hummingbird
/
mindarmour
Not watched
2
0
Fork 0
Code
Releases 17 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
18 Branches
193 MB
165 Download
Tree: 96302d7f1b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96302d7f1b'
${ noResults }
mindarmour/tests/ut/python/attacks/black/test_genetic_attack.py

test_genetic_attack.py 4.1 kB
Raw Normal View History

initial version
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. # Copyright 2019 Huawei Technologies Co., Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. # http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. """

  15. Genetic-Attack test.

  16. """

  17. import numpy as np

  18. import pytest

  19. 

  20. import mindspore.ops.operations as M

  21. from mindspore import Tensor

  22. from mindspore.nn import Cell

  23. from mindspore import context

  24. 

  25. from mindarmour.attacks.black.genetic_attack import GeneticAttack

  26. from mindarmour.attacks.black.black_model import BlackModel

  27. 

  28. 

  29. context.set_context(mode=context.GRAPH_MODE, device_target="Ascend")

  30. 

  31. 

  32. # for user

  33. class ModelToBeAttacked(BlackModel):

  34.     """model to be attack"""

  35. 

  36.     def __init__(self, network):

  37.         super(ModelToBeAttacked, self).__init__()

  38.         self._network = network

  39. 

  40.     def predict(self, inputs):

  41.         """predict"""

  42.         result = self._network(Tensor(inputs.astype(np.float32)))

  43.         return result.asnumpy()

  44. 

  45. 

  46. class SimpleNet(Cell):

  47.     """

  48.     Construct the network of target model.

  49. 

  50.     Examples:

  51.         >>> net = SimpleNet()

  52.     """

  53. 

  54.     def __init__(self):

  55.         """

  56.         Introduce the layers used for network construction.

  57.         """

  58.         super(SimpleNet, self).__init__()

  59.         self._softmax = M.Softmax()

  60. 

  61.     def construct(self, inputs):

  62.         """

  63.         Construct network.

  64. 

  65.         Args:

  66.             inputs (Tensor): Input data.

  67.         """

  68.         out = self._softmax(inputs)

  69.         return out

  70. 

  71. 

  72. @pytest.mark.level0

  73. @pytest.mark.platform_arm_ascend_training

  74. @pytest.mark.platform_x86_ascend_training

  75. @pytest.mark.env_card

  76. @pytest.mark.component_mindarmour

  77. def test_genetic_attack():

  78.     """

  79.     Genetic_Attack test

  80.     """

  81.     batch_size = 6

  82. 

  83.     net = SimpleNet()

  84.     inputs = np.random.rand(batch_size, 10)

  85. 

  86.     model = ModelToBeAttacked(net)

  87.     labels = np.random.randint(low=0, high=10, size=batch_size)

  88.     labels = np.eye(10)[labels]

  89.     labels = labels.astype(np.float32)

  90. 

  91.     attack = GeneticAttack(model, pop_size=6, mutation_rate=0.05,

  92.                            per_bounds=0.1, step_size=0.25, temp=0.1,

  93.                            sparse=False)

  94.     _, adv_data, _ = attack.generate(inputs, labels)

  95.     assert np.any(inputs != adv_data)

  96. 

  97. @pytest.mark.level0

  98. @pytest.mark.platform_arm_ascend_training

  99. @pytest.mark.platform_x86_ascend_training

  100. @pytest.mark.env_card

  101. @pytest.mark.component_mindarmour

  102. def test_supplement():

  103.     batch_size = 6

  104. 

  105.     net = SimpleNet()

  106.     inputs = np.random.rand(batch_size, 10)

  107. 

  108.     model = ModelToBeAttacked(net)

  109.     labels = np.random.randint(low=0, high=10, size=batch_size)

  110.     labels = np.eye(10)[labels]

  111.     labels = labels.astype(np.float32)

  112. 

  113.     attack = GeneticAttack(model, pop_size=6, mutation_rate=0.05,

  114.                            per_bounds=0.1, step_size=0.25, temp=0.1,

  115.                            adaptive=True,

  116.                            sparse=False)

  117.     # raise error

  118.     _, adv_data, _ = attack.generate(inputs, labels)

  119. 

  120. 

  121. @pytest.mark.level0

  122. @pytest.mark.platform_arm_ascend_training

  123. @pytest.mark.platform_x86_ascend_training

  124. @pytest.mark.env_card

  125. @pytest.mark.component_mindarmour

  126. def test_value_error():

  127.     """test that exception is raised for invalid labels"""

  128.     batch_size = 6

  129. 

  130.     net = SimpleNet()

  131.     inputs = np.random.rand(batch_size, 10)

  132. 

  133.     model = ModelToBeAttacked(net)

  134.     labels = np.random.randint(low=0, high=10, size=batch_size)

  135.     # labels = np.eye(10)[labels]

  136.     labels = labels.astype(np.float32)

  137. 

  138.     attack = GeneticAttack(model, pop_size=6, mutation_rate=0.05,

  139.                            per_bounds=0.1, step_size=0.25, temp=0.1,

  140.                            adaptive=True,

  141.                            sparse=False)

  142.     # raise error

  143.     with pytest.raises(ValueError) as e:

  144.         assert attack.generate(inputs, labels)

MindArmour关注AI的安全和隐私问题。致力于增强模型的安全可信、保护用户的数据隐私。主要包含3个模块:对抗样本鲁棒性模块、Fuzz Testing模块、隐私保护与评估模块。 对抗样本鲁棒性模块 对抗样本鲁棒性模块用于评估模型对于对抗样本的鲁棒性,并提供模型增强方法用于增强模型抗对抗样本攻击的能力,提升模型鲁棒性。对抗样本鲁棒性模块包含了4个子模块:对抗样本的生成、对抗样本的检测、模型防御、攻防评估。