hummingbird
/
mindarmour
Not watched
2
0
Fork 0
Code
Releases 17 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
18 Branches
193 MB
165 Download
Tree: 96302d7f1b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96302d7f1b'
${ noResults }
mindarmour/tests/ut/python/attacks/black/test_nes.py

test_nes.py 7.0 kB
Raw Normal View History

initial version
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. # Copyright 2019 Huawei Technologies Co., Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. # http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. import sys

  15. import numpy as np

  16. import os

  17. import pytest

  18. 

  19. from mindspore import Tensor

  20. from mindspore import context

  21. from mindspore.train.serialization import load_checkpoint, load_param_into_net

  22. 

  23. from mindarmour.attacks.black.natural_evolutionary_strategy import NES

  24. from mindarmour.attacks.black.black_model import BlackModel

  25. 

  26. from mindarmour.utils.logger import LogUtil

  27. sys.path.append(os.path.join(os.path.dirname(os.path.abspath(__file__)),

  28.                              "../../../../../"))

  29. from example.mnist_demo.lenet5_net import LeNet5

  30. 

  31. context.set_context(mode=context.GRAPH_MODE)

  32. context.set_context(device_target="Ascend")

  33. 

  34. LOGGER = LogUtil.get_instance()

  35. TAG = 'HopSkipJumpAttack'

  36. 

  37. 

  38. class ModelToBeAttacked(BlackModel):

  39.     """model to be attack"""

  40. 

  41.     def __init__(self, network):

  42.         super(ModelToBeAttacked, self).__init__()

  43.         self._network = network

  44. 

  45.     def predict(self, inputs):

  46.         """predict"""

  47.         if len(inputs.shape) == 3:

  48.             inputs = inputs[np.newaxis, :]

  49.         result = self._network(Tensor(inputs.astype(np.float32)))

  50.         return result.asnumpy()

  51. 

  52. 

  53. def random_target_labels(true_labels):

  54.     target_labels = []

  55.     for label in true_labels:

  56.         while True:

  57.             target_label = np.random.randint(0, 10)

  58.             if target_label != label:

  59.                 target_labels.append(target_label)

  60.                 break

  61.     return target_labels

  62. 

  63. 

  64. def _pseudorandom_target(index, total_indices, true_class):

  65.     """ pseudo random_target """

  66.     rng = np.random.RandomState(index)

  67.     target = true_class

  68.     while target == true_class:

  69.         target = rng.randint(0, total_indices)

  70.     return target

  71. 

  72. 

  73. def create_target_images(dataset, data_labels, target_labels):

  74.     res = []

  75.     for label in target_labels:

  76.         for i in range(len(data_labels)):

  77.             if data_labels[i] == label:

  78.                 res.append(dataset[i])

  79.                 break

  80.     return np.array(res)

  81. 

  82. def get_model(current_dir):

  83.     ckpt_name = os.path.join(current_dir,

  84.                              '../../test_data/trained_ckpt_file/checkpoint_lenet-10_1875.ckpt')

  85.     net = LeNet5()

  86.     load_dict = load_checkpoint(ckpt_name)

  87.     load_param_into_net(net, load_dict)

  88.     net.set_train(False)

  89.     model = ModelToBeAttacked(net)

  90.     return model

  91. 

  92. def get_dataset(current_dir):

  93.     # upload trained network

  94. 

  95.     # get test data

  96.     test_images = np.load(os.path.join(current_dir,

  97.                                        '../../test_data/test_images.npy'))

  98.     test_labels = np.load(os.path.join(current_dir,

  99.                                        '../../test_data/test_labels.npy'))

  100.     return test_images, test_labels

  101. def nes_mnist_attack(scene, top_k):

  102.     """

  103.     hsja-Attack test

  104.     """

  105.     current_dir = os.path.dirname(os.path.abspath(__file__))

  106.     test_images, test_labels = get_dataset(current_dir)

  107.     model = get_model(current_dir)

  108.     # prediction accuracy before attack

  109.     batch_num = 5  # the number of batches of attacking samples

  110.     predict_labels = []

  111.     i = 0

  112.     for img in test_images:

  113.         i += 1

  114.         pred_labels = np.argmax(model.predict(img), axis=1)

  115.         predict_labels.append(pred_labels)

  116.         if i >= batch_num:

  117.             break

  118.     predict_labels = np.concatenate(predict_labels)

  119.     true_labels = test_labels

  120.     accuracy = np.mean(np.equal(predict_labels, true_labels[:batch_num]))

  121.     LOGGER.info(TAG, "prediction accuracy before attacking is : %s",

  122.                 accuracy)

  123.     test_images = test_images

  124. 

