def get_image(fname, framework_name, model_name, data_format): """Get the image suitable for target model.""" kwargs = get_image_format(framework_name, model_name) kwargs['data_format'] = data_format kwargs['fname'] = fname image = load_image(**kwargs) return image
def main(args): imgs_dir = args.imgs_dir input_dir = os.path.join(args.data_dir, imgs_dir, "benign") if not DEBUG: output_dir = os.path.join(args.data_dir, imgs_dir, "adv") if os.path.exists(output_dir): shutil.rmtree(output_dir) os.mkdir(output_dir) image_name_list = os.listdir(input_dir) kmodel = YOLOv3() model = KerasYOLOv3Model(kmodel, bounds=(0, 1)) if args.attack_mtd == 'cw_targetclsmiss': attack = CarliniWagnerLinfMetric(model, criterion=TargetClassMiss(2)) elif args.attack_mtd == 'noise_numberchange': attack = AdditiveGaussianNoiseMetric( model, criterion=TargetClassNumberChange(-1)) elif args.attack_mtd == 'bright_numberchange': attack = BrightnessMetric(model, criterion=TargetClassNumberChange(-1)) else: raise ValueError('Invalid attack method {0}'.format(args.attack_mtd)) for _, image_name in enumerate(tqdm(image_name_list)): temp_img_path_benign = os.path.join(input_dir, image_name) image_benign = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_benign, absolute_path=True) try: annotation_ori = model.predictions(image_benign) if args.attack_mtd == 'cw_targetclsmiss': image_adv_benign = attack(image_benign, binary_search_steps=1, unpack=True) else: image_adv_benign = attack(image_benign, annotation_ori, epsilons=1000, unpack=True) except: print('Attack failed.') continue image_adv_benign_pil = Image.fromarray( (image_adv_benign * 255).astype(np.uint8)) if not DEBUG: image_adv_benign_pil.save(os.path.join(output_dir, image_name))
from perceptron.utils.image import load_image from perceptron.utils.image import imagenet_example from perceptron.utils.criteria.classification import Misclassification from perceptron.utils.image import load_image from perceptron.models.classification.cloud import AipAntiPornModel, GoogleSafeSearchModel, GoogleObjectDetectionModel from perceptron.utils.criteria.classification import MisclassificationSafeSearch from perceptron.utils.criteria.detection import TargetClassMissGoogle from perceptron.attacks import GaussianBlurAttack def test_untargeted_SafeSearch(image, label=None): model = GoogleSafeSearchModel() pred = model.predictions(image) attack = Attack(model, criterion=MisclassificationSafeSearch()) adversarial_obj = attack(image, label, unpack=False, epsilons=100) print(adversarial_obj.distance) return adversarial_obj.distance, adversarial_obj.image if __name__ == "__main__": path = 'mia.png' img = load_image(dtype=np.uint8, fname=path) dist, image = test_untargeted_SafeSearch(img) from PIL import Image print(image.shape) print(image[0][0]) adversarial_show = (image).astype(np.uint8) img = Image.fromarray(adversarial_show).save( './perceptron/utils/images/test_out_safe_search.png')
model = PyTorchModel( vgg16, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) print(np.argmax(model.predictions(image))) attack = Attack(model, criterion=Misclassification()) print(image.shape) adversarial = attack(image, label, unpack=True) def test_untargeted_resnet18(image, label=None): import torch import torchvision.models as models from perceptron.models.classification import PyTorchModel mean = np.array([0.485, 0.456, 0.406]).reshape((3, 1, 1)) std = np.array([0.229, 0.224, 0.225]).reshape((3, 1, 1)) resnet18 = models.resnet18(pretrained=True).eval() if torch.cuda.is_available(): resnet18 = resnet18.cuda() model = PyTorchModel( resnet18, bounds=(0, 1), num_classes=1000, preprocessing=(mean, std)) print(np.argmax(model.predictions(image))) attack = Attack(model, criterion=Misclassification()) adversarial = attack(image, label, unpack=True) if __name__ == "__main__": image = load_image( shape=(224, 224), data_format='channels_first', fname='car.png') image = image / 255. label = 644 test_untargeted_vgg16(image, label)
