Пример #1
0
def cw_attack(file_name, norm, sess, num_image=10, cifar = False, tinyimagenet = False):
    np.random.seed(1215)
    tf.set_random_seed(1215)
    random.seed(1215)
    if norm == '1':
        attack = EADL1
        norm_fn = lambda x: np.sum(np.abs(x),axis=(1,2,3))
    elif norm == '2':
        attack = CarliniL2
        norm_fn = lambda x: np.sum(x**2,axis=(1,2,3))
    elif norm == 'i':
        attack = CarliniLi
        norm_fn = lambda x: np.max(np.abs(x),axis=(1,2,3))

    if cifar:
        data = CIFAR()
    elif tinyimagenet:
        data = tinyImagenet()
    else:
        data = MNIST()
    model = load_model(file_name, custom_objects={'fn':loss,'tf':tf, 'ResidualStart' : ResidualStart, 'ResidualStart2' : ResidualStart2})
    inputs, targets, true_labels, true_ids, img_info = generate_data(data, samples=num_image, targeted=True, random_and_least_likely = True, target_type = 0b0010, predictor=model.predict, start=0)
    model.predict = model
    model.num_labels = 10
    if cifar:
        model.image_size = 32
        model.num_channels = 3
    elif tinyimagenet:
        model.image_size = 64
        model.num_channels = 3
        model.num_labels = 200
    else:
        model.image_size = 28
        model.num_channels = 1
        
    
    start_time = timer.time()
    attack = attack(sess, model, max_iterations = 1000)
    perturbed_input = attack.attack(inputs, targets)
    UB = np.average(norm_fn(perturbed_input-inputs))
    return UB, (timer.time()-start_time)/len(inputs)
def run(file_name, n_samples, p_n, q_n, activation = 'relu', cifar=False, tinyimagenet=False):
    np.random.seed(1215)
    tf.set_random_seed(1215)
    random.seed(1215)
    keras_model = load_model(file_name, custom_objects={'fn':fn, 'tf':tf})
    if tinyimagenet:
        model = CNNModel(keras_model, inp_shape = (64,64,3))
    elif cifar:
        model = CNNModel(keras_model, inp_shape = (32,32,3))
    else:
        model = CNNModel(keras_model)

    #Set correct linear_bounds function
    global linear_bounds
    if activation == 'relu':
        linear_bounds = relu_linear_bounds
    elif activation == 'ada':
        linear_bounds = ada_linear_bounds
    elif activation == 'sigmoid':
        linear_bounds = sigmoid_linear_bounds
    elif activation == 'tanh':
        linear_bounds = tanh_linear_bounds
    elif activation == 'arctan':
        linear_bounds = atan_linear_bounds
    upper_bound_conv.recompile()
    lower_bound_conv.recompile()
    compute_bounds.recompile()

    if cifar:
        inputs, targets, true_labels, true_ids, img_info = generate_data(CIFAR(), samples=n_samples, targeted=True, random_and_least_likely = True, target_type = 0b0010, predictor=model.model.predict, start=0)
    elif tinyimagenet:
        inputs, targets, true_labels, true_ids, img_info = generate_data(tinyImagenet(), samples=n_samples, targeted=True, random_and_least_likely = True, target_type = 0b0010, predictor=model.model.predict, start=0)
    else:
        inputs, targets, true_labels, true_ids, img_info = generate_data(MNIST(), samples=n_samples, targeted=True, random_and_least_likely = True, target_type = 0b0010, predictor=model.model.predict, start=0)
    #0b01111 <- all
    #0b0010 <- random
    #0b0001 <- top2
    #0b0100 <- least

    steps = 15
    eps_0 = 0.05
    summation = 0
    warmup(model, inputs[0].astype(np.float32), eps_0, p_n, find_output_bounds)
        
    start_time = time.time()
    for i in range(len(inputs)):
        print('--- CNN-Cert: Computing eps for input image ' + str(i)+ '---')
        predict_label = np.argmax(true_labels[i])
        target_label = np.argmax(targets[i])
        weights = model.weights[:-1]
        biases = model.biases[:-1]
        shapes = model.shapes[:-1]
        W, b, s = model.weights[-1], model.biases[-1], model.shapes[-1]
        last_weight = (W[predict_label,:,:,:]-W[target_label,:,:,:]).reshape([1]+list(W.shape[1:]))
        weights.append(last_weight)
        biases.append(np.asarray([b[predict_label]-b[target_label]]))
        shapes.append((1,1,1))

