diff --git a/adversarial/README.md b/adversarial/README.md index 7c9502828f35a4f78bdf59f2e287b5e0c3fdd411..51da21918a9d6e2192a2e03eabef4fde97896bc5 100644 --- a/adversarial/README.md +++ b/adversarial/README.md @@ -1,3 +1,9 @@ # Advbox -Advbox is a Python toolbox to create adversarial examples that fool neural networks. It requires Python and paddle. \ No newline at end of file +Advbox is a Python toolbox to create adversarial examples that fool neural networks. It requires Python and paddle. + +## How to use + +1. train a model and save it's parameters. (like fluid_mnist.py) +2. load the parameters which is trained in step1, then reconstruct the model.(like mnist_tutorial_fgsm.py) +3. use advbox to generate the adversarial sample. diff --git a/adversarial/advbox/__init__.py b/adversarial/advbox/__init__.py index 4beb6be0a20d52e499c7da6263b5d8f4f105c9c6..f56f14f18dafdfe1e712cea178a63f09a087b587 100644 --- a/adversarial/advbox/__init__.py +++ b/adversarial/advbox/__init__.py @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - """ A set of tools for generating adversarial example on paddle platform """ diff --git a/adversarial/advbox/attacks/base.py b/adversarial/advbox/attacks/base.py index 9cc2bfb8543ee694c3b365eec9732e8dd984d475..dab1dbbeb0270d303dbec1bd0b28a43e9d26f075 100644 --- a/adversarial/advbox/attacks/base.py +++ b/adversarial/advbox/attacks/base.py @@ -7,6 +7,7 @@ import abc abstractmethod = abc.abstractmethod + class Attack(object): """ Abstract base class for adversarial attacks. `Attack` represent an adversarial attack diff --git a/adversarial/advbox/attacks/gradientsign.py b/adversarial/advbox/attacks/gradientsign.py index 6c188f6249830cb381f55c58e5978f7ad935805d..37fbdb11328a66a37ec58621ad92dbd3db6d58ed 100644 --- a/adversarial/advbox/attacks/gradientsign.py +++ b/adversarial/advbox/attacks/gradientsign.py @@ -5,7 +5,8 @@ from __future__ import division import numpy as np from collections import Iterable from .base import Attack - + + class GradientSignAttack(Attack): """ This attack was originally implemented by Goodfellow et al. (2015) with the @@ -22,10 +23,11 @@ class GradientSignAttack(Attack): gradient_sign = np.sign(gradient) * (max_ - min_) if not isinstance(epsilons, Iterable): - epsilons = np.linspace(0, 1, num = epsilons + 1) + epsilons = np.linspace(0, 1, num=epsilons + 1) for epsilon in epsilons: - adv_img = image_batch[0][0].reshape(gradient_sign.shape) + epsilon * gradient_sign + adv_img = image_batch[0][0].reshape( + gradient_sign.shape) + epsilon * gradient_sign adv_img = np.clip(adv_img, min_, max_) adv_label = np.argmax(self.model.predict([(adv_img, 0)])) #print("pre_label="+str(pre_label)+ " adv_label="+str(adv_label)) @@ -33,4 +35,5 @@ class GradientSignAttack(Attack): #print(epsilon, pre_label, adv_label) return adv_img + FGSM = GradientSignAttack diff --git a/adversarial/advbox/models/base.py b/adversarial/advbox/models/base.py index 91b6fe4a3c97046839319b37708de4ef573ad655..2e5c397dc4706cc102e310202bca0a2254baa615 100644 --- a/adversarial/advbox/models/base.py +++ b/adversarial/advbox/models/base.py @@ -6,8 +6,8 @@ import abc abstractmethod = abc.abstractmethod -class Model(object): +class Model(object): """ Base class of model to provide attack. diff --git a/adversarial/advbox/models/paddle.py b/adversarial/advbox/models/paddle.py index 831fa6a36278fea5d85104bc0a5c8ad4009af2e6..a72eb148bc691c41b804e6ed8b8a4430cc08efc5 100644 --- a/adversarial/advbox/models/paddle.py +++ b/adversarial/advbox/models/paddle.py @@ -7,6 +7,7 @@ from paddle.v2.fluid.framework import program_guard from .base import Model + class PaddleModel(Model): """ Create a PaddleModel instance. @@ -30,9 +31,7 @@ class PaddleModel(Model): channel_axis=3, preprocess=None): super(PaddleModel, self).__init__( - bounds=bounds, - channel_axis=channel_axis, - preprocess=preprocess) + bounds=bounds, channel_axis=channel_axis, preprocess=preprocess) if preprocess is None: preprocess = (0, 1) @@ -48,7 +47,8 @@ class PaddleModel(Model): # gradient loss = self._program.block(0).var(self._cost_name) - param_grads = fluid.backward.append_backward(loss, parameter_list=[self._input_name]) + param_grads = fluid.backward.append_backward( + loss, parameter_list=[self._input_name]) self._gradient = param_grads[0][1] def predict(self, image_batch): @@ -61,16 +61,13 @@ class PaddleModel(Model): numpy.ndarray: predictions of the images with shape (batch_size, num_of_classes). """ feeder = fluid.DataFeeder( - feed_list=[self._input_name, self._logits_name], - place=self._place, - program=self._program - ) + feed_list=[self._input_name, self._logits_name], + place=self._place, + program=self._program) predict_var = self._program.block(0).var(self._predict_name) - predict = self._exe.run( - self._program, - feed=feeder.feed(image_batch), - fetch_list=[predict_var] - ) + predict = self._exe.run(self._program, + feed=feeder.feed(image_batch), + fetch_list=[predict_var]) return predict def num_classes(self): @@ -95,12 +92,10 @@ class PaddleModel(Model): """ feeder = fluid.DataFeeder( feed_list=[self._input_name, self._logits_name], - place=self._place, - program=self._program - ) - - grad, = self._exe.run( - self._program, - feed=feeder.feed(image_batch), - fetch_list=[self._gradient]) + place=self._place, + program=self._program) + + grad, = self._exe.run(self._program, + feed=feeder.feed(image_batch), + fetch_list=[self._gradient]) return grad