def main(): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[1, 28, 28], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') logits = mnist_cnn_model(img) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) # use CPU place = fluid.CPUPlace() # use GPU # place = fluid.CUDAPlace(0) exe = fluid.Executor(place) BATCH_SIZE = 1 train_reader = paddle.batch( paddle.reader.shuffle( paddle.dataset.mnist.train(), buf_size=128 * 10), batch_size=BATCH_SIZE) test_reader = paddle.batch( paddle.reader.shuffle( paddle.dataset.mnist.test(), buf_size=128 * 10), batch_size=BATCH_SIZE) fluid.io.load_params( exe, "./mnist/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel( fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) attack = BIM(m) attack_config = {"epsilons": 0.1, "steps": 100} # use train data to generate adversarial examples total_count = 0 fooling_count = 0 for data in train_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # BIM non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TRAIN_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # BIM non-targeted attack adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("bim attack done")
def main(): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 5 pretrained_model = "./mnist-pytorch/net.pth" loss_func = torch.nn.CrossEntropyLoss() test_loader = torch.utils.data.DataLoader(datasets.MNIST( './mnist-pytorch/data', train=False, download=True, transform=transforms.Compose([ transforms.ToTensor(), ])), batch_size=1, shuffle=False) # Define what device we are using logging.info("CUDA Available: {}".format(torch.cuda.is_available())) device = torch.device("cuda" if torch.cuda.is_available() else "cpu") # Initialize the network model = Net().to(device) # Load the pretrained model model.load_state_dict(torch.load(pretrained_model, map_location='cpu')) # Set the model in evaluation mode. In this case this is for the Dropout layers model.eval() # advbox demo m = PytorchModel(model, loss_func, (0, 1), channel_axis=1) attack = BIM(m) attack_config = { "epsilons": 0.05, "epsilon_steps": 1, "epsilons_max": 0.05, "norm_ord": 1, "steps": 10 } # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for i, data in enumerate(test_loader): inputs, labels = data #inputs, labels = inputs.to(device), labels.to(device) inputs, labels = inputs.numpy(), labels.numpy() #inputs.requires_grad = True #print(inputs.shape) total_count += 1 adversary = Adversary(inputs, labels[0]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) print(adversary.original.shape) pertubation = adversary.perturbation() # (1,1,28,28) m_dist = mahalanobis_dist(adversary.original, adversary.adversarial_example) e_dist = eu_dist(adversary.original, adversary.adversarial_example) print('###') print(m_dist) print(e_dist) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (labels, adversary.adversarial_label, total_count)) else: print('attack failed, original_label=%d, count=%d' % (labels, total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done")
def main(use_cuda): """ Advbox demo which demonstrate how to use advbox. """ TOTAL_NUM = 500 IMG_NAME = 'img' LABEL_NAME = 'label' img = fluid.layers.data(name=IMG_NAME, shape=[3, 32, 32], dtype='float32') # gradient should flow img.stop_gradient = False label = fluid.layers.data(name=LABEL_NAME, shape=[1], dtype='int64') # logits = mnist_cnn_model(img) # logits = vgg_bn_drop(img) logits = resnet_cifar10(img, 32) cost = fluid.layers.cross_entropy(input=logits, label=label) avg_cost = fluid.layers.mean(x=cost) #根据配置选择使用CPU资源还是GPU资源 place = fluid.CUDAPlace(0) if use_cuda else fluid.CPUPlace() exe = fluid.Executor(place) BATCH_SIZE = 1 test_reader = paddle.batch(paddle.dataset.cifar.test10(), batch_size=BATCH_SIZE) fluid.io.load_params(exe, "cifar10/resnet/", main_program=fluid.default_main_program()) # advbox demo m = PaddleModel(fluid.default_main_program(), IMG_NAME, LABEL_NAME, logits.name, avg_cost.name, (-1, 1), channel_axis=1) attack = BIM(m) attack_config = {"epsilons": 0.1, "steps": 100} # use test data to generate adversarial examples total_count = 0 fooling_count = 0 for data in test_reader(): total_count += 1 adversary = Adversary(data[0][0], data[0][1]) # FGSM non-targeted attack adversary = attack(adversary, **attack_config) # FGSMT targeted attack # tlabel = 0 # adversary.set_target(is_targeted_attack=True, target_label=tlabel) # adversary = attack(adversary, **attack_config) if adversary.is_successful(): fooling_count += 1 print( 'attack success, original_label=%d, adversarial_label=%d, count=%d' % (data[0][1], adversary.adversarial_label, total_count)) # plt.imshow(adversary.target, cmap='Greys_r') # plt.show() # np.save('adv_img', adversary.target) else: print('attack failed, original_label=%d, count=%d' % (data[0][1], total_count)) if total_count >= TOTAL_NUM: print( "[TEST_DATASET]: fooling_count=%d, total_count=%d, fooling_rate=%f" % (fooling_count, total_count, float(fooling_count) / total_count)) break print("fgsm attack done")