        #Perform binary search
        log_eps = np.log(eps_0)
        log_eps_min = -np.inf
        log_eps_max = np.inf
        for j in range(steps):
            LB, UB = find_output_bounds(weights, biases, shapes, model.pads, model.strides, inputs[i].astype(np.float32), np.exp(log_eps), p_n)
            print("Step {}, eps = {:.5f}, {:.6s} <= f_c - f_t <= {:.6s}".format(j,np.exp(log_eps),str(np.squeeze(LB)),str(np.squeeze(UB))))
            if LB > 0: #Increase eps
                log_eps_min = log_eps
                log_eps = np.minimum(log_eps+1, (log_eps_max+log_eps_min)/2)
            else: #Decrease eps
                log_eps_max = log_eps
                log_eps = np.maximum(log_eps-1, (log_eps_max+log_eps_min)/2)
        
        if p_n == 105:
            str_p_n = 'i'
        else:
            str_p_n = str(p_n)
        
        print("[L1] method = CNN-Cert-{}, model = {}, image no = {}, true_id = {}, target_label = {}, true_label = {}, norm = {}, robustness = {:.5f}".format(activation,file_name, i, true_ids[i],target_label,predict_label,str_p_n,np.exp(log_eps_min)))
        summation += np.exp(log_eps_min)
    K.clear_session()
    
    eps_avg = summation/len(inputs)
    total_time = (time.time()-start_time)/len(inputs)
    print("[L0] method = CNN-Cert-{}, model = {}, total images = {}, norm = {}, avg robustness = {:.5f}, avg runtime = {:.2f}".format(activation,file_name,len(inputs),str_p_n,eps_avg,total_time))
    return eps_avg, total_time
Пример #3
0
        elif args.model == "cifar":
            data = CIFAR()
            if args.cnnmodel:
                model = nl.CNNModel(modelfile)
            elif args.filename:
                model = nl.NLayerModel(args.layers,
                                       modelfile,
                                       image_size=32,
                                       image_channel=3)
            else:
                model = nl.NLayerModel([nhidden] * (args.numlayer - 1),
                                       modelfile,
                                       image_size=32,
                                       image_channel=3)
        elif args.model == "tiny":
            data = tinyImagenet()
            if args.cnnmodel:
                model = nl.CNNModel(modelfile, inp_shape=(64, 64, 3))
            elif args.filename:
                model = nl.NLayerModel(args.layers,
                                       modelfile,
                                       image_size=64,
                                       image_channel=3)
            else:
                model = nl.NLayerModel([nhidden] * (args.numlayer - 1),
                                       modelfile,
                                       image_size=64,
                                       image_channel=3)
        else:
            raise (RuntimeError("unknown model: " + args.model))
Пример #4
0
    #train_cnn_7layer(tinyImagenet(), file_name="models/tiny_cnn_7layer_1", params=[32,32,64,64,200,200], num_epochs=30, lr=0.0001, decay=0, activation="relu", optimizer_name="adam")

    # train tiny imagenet: 2
    #train_cnn_7layer(tinyImagenet(), file_name="models/tiny_cnn_7layer_2", params=[32,32,64,64,200,200], num_epochs=30, lr=0.0005, decay=0, activation="relu", optimizer_name="adam")

    # train tiny imagenet: 3
    #train_cnn_7layer(tinyImagenet(), file_name="models/tiny_cnn_7layer_3", params=[64,64,64,64,200,200], num_epochs=30, lr=0.0001, decay=0, activation="relu", optimizer_name="adam")

    # train tiny imagenet: 4
    #train_cnn_7layer(tinyImagenet(), file_name="models/tiny_cnn_7layer_4", params=[100,100,50,50,200,200], num_epochs=30, lr=0.0001, decay=0, activation="relu", optimizer_name="adam")

    # train tiny imagenet: 5
    #train_cnn_7layer(tinyImagenet(), file_name="models/tiny_cnn_7layer_5", params=[32,32,64,64,200,200], num_epochs=50, lr=0.001, decay=11e-5, activation="relu", optimizer_name="adam")

    # train tiny imagenet: 6
    train_cnn_7layer(tinyImagenet(),
                     file_name="models/tiny_cnn_7layer_6",
                     params=[32, 32, 64, 64, 200, 200],
                     num_epochs=60,
                     lr=0.0001,
                     decay=1e-5,
                     activation="relu",
                     optimizer_name="adam")

    # train tiny imagenet: 7
    train_cnn_7layer(tinyImagenet(),
                     file_name="models/tiny_cnn_7layer_7",
                     params=[32, 32, 64, 64, 200, 200],
                     num_epochs=100,
                     lr=0.00005,
                     decay=0,