def pick_pert(sub_dirs, image_names, pert, f): """ 利用计算好的干扰筛选训练集, 成功与失败的样本的文件名分别保存到.txt文件中. Args: sub_dirs: 保存有数据集根目录下所有文件夹完整路径的list image_names: 保存有每个dir下所有图片的名称 pert: 预计算的干扰值 f: 前馈函数 """ for i in range(len(sub_dirs)): dir_name = os.path.basename(sub_dirs[i]) succ_path = os.path.join('data/pick_pert', (str(dir_name) + '.txt')) fail_path = os.path.join('data/pick_pert', (str(dir_name) + '_fail.txt')) if os.path.isfile(succ_path): # os.remove(succ_path) continue elif os.path.isfile(fail_path): # os.remove(fail_path) continue perted_name = [] fail_name = [] cnt = 0 prefix_path = sub_dirs[i] total_cnt = len(image_names[i]) for j in range(total_cnt): img_path = os.path.join(prefix_path, image_names[i][j]) image_original = read_n_preprocess( img_path) # return a array of dimension 4 # 计算裁剪后的干扰量,重新生成对抗样本 clipped_v = np.clip( undo_image_avg(image_original[0, :, :, :] + pert[0, :, :, :]), 0, 255) - np.clip(undo_image_avg(image_original[0, :, :, :]), 0, 255) image_perturbed = image_original + clipped_v[None, :, :, :] # 筛选干扰成功和失败的文件名 # 文件名的格式为:【文件名】 + 【模型预测值】 perted_pred = int(np.argmax( np.array(f(image_perturbed)).flatten())) if int(np.argmax(np.array( f(image_original)).flatten())) != perted_pred: perted_name.append(image_names[i][j] + '-' + str(perted_pred)) cnt += 1 else: fail_name.append(image_names[i][j] + '-' + str(perted_pred)) # 保存文件名和对应的label数据为.txt文件 save_pert(data_list=[perted_name, fail_name], dest_path_list=[succ_path, fail_path]) print('|++++++++++++++++++++++++++++++++++++++++++++++++++++') print('|++PICK PERT: Folder %s is processed successfully!!' % str(dir_name)) print('|++Success Num: %d @ Fail Num: %d' % (cnt, (total_cnt - cnt)))
def pick_test_pert(sub_dirs, image_names, pert, f): """利用计算好的干扰筛选测试集,验证集 """ for i in range(len(sub_dirs)): dir_name = os.path.basename(sub_dirs[i]) # 'test' or 'vali' pert_path = os.path.join('data/pick_pert', dir_name) if not os.path.exists(pert_path): os.makedirs(pert_path) perted_file = [] cnt = 0 # 干扰成功样本计数 prefix_path = sub_dirs[i] # 测试集,验证集各取一半(50000,25000) if dir_name == 'test': limit_cnt = 50000 else: limit_cnt = 25000 total_cnt = min(len(image_names[i]), limit_cnt) # 需要挑选的样本数(test 50000,vali 25000) num_per_class = int(total_cnt / 1000) # 1000个类别平均划分的测试/验证样本数 orin_file = np.zeros((1000, num_per_class+1), dtype=np.int) # 记录干扰成功样本的真实label for j in range(len(image_names[i])): img_path = os.path.join(prefix_path, image_names[i][j]) image_original = read_n_preprocess(img_path) # return a array of dimension 4 # 计算裁剪后的干扰量,重新生成对抗样本 clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:] + pert[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255) image_perturbed = image_original + clipped_v[None, :, :, :] # 筛选干扰成功和失败的文件名 # 文件名的格式为:【文件名】 + 【模型预测值】 perted_pred = int(np.argmax(np.array(f(image_perturbed)).flatten())) orin_pred = int(np.argmax(np.array(f(image_original)).flatten())) if orin_pred != perted_pred: perted_file.append(image_names[i][j] + '-' + str(perted_pred)) cnt += 1 # 顺便计算bottleneck值,避免重复计算 orin_file[int((cnt-1)/num_per_class)][(cnt-1)%num_per_class+1] = orin_pred if cnt % num_per_class == 0: # 填充真实label,每行结束时写入该行有效label数量 orin_file[int((cnt-1)/num_per_class)][0] = num_per_class if cnt >= total_cnt: break orin_file[int((cnt-1)/num_per_class)][0] = (cnt-1) % num_per_class +1 # 保存干扰成功样本的original label np.save(os.path.join('data/ground_truth', 'orin_%s.npy' % dir_name), orin_file) # 以num_per_class个样本为单位生成pick pert文件 for i in range(math.ceil(cnt/num_per_class)): start = i * num_per_class end = min((i+1)*num_per_class, cnt) dest_path = os.path.join(pert_path, '%s_%d.txt' % (dir_name, i)) # 保存文件名和对应的label数据为.txt文件 save_pert(data_list=[perted_file[start : end]], dest_path_list=[dest_path]) print('|++++++++++++++++++++++++++++++++++++++++++++++++++++') print('|++PICK PERT: Folder %s is processed successfully!!' % str(dir_name)) print('|++Success Num: %d' % cnt)
# import matplotlib # noise = pre_v/255.0 # matplotlib.image.imsave('noise.png', noise.reshape(224,224,3)) X = np.load(os.path.join('data', npy_data)) target_fooling_rate = target_fooling_rate_calc(v=pre_v, dataset=X, f=f, target=target) print("") print('TARGET FOOLING RATE = ', target_fooling_rate) # Show original and perturbed image plt.figure() plt.subplot(1, 2, 1) plt.imshow(undo_image_avg( image_original[0, :, :, :]).astype(dtype='uint8'), interpolation=None) plt.title(str_label_original) # plt.subplot(1, 2, 2) # plt.imshow(undo_image_avg(image_perturbed[0, :, :, :]).astype(dtype='uint8'), interpolation=None) # plt.title(str_label_perturbed) str_label_ = img2str(f=f, img=pre_v.reshape(224, 224, 3)) plt.subplot(1, 2, 2) plt.imshow(undo_image_avg(pre_v.reshape(224, 224, 