class TestLBFGS(CleverHansTest): def setUp(self): super(TestLBFGS, self).setUp() self.sess = tf.Session() self.model = SimpleModel() self.attack = LBFGS(self.model, sess=self.sess) def test_generate_np_targeted_gives_adversarial_example(self): x_val = np.random.rand(100, 2) x_val = np.array(x_val, dtype=np.float32) feed_labs = np.zeros((100, 2)) feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1 x_adv = self.attack.generate_np(x_val, max_iterations=100, binary_search_steps=3, initial_const=1, clip_min=-5, clip_max=5, batch_size=100, y_target=feed_labs) new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1) self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs) > 0.9) def test_generate_targeted_gives_adversarial_example(self): x_val = np.random.rand(100, 2) x_val = np.array(x_val, dtype=np.float32) feed_labs = np.zeros((100, 2)) feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1 x = tf.placeholder(tf.float32, x_val.shape) y = tf.placeholder(tf.float32, feed_labs.shape) x_adv_p = self.attack.generate(x, max_iterations=100, binary_search_steps=3, initial_const=1, clip_min=-5, clip_max=5, batch_size=100, y_target=y) x_adv = self.sess.run(x_adv_p, {x: x_val, y: feed_labs}) new_labs = np.argmax(self.sess.run(self.model(x_adv)), axis=1) self.assertTrue(np.mean(np.argmax(feed_labs, axis=1) == new_labs) > 0.9) def test_generate_np_gives_clipped_adversarial_examples(self): x_val = np.random.rand(100, 2) x_val = np.array(x_val, dtype=np.float32) feed_labs = np.zeros((100, 2)) feed_labs[np.arange(100), np.random.randint(0, 1, 100)] = 1 x_adv = self.attack.generate_np(x_val, max_iterations=10, binary_search_steps=1, initial_const=1, clip_min=-0.2, clip_max=0.3, batch_size=100, y_target=feed_labs) self.assertTrue(-0.201 < np.min(x_adv)) self.assertTrue(np.max(x_adv) < .301)
def lbfgs_attack(train_data,model,sess,tar_class): adv_x = [] wrap = KerasModelWrapper(model) lbfgs = LBFGS(wrap,sess=sess) one_hot_target = np.zeros((train_data.shape[0], 10), dtype=np.float32) one_hot_target[:, tar_class-1] = 1 for i in range(train_data.shape[0]//100): print(one_hot_target[i*100:(i+1)*100].shape) if i == 0: adv_x = lbfgs.generate_np(x_val=train_data[i*100:(i+1)*100], max_iterations=10, binary_search_steps=3, initial_const=1, batch_size=1,clip_min=-5, clip_max=5, y_target=one_hot_target[i*100:(i+1)*100]) else: adv_x = np.concatenate((adv_x,lbfgs.generate_np(x_val=train_data[i*100:(i+1)*100], max_iterations=10, binary_search_steps=3, initial_const=1, batch_size=1,clip_min=-5, clip_max=5, y_target=one_hot_target[i*100:(i+1)*100]))) return adv_x
def lbfgs_attack(train_data, model, sess, tar_class): wrap = KerasModelWrapper(model) lbfgs = LBFGS(wrap, sess=sess) one_hot_target = np.zeros((train_data.shape[0], 10), dtype=np.float32) one_hot_target[:, tar_class] = 1 adv_x = lbfgs.generate_np(train_data, max_iterations=10, binary_search_steps=3, initial_const=1, clip_min=-5, clip_max=5, batch_size=1, y_target=one_hot_target) return adv_x