def __init__(self, restore=None, session=None, use_log=False, use_brelu=False): def bounded_relu(x): return K.relu(x, max_value=1) if use_brelu: activation = bounded_relu else: activation = 'relu' self.num_channels = 1 self.image_size = 28 self.num_labels = 10 model = Sequential() model.add(Conv2D(32, (3, 3), input_shape=(28, 28, 1))) model.add(Activation(activation)) model.add(Conv2D(32, (3, 3))) model.add(Activation(activation)) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Conv2D(64, (3, 3))) model.add(Activation(activation)) model.add(Conv2D(64, (3, 3))) model.add(Activation(activation)) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(200)) model.add(Activation(activation)) model.add(Dense(200)) model.add(Activation(activation)) model.add(Dense(10)) # output log probability, used for black-box attack if use_log: model.add(Activation('softmax')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.model = model self.layer_outputs = layer_outputs
def __init__(self, model=None, session=None, use_softmax=False): self.num_channels = 3 self.image_size = 32 self.num_labels = 10 if not use_softmax: model.layers.pop() layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore=None, session=None, use_softmax=False): self.num_channels = 1 self.image_size = 28 self.num_labels = 10 self.shape = [None, 28, 28, self.num_channels] model = Sequential() model.add( Conv2D(6, (5, 5), padding='valid', activation='relu', kernel_initializer='he_normal', input_shape=(28, 28, 1), name='l1')) model.add(MaxPooling2D((2, 2), strides=(2, 2), name='l2')) model.add( Conv2D(16, (5, 5), padding='valid', activation='relu', kernel_initializer='he_normal', name='l3')) model.add(MaxPooling2D((2, 2), strides=(2, 2), name='l4')) model.add(Flatten()) model.add( Dense(120, activation='relu', kernel_initializer='he_normal', name='l5')) model.add( Dense(84, activation='relu', kernel_initializer='he_normal', name='l6')) model.add( Dense(10, activation='softmax', kernel_initializer='he_normal', name='l7')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore=None, session=None, use_softmax=False, use_brelu=False, activation="relu", de=False, attack='fgsm', epoch=49): def bounded_relu(x): return K.relu(x, max_value=1) if use_brelu: activation = bounded_relu else: activation = activation print("inside CIFARModel: activation = {}".format(activation)) self.num_channels = 3 self.image_size = 32 self.num_labels = 10 x = tf.placeholder(tf.float32, shape=(None, 32, 32, 3)) y = tf.placeholder(tf.float32, shape=(None, 10)) input_shape, nb_classes = get_shape('cifar10') model = model_dict[restore](input_shape, nb_classes, False) preds = model(x) if de == True: model_path = '../../de_models/' + attack + '/' + 'cifar10_' + restore + '/' + str( epoch) + '/' + restore + '.model' else: model_path = '/mnt/dyz/models/' + 'cifar10_' + restore + '/' + str( epoch) + '/' + restore + '.model' saver = tf.train.Saver() saver.restore(session, model_path) print("load model successfully") layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore=None, session=None, use_softmax=False, use_brelu = False, activation = "relu"): def bounded_relu(x): return K.relu(x, max_value=1) if use_brelu: activation = bounded_relu else: activation = activation print("inside CIFARModel: activation = {}".format(activation)) self.num_channels = 3 self.image_size = 32 self.num_labels = 10 model = Sequential() model.add(Conv2D(64, (3, 3), input_shape=(32, 32, 3))) model.add(Activation(activation)) model.add(Conv2D(64, (3, 3))) model.add(Activation(activation)) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Conv2D(128, (3, 3))) model.add(Activation(activation)) model.add(Conv2D(128, (3, 3))) model.add(Activation(activation)) model.add(MaxPooling2D(pool_size=(2, 2))) model.add(Flatten()) model.add(Dense(256)) model.add(Activation(activation)) model.add(Dense(256)) model.add(Activation(activation)) model.add(Dense(10)) if use_softmax: model.add(Activation('softmax')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore=None, session=None, use_softmax=False): self.num_channels = 1 self.image_size = 28 self.num_labels = 10 self.shape = [None, 28, 28, self.num_channels] model = Sequential() kernel_size = (5, 5) drop_rate = 0.3 model.add( Conv2D(32, kernel_size, activation='relu', padding='same', name='block1_conv1', input_shape=(28, 28, 1))) # 1 model.add(MaxPooling2D(pool_size=(2, 2), name='block1_pool1')) # 2 model.add(Dropout(drop_rate)) # block2 model.add( Conv2D(64, kernel_size, activation='relu', padding='same', name='block2_conv1')) # 4 model.add(MaxPooling2D(pool_size=(2, 2), name='block2_pool1')) # 5 model.add(Dropout(drop_rate)) model.add(Flatten(name='flatten')) model.add(Dense(120, activation='relu', name='fc1')) # -5 model.add(Dropout(drop_rate)) model.add(Dense(84, activation='relu', name='fc2')) # -3 model.add(Dense(10, name='before_softmax')) # -2 model.add(Activation('softmax', name='predictions')) # if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, model, session=None, use_softmax=False): self.num_channels = 1 self.image_size = 28 self.num_labels = 10 # output log probability, used for black-box attack if not use_softmax: model.layers.pop() layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.model = model self.layer_outputs = layer_outputs