if __name__ == "__main__": import csv import pdb file_name = '../temp_test_result.csv' img_dir = '../temp_images' with open(file_name, 'w') as csvfile: writer = csv.writer(csvfile, delimiter=',', quotechar='"', quoting=csv.QUOTE_MINIMAL) writer.writerow(["model", "result"]) from PIL import Image # alexnet image = load_image(shape=(224, 224), data_format='channels_first', fname='test_car.png') image = image / 255. label = 656 distance, adversarial = test_untargeted_AlexNet(image, label) adversarial_show = np.transpose(adversarial, (1, 2, 0)) adversarial_show = (adversarial_show * 255).astype(np.uint8) img = Image.fromarray(adversarial_show).save(img_dir + '/test_out_alex.png') with open(file_name, 'a') as csvfile: writer = csv.writer(csvfile, delimiter=',', quotechar='"', quoting=csv.QUOTE_MINIMAL) writer.writerow(["alexnet", "{0:.4e}".format(distance.value)])
'https://perceptron-benchmark.s3-us-west-1.amazonaws.com/images/p**n.jpeg') # fill in your Baidu AIP credentials appId = '#' apiKey = '#' secretKey = "#" if appId is '#': print(bcolors.RED + 'Please fill in your Baidu AIP credential.') exit(0) credential = (appId, apiKey, secretKey) model = AipAntiPornModel(credential) # get source image and label image = load_image(dtype=np.uint8, fname='p**n.jpeg') metric = RotationMetric(model, criterion=MisclassificationAntiPorn()) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, ang_range=(-90., 90.), epsilons=50, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info ##################################### keywords = ['Cloud', 'AipAntiPorn', 'Misclassification', 'Rotation'] true_label = str(model.predictions(image))
def main(args): imgs_dir = args.imgs_dir input_benign_dir = os.path.join(args.data_dir, imgs_dir, "benign") input_adv_dir = os.path.join(args.data_dir, imgs_dir, "adv") input_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type) input_adv_squz_dir = os.path.join(args.data_dir, imgs_dir, args.squeeze_type + '_adv') output_benign_dir = os.path.join(args.data_dir, imgs_dir, "results_benign") output_adv_dir = os.path.join(args.data_dir, imgs_dir, "results_adv") output_squz_dir = os.path.join(args.data_dir, imgs_dir, 'results_' + args.squeeze_type) output_adv_squz_dir = os.path.join(args.data_dir, imgs_dir, 'results_' + args.squeeze_type + '_adv') for check_dir in [ output_benign_dir, output_adv_dir, output_squz_dir, output_adv_squz_dir ]: if os.path.exists(check_dir): shutil.rmtree(check_dir) os.mkdir(check_dir) image_name_list = os.listdir(input_adv_dir) kmodel = YOLOv3() model = KerasYOLOv3Model(kmodel, bounds=(0, 1)) for _, image_name in enumerate(tqdm(image_name_list)): image_name_noext = os.path.splitext(image_name)[0] temp_img_path_benign = os.path.join(input_benign_dir, image_name) temp_img_path_squz = os.path.join(input_squz_dir, image_name) temp_img_path_adv = os.path.join(input_adv_dir, image_name) temp_img_path_adv_squz = os.path.join(input_adv_squz_dir, image_name) try: print(temp_img_path_benign) image_benign = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_benign, absolute_path=True) image_benign_squz = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_squz, absolute_path=True) image_adv = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_adv, absolute_path=True) image_adv_squz = load_image(shape=(416, 416), bounds=(0, 1), fname=temp_img_path_adv_squz, absolute_path=True) except: print('loading images error.') continue try: output_benign = model.predictions(image_benign) output_adv = model.predictions(image_adv) output_benign_squz = model.predictions(image_benign_squz) output_adv_squz = model.predictions(image_adv_squz) with open( os.path.join(output_benign_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign, f, protocol=pickle.HIGHEST_PROTOCOL) with