def test_emp_robustness_mnist(self):
# Get MNIST
(x_train, y_train), (_, _), _, _ = load_mnist()
x_train, y_train = x_train[:NB_TRAIN], y_train[:NB_TRAIN]
# Get classifier
classifier = self._cnn_mnist_k([28, 28, 1])
classifier.fit(x_train, y_train, batch_size=BATCH_SIZE, nb_epochs=2)
# Compute minimal perturbations
params = {"eps_step": 1.1, "clip_min": 0., "clip_max": 1.}
emp_robust = empirical_robustness(classifier, x_train, str('fgsm'),
params)
self.assertEqual(emp_robust, 0.)
params = {
"eps_step": 1.,
"eps_max": 1.,
"clip_min": None,
"clip_max": None
}
emp_robust = empirical_robustness(classifier, x_train, str('fgsm'),
params)
self.assertAlmostEqual(emp_robust, 1., 3)
params = {
"eps_step": 0.1,
"eps_max": 0.2,
"clip_min": None,
"clip_max": None
}
emp_robust = empirical_robustness(classifier, x_train, str('fgsm'),
params)
self.assertLessEqual(emp_robust, 0.21)
def test_emp_robustness_mnist(self):
session = tf.Session()
k.set_session(session)
comp_params = {
"loss": 'categorical_crossentropy',
"optimizer": 'adam',
"metrics": ['accuracy']
}
# get MNIST
(X_train, Y_train), (_, _), _, _ = load_mnist()
X_train, Y_train = X_train[:NB_TRAIN], Y_train[:NB_TRAIN]
im_shape = X_train[0].shape
# Get classifier
classifier = CNN(im_shape, act="relu")
classifier.compile(comp_params)
classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE)
# Compute minimal perturbations
params = {"eps_step": 1.1, "clip_min": 0., "clip_max": 1.}
emp_robust = empirical_robustness(X_train, classifier, session, "fgsm",
params)
self.assertEqual(emp_robust, 0.)
params = {
"eps_step": 1.,
"eps_max": 1.,
"clip_min": None,
"clip_max": None
}
emp_robust = empirical_robustness(X_train, classifier, session, "fgsm",
params)
self.assertAlmostEqual(emp_robust, 1., 3)
params = {
"eps_step": 0.1,
"eps_max": 0.2,
"clip_min": None,
"clip_max": None
}
emp_robust = empirical_robustness(X_train, classifier, session, "fgsm",
params)
self.assertLessEqual(emp_robust, 0.2)
print("trained")
classifier = SklearnClassifier(model=model)
attack = HopSkipJump(classifier=classifier,
max_iter=1,
max_eval=10,
init_eval=10,
init_size=1)
X_test_attacked = attack.generate(X_test, y_test)
robustness = empirical_robustness(classifier,
X_test,
'hsj',
attack_params={
'max_iter': 1,
'max_eval': 10,
'init_eval': 10,
'init_size': 1
})
print('Robustness: ' + str(robustness))
print("generated")
y_test_attacked = model.predict(X_test_attacked)
y_test_pred = model.predict(X_test)
print(f1_score(y_true=y_test, y_pred=y_test_pred))
print(f1_score(y_true=y_test, y_pred=y_test_attacked))
print('Robustness: ' + str(1.0 -
session = tf.Session()
keras.backend.set_session(session)
# get and train our cnn
clf = mnist_cnn_model(x_train, y_train, x_test, y_test)
# We want to know how robust our model is against an attack. To do this we are calculating the `empirical robustness` This is equivalent to computing the minimal perturbation that the attacker must introduce for a successful attack. Paper link: https://arxiv.org/abs/1511.04599
# In[ ]:
from art.metrics import empirical_robustness
# wrap the model an calculte emperical robustnees
wrapper = KerasClassifier(clip_values=(0, 1), model=clf)
print('robustness of the undefended model',
empirical_robustness(wrapper, x_test, 'fgsm', {}))
# Let's create an adversarial example and see how it looks
# In[ ]:
# create an adversarial example with fgsm and plot it
from art.attacks import FastGradientMethod
fgsm = FastGradientMethod(wrapper)
x_adv = fgsm.generate(x_test[0].reshape((1, 28, 28, 1)))
print('class prediction for the adversarial sample:',
clf.predict(x_adv.reshape((1, 28, 28, 1))))
plt.imshow(x_adv.reshape(28, 28), cmap="gray_r")
plt.axis('off')
plt.show()