3)).astype(dtype='uint8'), interpolation=None) plt.title(str_label_) plt.show()
else: print ">> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation v = np.load(file_perturbation) print ">> Testing the universal perturbation on an image" # Test the perturbation on the image labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n') image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb") label_original = np.argmax(f(image_original), axis=1).flatten() str_label_original = labels[np.int(label_original)-1].split(',')[0] # Clip the perturbation to make sure images fit in uint8 clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:]+v[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255) image_perturbed = image_original + clipped_v[None, :, :, :] label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten() str_label_perturbed = labels[np.int(label_perturbed)-1].split(',')[0] # Show original and perturbed image plt.figure() plt.subplot(1, 2, 1) plt.imshow(undo_image_avg(image_original[0, :, :, :]).astype(dtype='uint8'), interpolation=None) plt.title(str_label_original) plt.subplot(1, 2, 2) plt.imshow(undo_image_avg(image_perturbed[0, :, :, :]).astype(dtype='uint8'), interpolation=None) plt.title(str_label_perturbed)
print('>> Testing the universal perturbation on an image') # Test the perturbation on the image labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n') image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb") label_original = np.argmax(f(image_original), axis=1).flatten() str_label_original = labels[np.int(label_original) - 1].split(',')[0] # Clip the perturbation to make sure images fit in uint8 clipped_v = np.clip( undo_image_avg(image_original[0, :, :, :] + v[0, :, :, :]), 0, 255) - np.clip(undo_image_avg(image_original[0, :, :, :]), 0, 255) image_perturbed = image_original + clipped_v[None, :, :, :] label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten() str_label_perturbed = labels[np.int(label_perturbed) - 1].split(',')[0] # Show original and perturbed image fig = plt.figure() plt.subplot(1, 2, 1) plt.imshow(undo_image_avg( image_original[0, :, :, :]).astype(dtype='uint8'), interpolation=None) plt.title(str_label_original) plt.subplot(1, 2, 2)
print(' >> has {} images'.format(image_original.shape[0])) list_out = [] names_images = os.listdir(path) for x in range(image_original.shape[0]): img_original = np.reshape(image_original[x, :, :, :], [ -1, image_original.shape[1], image_original.shape[2], image_original.shape[3] ]) image_averaged = avg(img_original, k=ka) image_gaus = do_gaus_conv(img_original, kg) # Clip the perturbation to make sure images fit in uint8 clipped_v = np.clip( undo_image_avg(img_original[0, :, :, :] + v[0, :, :, :]), 0, 255) - np.clip(undo_image_avg(img_original[0, :, :, :]), 0, 255) image_perturbed = img_original + clipped_v[None, :, :, :] image_averaged_pert = avg(image_perturbed.astype('float32'), ka) image_gaus_pert = do_gaus_conv( image_perturbed.astype('float32'), size=kg) label_original = np.argmax(f(img_original), axis=1).flatten() str_label_original = labels[np.int(label_original) - 1].split(',')[0] label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten()
else: print('>> Found a pre-computed universal perturbation! Retrieving it from ", file_perturbation') v = np.load(file_perturbation) print('>> Testing the universal perturbation on an image') # Test the perturbation on the image labels = open(os.path.join('data', 'labels.txt'), 'r').read().split('\n') image_original = preprocess_image_batch([path_test_image], img_size=(256, 256), crop_size=(224, 224), color_mode="rgb") label_original = np.argmax(f(image_original), axis=1).flatten() str_label_original = labels[np.int(label_original)-1].split(',')[0] image_ROF_5 = denoise_wavelet(undo_image_avg(image_original[0,:,:,:]).astype(dtype='uint8')/255, multichannel=True) label_ROF_5 = np.argmax(f(image_ROF_5), axis=1).flatten() str_label_ROF_5 = labels[np.int(label_ROF_5)-1].split(',')[0] image_ROF = denoise_tv_chambolle(image_original, weight=10, multichannel=True) label_ROF = np.argmax(f(image_ROF), axis=1).flatten() str_label_ROF = labels[np.int(label_ROF)-1].split(',')[0] image_ROF_20 = denoise_tv_chambolle(image_original, weight=20, multichannel=True) label_ROF_20 = np.argmax(f(image_ROF_20), axis=1).flatten() str_label_ROF_20 = labels[np.int(label_ROF_20)-1].split(',')[0] # Clip the perturbation to make sure images fit in uint8 clipped_v = np.clip(undo_image_avg(image_original[0,:,:,:]+v[0,:,:,:]), 0, 255) - np.clip(undo_image_avg(image_original[0,:,:,:]), 0, 255) image_perturbed = image_original + clipped_v[None, :, :, :] label_perturbed = np.argmax(f(image_perturbed), axis=1).flatten()