def test_make_confidence_report_bundled(): """ A very simple test that just makes sure make_confidence_report_bundled can run without crashing """ sess = tf.compat.v1.Session() try: nb_classes = 3 nb_features = 2 batch_size = 5 nb_test_examples = batch_size * 2 layer = Linear(num_hid=nb_classes) model = MLP(layers=[layer], input_shape=(None, nb_features)) dataset = SimpleDataset(test_end=nb_test_examples, nb_classes=nb_classes) model.dataset_factory = dataset.get_factory() filepath = ".test_model.joblib" with sess.as_default(): sess.run(tf.compat.v1.global_variables_initializer()) serial.save(filepath, model) def recipe(sess, model, x, y, nb_classes, eps, clip_min, clip_max, eps_iter, nb_iter, report_path, eps_iter_small, batch_size): """ Mock recipe that just runs the Noise attack so the test runs fast """ attack_configs = [AttackConfig(Noise(model, sess), {'eps': eps})] new_work_goal = {config: 1 for config in attack_configs} goals = [Misclassify(new_work_goal=new_work_goal)] bundle_attacks(sess, model, x, y, attack_configs, goals, report_path, attack_batch_size=batch_size, eval_batch_size=batch_size) make_confidence_report_bundled(filepath, test_end=nb_test_examples, recipe=recipe, base_eps=.1, base_eps_iter=.01, batch_size=batch_size) finally: sess.close()
def make_basic_picklable_cnn(nb_filters=64, nb_classes=10, input_shape=(None, 32, 32, 3)): """The model for the picklable models tutorial. """ if VERSION == 1: layers = [ Conv2D(nb_filters, (8, 8), (2, 2), "SAME"), ReLU(), Conv2D(nb_filters * 2, (6, 6), (2, 2), "VALID"), ReLU(), Conv2D(nb_filters * 2, (5, 5), (1, 1), "VALID"), ReLU(), Flatten(), Linear(nb_classes), Softmax() ] model = MLP(layers, input_shape) else: layers = [ PerImageStandardize(), Conv2D(nb_filters, (3, 3), (1, 1), "SAME"), ReLU(), ResidualWithInstanceNorm(nb_filters, 2), ResidualWithInstanceNorm(nb_filters, 1), ResidualWithInstanceNorm(nb_filters * 2, 2), ResidualWithInstanceNorm(nb_filters * 2, 1), ResidualWithInstanceNorm(nb_filters * 4, 2), ResidualWithInstanceNorm(nb_filters * 4, 1), ResidualWithInstanceNorm(nb_filters * 8, 2), ResidualWithInstanceNorm(nb_filters * 8, 1), GlobalAveragePool(), Linear(nb_classes), Softmax() ] model = MLP(layers, input_shape) return model
def test_no_drop(): """test_no_drop: Make sure dropout does nothing by default (so it does not cause stochasticity at test time)""" model = MLP(input_shape=[1, 1], layers=[Dropout(name='output')]) x = tf.constant([[1]], dtype=tf.float32) y = model.get_layer(x, 'output') sess = tf.Session() # Do multiple runs because dropout is stochastic for _ in range(10): y_value = sess.run(y) assert y_value == 1.
def setUp(self): super(TestPerImageStandardize, self).setUp() self.input_shape = (128, 32, 32, 3) self.sess = tf.Session() self.model = MLP(input_shape=self.input_shape, layers=[PerImageStandardize(name='output')]) self.x = tf.placeholder(shape=self.input_shape, dtype=tf.float32) self.y = self.model.get_layer(self.x, 'output') self.y_true = tf.map_fn( lambda ex: tf.image.per_image_standardization(ex), self.x)
def get_model(self, scope): """The model for the picklable models tutorial. """ if self.dataset_name == 'MNIST': nb_filters = 64 nb_classes = self.nb_classes input_shape = (None, 28, 28, 1) layers = [ Conv2D(nb_filters, (8, 8), (2, 2), "SAME"), ReLU(), Conv2D(nb_filters * 2, (6, 6), (2, 2), "VALID"), ReLU(), Conv2D(nb_filters * 2, (5, 5), (1, 1), "VALID"), ReLU(), Flatten(), Linear(nb_classes), Softmax() ] model = MLP(layers, input_shape) if self.dataset_name == 'SVHN': nb_filters = 64 nb_classes = self.nb_classes input_shape = (None, 32, 32, 3) layers = [ Conv2D(nb_filters, (8, 8), (2, 2), "SAME"), ReLU(), Conv2D(nb_filters * 2, (6, 6), (2, 2), "VALID"), ReLU(), Conv2D(nb_filters * 2, (5, 5), (1, 1), "VALID"), ReLU(), Flatten(), Linear(nb_classes), Softmax() ] model = MLP(layers, input_shape) elif self.dataset_name == 'CIFAR10': model = make_wresnet(scope=scope) return model
def make_basic_picklable_cnn(nb_filters=64, nb_classes=10, input_shape=(None, 28, 28, 1)): """The model for the picklable models tutorial. """ layers = [Conv2D(nb_filters, (8, 8), (2, 2), "SAME"), ReLU(), Conv2D(nb_filters * 2, (6, 6), (2, 2), "VALID"), ReLU(), Conv2D(nb_filters * 2, (5, 5), (1, 1), "VALID"), ReLU(), Flatten(), Linear(nb_classes), Softmax()] model = MLP(layers, input_shape) return model
def setUp(self): """ Set up session and build model graph """ super(TestPerImageStandardize, self).setUp() self.input_shape = (128, 32, 32, 3) self.sess = tf.Session() self.model = MLP(input_shape=self.input_shape, layers=[PerImageStandardize(name="output")]) self.x = tf.placeholder(shape=self.input_shape, dtype=tf.float32) self.y = self.model.get_layer(self.x, "output") self.y_true = tf.map_fn(tf.image.per_image_standardization, self.x)
