Python RandomPGD示例

示例#1

            x_train.shape[1:], 300, 100, dropout, 0, 0)
    elif args.experiment_type == "five_layer_dnn":
        kmodel = neural_networks.symmetric_five_layer_nn_foolbox(
            x_train.shape[1:], dropout, dropout)
    elif args.experiment_type == "six_layer_dnn":
        kmodel = neural_networks.asymmetric_six_layer_nn_foolbox(
            x_train.shape[1:], dropout, dropout)
    # elif args.experiment_type == "VGG":
    #     classifier = convolutional.mini_VGG(dropout_levels[dropout], "mnist")
    # elif args.experiment_type == "leNet5":
    #     classifier = convolutional.leNet_cnn_single(dropout_levels[dropout])

    kmodel.fit(x_train, y_train, epochs=50, batch_size=128)
    # kmodel.fit(x_train, y_train, epochs=20, batch_size=128)

    attack = RandomPGD(model=kmodel)

    adversarial = attack(x_test[:10],
                         np.argmax(y_test[:10], axis=1),
                         iterations=60)
    # adversarial = attack(x_test[:1000], np.argmax(y_test[:1000], axis=1), iterations=60)

    # For those samples for which the L2 method does not produce an adversarial sample within the attack parameters,
    # we exclude them from the perturbation evaluation. the None given by the attack with the original input.

    failed = 0
    perturbations = []
    adv_examples = []
    orig_examples = []
    correct_labels = []

示例#2

文件： l1_regularization_targeted.py 项目： ap8415/adversarial-robustness-toolbox

            model = convolutional.vgg_model_wide(args.dataset, 0, l1, 0)
        elif args.experiment_type == "leNet":
            model = convolutional.leNet_model_wide(0, l1, 0)
        else:
            raise Exception("Invalid model!")

        model.fit(x_train, y_train, epochs=50, batch_size=128)
        preds = np.argmax(model.predict(x_test), axis=1)

        kmodel = KerasModel(model=model, bounds=(min_, max_))

        attack = None
        if args.attack_type == 'l2':
            attack = CarliniWagnerL2Attack(kmodel, TargetClass(7))
        elif args.attack_type == 'linf':
            attack = RandomPGD(kmodel, TargetClass(7))

        x_sample = np.take(x_test, ones, axis=0)

        # We exclude by default those examples which are not predicted by the classifier as 1s.
        true_ones = np.where(preds == 1)[0]

        x_sample = np.take(x_sample, true_ones, axis=0)
        y_sample = np.array([to_one_hot(1) for _ in x_sample])

        adversarial = None
        if args.attack_type == 'l2':
            adversarial = attack(x_sample,
                                 np.argmax(y_sample, axis=1),
                                 binary_search_steps=5,
                                 max_iterations=600)

示例#3

文件： pooling_vs_fc.py 项目： ap8415/adversarial-robustness-toolbox

                model = convolutional.leNet_dense(dropout, 0, 0)
            else:
                raise Exception("Invalid dropout style!")
        else:
            raise Exception("Invalid model!")

        model.fit(x_train, y_train, epochs=50, batch_size=128)
        preds = np.argmax(model.predict(x_test), axis=1)

        kmodel = KerasModel(model=model, bounds=(min_, max_))

        attack = None
        if args.attack_type == 'l2':
            attack = CarliniWagnerL2Attack(kmodel, Misclassification())
        elif args.attack_type == 'linf':
            attack = RandomPGD(kmodel, Misclassification())

        x_sample = x_test[:1000]
        y_sample = y_test[:1000]

        adversarial = None
        if args.attack_type == 'l2':
            adversarial = attack(x_sample, np.argmax(y_sample, axis=1), binary_search_steps=5, max_iterations=600)
        else:
            adversarial = attack(x_sample, np.argmax(y_sample, axis=1), iterations=30)

        failed = 0
        misclassified = 0

        perturbations = []
        adv_examples = []