lambda: models.vgg16.VGG16(weights='imagenet'),
'vgg19': lambda: models.vgg19.VGG19(weights='imagenet'),
"resnet50": lambda: models.resnet50.ResNet50(weights='imagenet'),
"inception_v3":
lambda: models.inception_v3.InceptionV3(weights='imagenet'),
"yolo_v3": lambda: _load_yolov3_model(),
"ssd300": lambda: _load_ssd300_model(),
"retina_resnet_50": lambda: _load_retinanet_resnet50_model()
}
_load_model = switcher.get(model_name, None)
_model = _load_model()
from perceptron.models.classification.keras import KerasModel as ClsKerasModel
from perceptron.models.detection.keras_ssd300 import KerasSSD300Model
from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model
from perceptron.models.detection.keras_retina_resnet50 import KerasResNet50RetinaNetModel
import numpy as np
format = get_image_format('keras', model_name)
if format['bounds'][1] == 1:
mean = np.array([0.485, 0.456, 0.406]).reshape((1, 1, 3))
std = np.array([0.229, 0.224, 0.225]).reshape((1, 1, 3))
preprocessing = (mean, std)
else:
preprocessing = (np.array([104, 116, 123]), 1)
switcher = {
'yolo_v3':
lambda x: KerasYOLOv3Model(x, bounds=(0, 1)),
'ssd300':
lambda x: KerasSSD300Model(x, bounds=(0, 255)),
'retina_resnet_50':
lambda x: KerasResNet50RetinaNetModel(None, bounds=(0, 255)),
}
_wrap_model = switcher.get(
model_name, lambda x: ClsKerasModel(
x, bounds=format['bounds'], preprocessing=preprocessing))
kmodel = _wrap_model(_model)
return kmodel
def get_patch_adv():
from perceptron.utils.image import letterbox_image, draw_letterbox
from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model
from perceptron.zoo.yolov3.model import YOLOv3
from perceptron.attacks.vanish_patch import PatchVanishAttack
from perceptron.utils.criteria.detection import TargetClassMiss, RegionalTargetClassMiss
from perceptron.defences.bit_depth import BitDepth
benign_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_det")
adv_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_det")
benign_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_bit4_det")
adv_squz_output_dir = os.path.join("/home/yantao/datasets/bdd_parts", video_name, "patch_adv_bit4_det")
kmodel = YOLOv3()
kmodel.load_weights('/home/yantao/workspace/projects/baidu/aisec/perceptron/perceptron/zoo/yolov3/model_data/yolov3.h5')
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
squz_fn = BitDepth(4)
for idx in range(frame_range[0], frame_range[1]):
img_name_noext = 'frame_{0:05d}'.format(idx)
patch_bbox = patch_dic[img_name_noext]
img_path = os.path.join("../../../../../../../../datasets/bdd_parts", video_name, "patch", img_name_noext + '.png')
image, shape = letterbox_image(
data_format='channels_last',
fname=img_path
)
output_benign = model.predictions(image)
with open(os.path.join(benign_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL)
image_squz = squz_fn(image)
output_benign_squz = model.predictions(image_squz)
with open(os.path.join(benign_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_benign_squz, f, protocol=pickle.HIGHEST_PROTOCOL)
attack = PatchVanishAttack(model, criterion=RegionalTargetClassMiss(2, patch_bbox))
draw = draw_letterbox(image, output_benign, shape[:2], model.class_names())
draw.save('letterbox_{0}.png'.format(idx))
image_adv = attack(image, mask=patch_bbox, binary_search_steps=1)
'''
mask_img = np.zeros((image.shape))
mask_img[patch_bbox[0] : patch_bbox[2] + 1, patch_bbox[1] : patch_bbox[3] + 1, :] = 1.0
for idx_0 in range(mask_img.shape[0]):
for idx_1 in range(mask_img.shape[1]):
for idx_2 in range(mask_img.shape[2]):
if mask_img[idx_0, idx_1, idx_2] == 0:
image_adv[idx_0, idx_1, idx_2] = image[idx_0, idx_1, idx_2]
'''
if image_adv is None:
image_adv = attack(image, mask=patch_bbox, binary_search_steps=5)
if image_adv is None:
continue
output_adv = model.predictions(image_adv)
with open(os.path.join(adv_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL)
draw = draw_letterbox(image_adv, output_adv, shape[:2], model.class_names())
draw.save('letterbox_adv_{0}.png'.format(idx))
image_adv_squz = squz_fn(image_adv)
output_adv_squz = model.predictions(image_adv_squz)
with open(os.path.join(adv_squz_output_dir, img_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv_squz, f, protocol=pickle.HIGHEST_PROTOCOL)