def __init__(self, params, restore=None, session=None, use_log=False, image_size=28, image_channel=1, activation='relu'): self.image_size = image_size self.num_channels = image_channel self.num_labels = 10 model = Sequential() model.add(Flatten(input_shape=(image_size, image_size, image_channel))) # list of all hidden units weights self.U = [] for param in params: # add each dense layer, and save a reference to list U self.U.append(Dense(param)) model.add(self.U[-1]) # ReLU activation # model.add(Activation(activation)) if activation == "arctan": model.add(Lambda(lambda x: tf.atan(x))) else: model.add(Activation(activation)) self.W = Dense(10) model.add(self.W) # output log probability, used for black-box attack if use_log: model.add(Activation('softmax')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore = None, session=None, use_softmax=False): self.num_channels = 1 self.image_size = 28 self.num_labels = 10 self.shape = [None, 28*28] model = Sequential() model.add(Dense(512, activation='relu', input_shape=(28*28,), name='dense_1')) model.add(Dropout(0.2, name='d1')) model.add(Dense(512, activation='relu', name='dense_2')) model.add(Dropout(0.2, name='d2')) model.add(Dense(10, activation='softmax', name='dense_3')) if restore: model.load_weights(restore, by_name=True) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore = None, session=None, use_log=False): self.num_channels = 3 self.image_size = 32 self.num_labels = 10 model = Sequential() model.add(Flatten(input_shape=(32, 32, 3))) model.add(Dense(1024)) model.add(Activation('softplus')) model.add(Dense(10)) # output log probability, used for black-box attack if use_log: model.add(Activation('softmax')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
s1 = style_loss(style_features, gen_img_features) # We need to devide the loss by the number of layers that we take into account loss += (STYLE_WEIGHT / len(feature_layer_names)) * s1 loss += TV_WEIGHT * total_variation_loss(gen_img) # Calculate gradients grads = K.gradients(loss, gen_img) outputs = [loss] if isinstance(grads, (list, tuple)): outputs += grads else: outputs.append(grads) # Define a Keras function f_output = K.function([gen_img], outputs) def eval_loss_and_grads(x): if K.image_data_format() == 'channels_first': x = x.reshape((1, 3, img_h, img_w)) else: x = x.reshape((1, img_h, img_w, 3)) # Update the loss and the gradients outs = f_output([x]) loss_value = outs[0] if len(outs[1:]) == 1: grad_values = outs[1].flatten().astype('float64') else: grad_values = np.array(outs[1:]).flatten().astype('float64') return loss_value, grad_values
def __init__(self, restore=None, session=None, use_softmax=False): self.num_channels = 3 self.image_size = 32 self.num_labels = 10 self.shape = [None, 32, 32, self.num_channels] model = Sequential() model.add( Conv2D(64, (3, 3), activation='relu', padding='same', name='block1_conv1', input_shape=(32, 32, 3))) # 1 model.add(BatchNormalization(name="batch_normalization_1")) # 2 model.add( Conv2D(64, (3, 3), activation='relu', padding='same', name='block1_conv2')) # 3 model.add(BatchNormalization(name="batch_normalization_2")) model.add(MaxPooling2D((2, 2), strides=(2, 2), name='block1_pool')) # 4 # Block 2 model.add( Conv2D(128, (3, 3), activation='relu', padding='same', name='block2_conv1')) # 5 model.add(BatchNormalization(name="batch_normalization_3")) model.add( Conv2D(128, (3, 3), activation='relu', padding='same', name='block2_conv2')) # 6 model.add(BatchNormalization(name="batch_normalization_4")) # 7 model.add(MaxPooling2D((2, 2), strides=(2, 2), name='block2_pool')) # 8 # Block 3 model.add( Conv2D(256, (3, 3), activation='relu', padding='same', name='block3_conv1')) # 9 model.add(BatchNormalization(name="batch_normalization_5")) # 10 model.add( Conv2D(256, (3, 3), activation='relu', padding='same', name='block3_conv2')) # 11 model.add(BatchNormalization(name="batch_normalization_6")) model.add( Conv2D(256, (3, 3), activation='relu', padding='same', name='block3_conv3')) # 12 model.add(BatchNormalization(name="batch_normalization_7")) # 13 model.add(MaxPooling2D((2, 2), strides=(2, 2), name='block3_pool')) # 14 model.add(Flatten()) # 15 model.add(Dense(256, activation='relu', name='dense_1')) # 16 model.add(BatchNormalization(name="batch_normalization_8")) # 17 model.add(Dense(256, activation='relu', name='dense_2')) # 