open(os.path.join(output_adv_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv, f, protocol=pickle.HIGHEST_PROTOCOL) with open(os.path.join(output_squz_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_benign_squz, f, protocol=pickle.HIGHEST_PROTOCOL) with open( os.path.join(output_adv_squz_dir, image_name_noext + '.pkl'), 'wb') as f: pickle.dump(output_adv_squz, f, protocol=pickle.HIGHEST_PROTOCOL) # draw = draw_letterbox(image_benign, output_benign, (416, 416), model.class_names()) # draw.save('./temp/{0}_benign.png'.format(image_name_noext)) # draw = draw_letterbox(image_adv, output_adv, (416, 416), model.class_names()) # draw.save('./temp/{0}_adv.png'.format(image_name_noext)) # draw = draw_letterbox(image_benign_squz, output_benign_squz, (416, 416), model.class_names()) # draw.save('./temp/{0}_benign_squz.png'.format(image_name_noext)) # draw = draw_letterbox(image_adv_squz, output_adv_squz, (416, 416), model.class_names()) # draw.save('./temp/{0}_adv_squz.png'.format(image_name_noext)) except: print(image_name, ' generating error.') continue
from perceptron.zoo.ssd_300.keras_ssd300 import SSD300 from perceptron.models.detection.keras_ssd300 import KerasSSD300Model from perceptron.utils.image import load_image from perceptron.benchmarks.brightness import BrightnessMetric from perceptron.utils.criteria.detection import TargetClassMiss from perceptron.utils.tools import bcolors from perceptron.utils.tools import plot_image_objectdetection # instantiate the model from keras applications ssd300 = SSD300() # initialize the KerasResNet50RetinaNetModel kmodel = KerasSSD300Model(ssd300, bounds=(0, 255)) # get source image and label # the model expects values in [0, 1], and channles_last image = load_image(shape=(300, 300), bounds=(0, 255), fname='car.png') metric = BrightnessMetric(kmodel, criterion=TargetClassMiss(7)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info ##################################### keywords = ['Keras', 'SSD300', 'TargetClassMiss', 'BrightnessMetric']
""" Test case for PyTorch""" from perceptron.models.detection.pytorch_mask_rcnn import PyTorchMaskRCNNModel from perceptron.utils.image import load_image from perceptron.benchmarks.brightness import BrightnessMetric from perceptron.utils.criteria.detection import TargetClassMiss from perceptron.utils.tools import bcolors from perceptron.utils.tools import plot_image_objectdetection pmodel = PyTorchMaskRCNNModel(bounds=(0, 255)) # get source image and label # the model expects values in [0, 1], and channles_last image = load_image(shape=(416, 416), bounds=(0, 255), fname='car.png', data_format='channels_last') metric = BrightnessMetric(pmodel, criterion=TargetClassMiss(2)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info #####################################
""" Test case for Keras """ from perceptron.models.detection.keras_retina_resnet50 import KerasResNet50RetinaNetModel from perceptron.utils.image import load_image from perceptron.benchmarks.brightness import BrightnessMetric from perceptron.utils.criteria.detection import TargetClassMiss from perceptron.utils.tools import bcolors from perceptron.utils.tools import plot_image_objectdetection # initialize the KerasResNet50RetinaNetModel kmodel = KerasResNet50RetinaNetModel(bounds=(0, 255)) # get source image and label # the model expects values in [0, 1], and channles_last image = load_image(shape=(416, 416), bounds=(0, 255), fname='car.png') metric = BrightnessMetric(kmodel, criterion=TargetClassMiss(2)) print(bcolors.BOLD + 'Process start' + bcolors.ENDC) adversary = metric(image, unpack=False) print(bcolors.BOLD + 'Process finished' + bcolors.ENDC) if adversary.image is None: print(bcolors.WARNING + 'Warning: Cannot find an adversary!' + bcolors.ENDC) exit(-1) ################### print summary info ##################################### keywords = ['Keras', 'RetinaResnet50', 'TargetClassMiss', 'BrightnessMetric']