-
Notifications
You must be signed in to change notification settings - Fork 2
/
gen_adv_ex_fgsm_serial.py
executable file
·82 lines (72 loc) · 2.78 KB
/
gen_adv_ex_fgsm_serial.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/usr/bin/env python3
from make_mnist_cnn_tf import build_cnn_mnist_model, reset_graph
import tensorflow as tf
import numpy as np
import time
import argparse
parser = argparse.ArgumentParser()
parser.add_argument('--epsmin', type=float, default=0.01)
parser.add_argument('--epsmax', type=float, default=0.2)
parser.add_argument('--idx', type=int, default=100)
parser.add_argument('--numgens', type=int, default=1000)
args = parser.parse_args()
reset_graph()
x = tf.placeholder(tf.float32, shape=(None, 28, 28))
y = tf.placeholder(tf.int32, shape=(None,))
model = build_cnn_mnist_model(x, y, False)
init = tf.global_variables_initializer()
saver = tf.train.Saver()
(x_train, y_train), (x_test, y_test) = tf.keras.datasets.mnist.load_data()
x_train = x_train / np.float32(255)
y_train = y_train.astype(np.int32)
x_test = x_test / np.float32(255)
y_test = y_test.astype(np.int32)
grad, = tf.gradients(model['loss'], x)
epsilon = tf.placeholder(tf.float32)
optimal_perturbation = tf.multiply(tf.sign(grad), epsilon)
adv_example_unclipped = tf.add(optimal_perturbation, x)
adv_example = tf.clip_by_value(adv_example_unclipped, 0.0, 1.0)
classes = tf.argmax(model['probability'], axis=1)
adv_examples = []
idx = args.idx
epsilon_range = (args.epsmin, args.epsmax)
config = tf.ConfigProto(
device_count={'GPU': 0}
)
with tf.Session(config=config) as sess:
saver.restore(sess, './models/mnist_cnn_tf/mnist_cnn_tf')
acc_test = model['accuracy'].eval(feed_dict={
x: x_test,
y: y_test,
})
print('Accuracy of model on test data: {}'.format(acc_test))
print('Correct Class: {}'.format(y_train[idx]))
class_x = classes.eval(feed_dict={x: x_train[idx:idx + 1]})
print('Predicted class of input {}: {}'.format(idx, class_x))
start = time.time()
for i in range(args.numgens):
adv = adv_example.eval(
feed_dict={
x: x_train[idx:idx + 1],
y: y_train[idx:idx + 1],
epsilon: np.random.uniform(
epsilon_range[0], epsilon_range[1],
# size=(28, 28)
)
})
class_adv = classes.eval(feed_dict={x: adv})
if class_adv != y_train[0]:
adv_examples += [adv]
print('Duration (s): {}'.format(time.time() - start))
adv_examples = np.concatenate(adv_examples, axis=0)
print('Found {} adversarial examples.'.format(adv_examples.shape[0]))
print('Percentage true adversarial examples: {}'.format(adv_examples.shape[0]/args.numgens))
avg = np.zeros_like(x_train[idx])
for i in range(adv_examples.shape[0]):
avg += adv_examples[i]
avg /= adv_examples.shape[0]
stddev = 0
for i in range(adv_examples.shape[0]):
stddev += np.linalg.norm((adv_examples[i] - avg).flatten())
stddev /= adv_examples.shape[0]
print('Found std dev: {}'.format(stddev))