18 model.add(BatchNormalization(name="batch_normalization_9")) # 19 model.add(Dense(10, activation='softmax', name='dense_3')) # 20 if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore=None, session=None, use_softmax=False): self.num_channels = 3 self.image_size = 32 self.num_labels = 10 self.shape = [None, 32, 32, self.num_channels] model = Sequential() weight_decay = 0.0001 model.add( Conv2D(192, (5, 5), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), input_shape=(32, 32, 3), name='l1')) # x_train.shape[1:])) model.add(BatchNormalization(name='l2')) model.add(Activation('relu', name='l3')) model.add( Conv2D(160, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l4')) model.add(BatchNormalization(name='l5')) model.add(Activation('relu', name='l6')) model.add( Conv2D(96, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l7')) model.add(BatchNormalization(name='l8')) model.add(Activation('relu', name='l9')) model.add( MaxPooling2D(pool_size=(3, 3), strides=(2, 2), padding='same', name='l10')) model.add(Dropout(0.3, name='l11')) model.add( Conv2D(192, (5, 5), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l12')) model.add(BatchNormalization(name='l13')) model.add(Activation('relu', name='l14')) model.add( Conv2D(192, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l15')) model.add(BatchNormalization(name='l16')) model.add(Activation('relu', name='l17')) model.add( Conv2D(192, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l18')) model.add(BatchNormalization(name='l20')) model.add(Activation('relu', name='l21')) model.add( MaxPooling2D(pool_size=(3, 3), strides=(2, 2), padding='same', name='l22')) model.add(Dropout(0.3, name='l23')) model.add( Conv2D(192, (3, 3), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l24')) model.add(BatchNormalization(name='l25')) model.add(Activation('relu', name='l26')) model.add( Conv2D(192, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l27')) model.add(BatchNormalization(name='l28')) model.add(Activation('relu', name='l29')) model.add( Conv2D(10, (1, 1), padding='same', kernel_regularizer=keras.regularizers.l2(weight_decay), name='l30')) model.add(BatchNormalization(name='l31')) model.add(Activation('relu', name='l32')) model.add(GlobalAveragePooling2D(name='l33')) model.add(Activation('softmax', name='l34')) if restore: model.load_weights(restore) layer_outputs = [] for layer in model.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append( K.function([model.layers[0].input], [layer.output])) self.layer_outputs = layer_outputs self.model = model
def __init__(self, restore_dae=None, restore_clf=None, session=None, use_softmax=False, activation="relu"): print("inside MNISTModelDAE: activation = {}".format(activation)) self.num_channels = 1 self.image_size = 28 self.num_labels = 10 model1 = Sequential() model1.add(Lambda(lambda x_: x_ + 0.5, input_shape=(28, 28, 1))) # Encoder model1.add(Conv2D(3, (3, 3), activation="sigmoid", padding="same", activity_regularizer=regs.l2(1e-9))) model1.add(AveragePooling2D((2, 2), padding="same")) model1.add(Conv2D(3, (3, 3), activation="sigmoid", padding="same", activity_regularizer=regs.l2(1e-9))) # Decoder model1.add(Conv2D(3, (3, 3), activation="sigmoid", padding="same", activity_regularizer=regs.l2(1e-9))) model1.add(UpSampling2D((2, 2))) model1.add(Conv2D(3, (3, 3), activation="sigmoid", padding="same", activity_regularizer=regs.l2(1e-9))) model1.add(Conv2D(1, (3, 3), activation='sigmoid', padding='same', activity_regularizer=regs.l2(1e-9))) model1.add(Lambda(lambda x_: x_ - 0.5)) model1.load_weights(restore_dae) model1.compile(loss='mean_squared_error', metrics=['mean_squared_error'], optimizer='adam') model2 = Sequential() model2.add(Conv2D(32, (3, 3), input_shape=(28, 28, 1))) model2.add(Activation(activation)) model2.add(Conv2D(32, (3, 3))) model2.add(Activation(activation)) model2.add(MaxPooling2D(pool_size=(2, 2))) model2.add(Conv2D(64, (3, 3))) model2.add(Activation(activation)) model2.add(Conv2D(64, (3, 3))) model2.add(Activation(activation)) model2.add(MaxPooling2D(pool_size=(2, 2))) model2.add(Flatten()) model2.add(Dense(200)) model2.add(Activation(activation)) model2.add(Dense(200)) model2.add(Activation(activation)) model2.add(Dense(10)) # output log probability, used for black-box attack if use_softmax: model2.add(Activation('softmax')) if restore: model2.load_weights(restore_clf) layer_outputs = [] for layer in model1.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model1.layers[0].input], [layer.output])) for layer in model2.layers: if isinstance(layer, Conv2D) or isinstance(layer, Dense): layer_outputs.append(K.function([model2.layers[0].input], [layer.output])) model = Sequential() model.add(model1) model.add(model2) self.model = model self.layer_outputs = layer_outputs