def make_basic_picklable_substitute(nb_filters=200, nb_classes=2, input_shape=(None, 28, 28, 1)): """The model for the picklable models tutorial. """ layers = [ Flatten(), Linear(nb_filters), ReLU(), Linear(nb_filters), ReLU(), Linear(nb_classes), Softmax() ] model = MLP(layers, input_shape) return model
def test_drop(): """test_drop: Make sure dropout is activated successfully""" # We would like to configure the test to deterministically drop, # so that the test does not need to use multiple runs. # However, tf.nn.dropout divides by include_prob, so zero or # infinitesimal include_prob causes NaNs. # 1e-8 does not cause NaNs and shouldn't be a significant source # of test flakiness relative to dependency downloads failing, etc. model = MLP(input_shape=[1, 1], layers=[Dropout(name='output', include_prob=1e-8)]) x = tf.constant([[1]], dtype=tf.float32) y = model.get_layer(x, 'output', dropout=True) sess = tf.Session() y_value = sess.run(y) # Subject to very rare random failure because include_prob is not exact 0 assert y_value == 0., y_value
def test_override(): # Make sure dropout_dict changes dropout probabilities successful # We would like to configure the test to deterministically drop, # so that the test does not need to use multiple runs. # However, tf.nn.dropout divides by include_prob, so zero or # infinitesimal include_prob causes NaNs. # For this test, random failure to drop will not cause the test to fail. # The stochastic version should not even run if everything is working # right. model = MLP(input_shape=[1, 1], layers=[Dropout(name='output', include_prob=1e-8)]) x = tf.constant([[1]], dtype=tf.float32) dropout_dict = {'output': 1.} y = model.get_layer(x, 'output', dropout=True, dropout_dict=dropout_dict) sess = tf.Session() y_value = sess.run(y) assert y_value == 1., y_value
def model_train(file_name=FILE_NAME): """ Creates the joblib file of AllConvolutional CIFAR-10 model trained over the MNIST dataset. Parameters ---------- file_name: str, optional The name of the joblib file. """ layers = [Conv2D(64, (3, 3), (1, 1), "SAME"), ReLU(), Conv2D(128, (3, 3), (1, 1), "SAME"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Conv2D(128, (3, 3), (1, 1), "SAME"), ReLU(), Conv2D(256, (3, 3), (1, 1), "SAME"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Conv2D(256, (3, 3), (1, 1), "SAME"), ReLU(), Conv2D(512, (3, 3), (1, 1), "SAME"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Conv2D(10, (3, 3), (1, 1), "SAME"), GlobalAveragePool(), Softmax()] model = MLP(layers, (None, 32, 32, 3)) cifar10 = CIFAR10(train_start=0, train_end=50000, test_start=0, test_end=10000) x_train, y_train = cifar10.get_set('train') x_test, y_test = cifar10.get_set('test') y_train = y_train.reshape((50000, 10)) y_test = y_test.reshape((10000, 10)) model_training(model, file_name, x_train, y_train, x_test, y_test, nb_epochs=10, batch_size=128, learning_rate=.001, label_smoothing=0.1)
def model_train(file_name=FILE_NAME): """ Creates the joblib file of LeNet-5 trained over the MNIST dataset. Parameters ---------- file_name: str, optional The name of the joblib file. """ layers = [ Conv2D(20, (5, 5), (1, 1), "VALID"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Conv2D(50, (5, 5), (1, 1), "VALID"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Flatten(), Linear(500), ReLU(), Linear(10), Softmax() ] model = MLP(layers, (None, 28, 28, 1)) mnist = MNIST(train_start=0, train_end=60000, test_start=0, test_end=10000) x_train, y_train = mnist.get_set('train') x_test, y_test = mnist.get_set('test') model_training(model, file_name, x_train, y_train, x_test, y_test, nb_epochs=20, batch_size=128, learning_rate=0.001)
def model_train(attack): """ Creates the joblib file of LeNet-5 trained over the augmented MNIST dataset. Parameters ---------- attack: str The augmented dataset used (either "jsma", "wjsma" or "tjsma"). """ layers = [ Conv2D(20, (5, 5), (1, 1), "VALID"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Conv2D(50, (5, 5), (1, 1), "VALID"), ReLU(), MaxPooling2D((2, 2), (2, 2), "VALID"), Flatten(), Linear(500), ReLU(), Linear(10), Softmax() ] model = MLP(layers, (None, 28, 28, 1)) mnist = MNIST(train_start=TRAIN_START, train_end=TRAIN_END, test_start=TEST_START, test_end=TEST_END) x_train, y_train = mnist.get_set('train') x_test, y_test = mnist.get_set('test') x_add = np.load("defense/augmented/" + attack + "_x.npy")[:AUGMENT_SIZE] y_add = np.load("defense/augmented/" + attack + "_y.npy")[:AUGMENT_SIZE] x_train = np.concatenate((x_train, x_add.reshape(x_add.shape + (1,))), axis=0).astype(np.float32) y_train = np.concatenate((y_train, y_add), axis=0).astype(np.float32) model_training(model, "mnist_defense_" + attack + ".joblib", x_train, y_train, x_test, y_test, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE, learning_rate=LEARNING_RATE)