def main(args):
imgs_dir = args.imgs_dir
input_benign_dir = os.path.join(args.data_dir, imgs_dir, "benign")
input_adv_dir = os.path.join(args.data_dir, imgs_dir, "adv")
input_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type)
input_adv_squz_dir = os.path.join(args.data_dir, imgs_dir,
args.squeeze_type + '_adv')
output_benign_dir = os.path.join(args.data_dir, imgs_dir, "results_benign")
output_adv_dir = os.path.join(args.data_dir, imgs_dir, "results_adv")
output_squz_dir = os.path.join(args.data_dir, imgs_dir,
'results_' + args.squeeze_type)
output_adv_squz_dir = os.path.join(args.data_dir, imgs_dir,
'results_' + args.squeeze_type + '_adv')
for check_dir in [
output_benign_dir, output_adv_dir, output_squz_dir,
output_adv_squz_dir
]:
if os.path.exists(check_dir):
shutil.rmtree(check_dir)
os.mkdir(check_dir)
image_name_list = os.listdir(input_adv_dir)
kmodel = YOLOv3()
model = KerasYOLOv3Model(kmodel, bounds=(0, 1))
for _, image_name in enumerate(tqdm(image_name_list)):
image_name_noext = os.path.splitext(image_name)[0]
temp_img_path_benign = os.path.join(input_benign_dir, image_name)
temp_img_path_squz = os.path.join(input_squz_dir, image_name)
temp_img_path_adv = os.path.join(input_adv_dir, image_name)
temp_img_path_adv_squz = os.path.join(input_adv_squz_dir, image_name)
try:
print(temp_img_path_benign)
image_benign = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_benign,
absolute_path=True)
image_benign_squz = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_squz,
absolute_path=True)
image_adv = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_adv,
absolute_path=True)
image_adv_squz = load_image(shape=(416, 416),
bounds=(0, 1),
fname=temp_img_path_adv_squz,
absolute_path=True)
except:
print('loading images error.')
continue
try:
output_benign = model.predictions(image_benign)
output_adv = model.predictions(image_adv)
output_benign_squz = model.predictions(image_benign_squz)
output_adv_squz = model.predictions(image_adv_squz)
with open(
os.path.join(output_benign_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL)
with open(os.path.join(output_adv_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL)
with open(os.path.join(output_squz_dir, image_name_noext + '.pkl'),
'wb') as f:
pickle.dump(output_benign_squz,
f,
protocol=pickle.HIGHEST_PROTOCOL)
with open(
os.path.join(output_adv_squz_dir,
image_name_noext + '.pkl'), 'wb') as f:
pickle.dump(output_adv_squz,
f,
protocol=pickle.HIGHEST_PROTOCOL)
# draw = draw_letterbox(image_benign, output_benign, (416, 416), model.class_names())
# draw.save('./temp/{0}_benign.png'.format(image_name_noext))
# draw = draw_letterbox(image_adv, output_adv, (416, 416), model.class_names())
# draw.save('./temp/{0}_adv.png'.format(image_name_noext))
# draw = draw_letterbox(image_benign_squz, output_benign_squz, (416, 416), model.class_names())
# draw.save('./temp/{0}_benign_squz.png'.format(image_name_noext))
# draw = draw_letterbox(image_adv_squz, output_adv_squz, (416, 416), model.class_names())
# draw.save('./temp/{0}_adv_squz.png'.format(image_name_noext))
except:
print(image_name, ' generating error.')
continue
""" Test case for Keras """
from perceptron.zoo.yolov3.model import YOLOv3
from perceptron.models.detection.keras_yolov3 import KerasYOLOv3Model
from perceptron.utils.image import load_image
from perceptron.benchmarks.carlini_wagner import CarliniWagnerLinfMetric
from perceptron.utils.criteria.detection import TargetClassMiss
from perceptron.utils.tools import bcolors
from perceptron.utils.tools import plot_image_objectdetection
# instantiate the model from keras applications
yolov3 = YOLOv3()
# initialize the KerasYOLOv3Model
kmodel = KerasYOLOv3Model(yolov3, bounds=(0, 1))
# get source image and label
# the model expects values in [0, 1], and channles_last
image = load_image(shape=(416, 416), bounds=(0, 1), fname='car.png')
metric = CarliniWagnerLinfMetric(kmodel, criterion=TargetClassMiss(2))
print(bcolors.BOLD + 'Process start' + bcolors.ENDC)
adversary = metric(image, binary_search_steps=1, unpack=False)
print(bcolors.BOLD + 'Process finished' + bcolors.ENDC)
if adversary.image is None:
print(bcolors.WARNING + 'Warning: Cannot find an adversary!' +
bcolors.ENDC)
exit(-1)