  125.     # attacking

  126.     if scene == 'Query_Limit':

  127.         top_k = -1

  128.     elif scene == 'Partial_Info':

  129.         top_k = top_k

  130.     elif scene == 'Label_Only':

  131.         top_k = top_k

  132. 

  133.     success = 0

  134.     queries_num = 0

  135. 

  136.     nes_instance = NES(model, scene, top_k=top_k)

  137.     test_length = 1

  138.     advs = []

  139.     for img_index in range(test_length):

  140.         # INITIAL IMAGE AND CLASS SELECTION

  141.         initial_img = test_images[img_index]

  142.         orig_class = true_labels[img_index]

  143.         initial_img = [initial_img]

  144.         target_class = random_target_labels([orig_class])

  145.         target_image = create_target_images(test_images, true_labels,

  146.                                             target_class)

  147. 

  148.         nes_instance.set_target_images(target_image)

  149.         tag, adv, queries = nes_instance.generate(initial_img, target_class)

  150.         if tag[0]:

  151.             success += 1

  152.         queries_num += queries[0]

  153.         advs.append(adv)

  154. 

  155.     advs = np.reshape(advs, (len(advs), 1, 32, 32))

  156.     assert (advs != test_images[:batch_num]).any()

  157. 

  158.     adv_pred = np.argmax(model.predict(advs), axis=1)

  159.     adv_accuracy = np.mean(np.equal(adv_pred, true_labels[:test_length]))

  160. 

  161. 

  162. @pytest.mark.level0

  163. @pytest.mark.platform_arm_ascend_training

  164. @pytest.mark.platform_x86_ascend_training

  165. @pytest.mark.env_card

  166. @pytest.mark.component_mindarmour

  167. def test_nes_query_limit():

  168.     # scene is in ['Query_Limit', 'Partial_Info', 'Label_Only']

  169.     scene = 'Query_Limit'

  170.     nes_mnist_attack(scene, top_k=-1)

  171. 

  172. 

  173. @pytest.mark.level0

  174. @pytest.mark.platform_arm_ascend_training

  175. @pytest.mark.platform_x86_ascend_training

  176. @pytest.mark.env_card

  177. @pytest.mark.component_mindarmour

  178. def test_nes_partial_info():

  179.     # scene is in ['Query_Limit', 'Partial_Info', 'Label_Only']

  180.     scene = 'Partial_Info'

  181.     nes_mnist_attack(scene, top_k=5)

  182. 

  183. 

  184. @pytest.mark.level0

  185. @pytest.mark.platform_arm_ascend_training

  186. @pytest.mark.platform_x86_ascend_training

  187. @pytest.mark.env_card

  188. @pytest.mark.component_mindarmour

  189. def test_nes_label_only():

  190.     # scene is in ['Query_Limit', 'Partial_Info', 'Label_Only']

  191.     scene = 'Label_Only'

  192.     nes_mnist_attack(scene, top_k=5)

  193. 

  194. 

  195. @pytest.mark.level0

  196. @pytest.mark.platform_arm_ascend_training

  197. @pytest.mark.platform_x86_ascend_training

  198. @pytest.mark.env_card

  199. @pytest.mark.component_mindarmour

  200. def test_value_error():

  201.     """test that exception is raised for invalid labels"""

  202.     with pytest.raises(ValueError):

  203.         assert nes_mnist_attack('Label_Only', -1)

  204. 

  205. 

  206. @pytest.mark.level0

  207. @pytest.mark.platform_arm_ascend_training

  208. @pytest.mark.platform_x86_ascend_training

  209. @pytest.mark.env_card

  210. @pytest.mark.component_mindarmour

  211. def test_none():

  212.     current_dir = os.path.dirname(os.path.abspath(__file__))

  213.     model = get_model(current_dir)

  214.     test_images, test_labels = get_dataset(current_dir)

  215.     nes = NES(model, 'Partial_Info')

  216.     with pytest.raises(ValueError):

  217.         assert nes.generate(test_images, test_labels)

MindArmour关注AI的安全和隐私问题。致力于增强模型的安全可信、保护用户的数据隐私。主要包含3个模块:对抗样本鲁棒性模块、Fuzz Testing模块、隐私保护与评估模块。 对抗样本鲁棒性模块 对抗样本鲁棒性模块用于评估模型对于对抗样本的鲁棒性,并提供模型增强方法用于增强模型抗对抗样本攻击的能力,提升模型鲁棒性。对抗样本鲁棒性模块包含了4个子模块:对抗样本的生成、对抗样本的检测、模型防御、攻防评估。