def run(self, x, y, ds_init=None, *args, **kargs):
x = CArray(x).atleast_2d()
y = CArray(y).atleast_2d()
x_init = None if ds_init is None else CArray(ds_init.X).atleast_2d()
# only consider samples that can be manipulated
v = self.is_attack_class(y)
idx = CArray(v.find(v)).ravel()
# print(v, idx)
# number of modifiable samples
n_mod_samples = idx.size
adv_ds = CDataset(x.deepcopy(), y.deepcopy())
# If dataset is sparse, set the proper attribute
if x.issparse is True:
self._issparse = True
# array in which the value of the optimization function are stored
fs_opt = CArray.zeros(n_mod_samples, )
y_pred = CArray.zeros(n_mod_samples, )
scores = CArray.zeros((n_mod_samples, 2))
for i in range(n_mod_samples):
k = idx[i].item() # idx of sample that can be modified
xi = x[k, :] if x_init is None else x_init[k, :]
x_opt, f_opt = self._run(x[k, :], y[k], x_init=xi, *args, **kargs)
self.logger.info(
"Point: {:}/{:}, dmax:{:}, f(x):{:}, eval:{:}/{:}".format(
k, x.shape[0], self._dmax, f_opt, self.f_eval,
self.grad_eval))
if x_opt.shape[-1] > adv_ds.X.shape[-1]:
# Need to resize the whole adv dataset, since CDataset can't deal with varying vector sizes
new_length = x_opt.shape[-1]
adv_ds.X = adv_ds.X.resize((adv_ds.X.shape[0], new_length),
256)
adv_ds.X[k, :min(adv_ds.X.shape[-1], x_opt.shape[-1])] = x_opt
fs_opt[i] = f_opt
y_p, score = self.problem.model_wrapper.predict(
x_opt, return_decision_function=True)
scores[i, :] = score[0, :]
y_pred[i] = y_p
# Return the mean objective function value on the evasion points (
# computed from the outputs of the surrogate classifier)
f_obj = fs_opt.mean()
return y_pred, scores, adv_ds, f_obj
tr_X, tr_Y, cv_X, cv_Y, te_X, te_Y = load_sentiment_dataset(
classification_type='binary')
all_classes = list(np.unique(te_Y))
print(all_classes)
tr_X, tr_Y = CArray(tr_X), CArray(tr_Y)
cv_X, cv_Y = CArray(cv_X), CArray(cv_Y)
te_X, te_Y = CArray(te_X), CArray(te_Y)
ds_tr_secml = CDataset(tr_X, tr_Y)
#print(ds_tr_secml.classes, ds_tr_secml.num_classes, ds_tr_secml.num_features, ds_tr_secml.num_samples)
ds_te_secml = CDataset(te_X, te_Y)
ds_cv_secml = CDataset(cv_X, cv_Y)
normalizer = CNormalizerMinMax()
ds_tr_secml.X = normalizer.fit_transform(ds_tr_secml.X)
ds_te_secml.X = normalizer.transform(ds_te_secml.X)
ds_cv_secml.X = normalizer.transform(ds_cv_secml.X)
# =============================================================================
# #TEST WITH SKLEARN SVM
# sklearn_clf = svm.SVC(C = 1, kernel = 'rbf', gamma = 1.0)
# secml_sklearn_clf = c_classifier_sklearn.CClassifierSkLearn(sklearn_clf)
# secml_sklearn_clf.fit(ds_tr_secml)
# preds = secml_sklearn_clf.predict(ds_te_secml.X)
# metric = CMetricAccuracy()
# acc = metric.performance_score(y_true = ds_te_secml.Y, y_pred = preds)
# print("Accuracy on test set: {:.2%}".format(acc))
# probs = secml_sklearn_clf.predict_proba(ds_te_secml.X) #Doesn't work
#
# #sklearn here isn't supported for performing adversarial attacks, only the native SVM of secml supports adversarial attacks
def run(self, x, y, ds_init=None) -> Tuple[CArray, CArray, CDataset, Any]:
"""
Runs the genetic algorithms.
Parameters
----------
x : CArray
input sample to perturb
y : CArray
original class
ds_init : CDataset, optional, default None
the initialization point.
Default is None
Returns
-------
CArray
y_pred : the predicted label after the attack
CArray
scores : the scores after the attack
CDataset
adv_ds : the CDataset containing the adversarial points
CArray
f_obj : the mean value for the objective function
"""
x = CArray(x).atleast_2d()
y = CArray(y).atleast_2d()
x_init = None if ds_init is None else CArray(ds_init.X).atleast_2d()
# only consider samples that can be manipulated
v = self.is_attack_class(y)
idx = CArray(v.find(v)).ravel()
# print(v, idx)
# number of modifiable samples
n_mod_samples = idx.size
adv_ds = CDataset(x.deepcopy(), y.deepcopy())
# If dataset is sparse, set the proper attribute
if x.issparse is True:
self._issparse = True
# array in which the value of the optimization function are stored
fs_opt = CArray.zeros(n_mod_samples, )
y_pred = CArray.zeros(n_mod_samples, )
scores = CArray.zeros((n_mod_samples, 2))
for i in range(n_mod_samples):
k = idx[i].item() # idx of sample that can be modified
xi = x[k, :] if x_init is None else x_init[k, :]
x_opt, f_opt = self._run(x[k, :], y[k], x_init=xi)
self.logger.info("Point: {:}/{:}, f(x):{:}, eval:{:}/{:}".format(
k, x.shape[0], f_opt, self.f_eval, self.grad_eval))
if x_opt.shape[-1] > adv_ds.X.shape[-1]:
# Need to resize the whole adv dataset, since CDataset can't deal with varying vector sizes
new_length = x_opt.shape[-1]
adv_ds.X = adv_ds.X.resize((adv_ds.X.shape[0], new_length),
256)
adv_ds.X[k, :min(adv_ds.X.shape[-1], x_opt.shape[-1])] = x_opt
fs_opt[i] = f_opt
y_p, score = self.problem.model_wrapper.predict(
x_opt, return_decision_function=True)
scores[i, :] = score[0, :]
y_pred[i] = y_p
# Return the mean objective function value on the evasion points (
# computed from the outputs of the surrogate classifier)
f_obj = fs_opt.mean()
return y_pred, scores, adv_ds, f_obj