hummingbird
/
mindarmour
Not watched
2
0
Fork 0
Code
Releases 17 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
18 Branches
193 MB
165 Download
Tree: 96302d7f1b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96302d7f1b'
${ noResults }
mindarmour/tests/ut/python/attacks/test_jsma.py

test_jsma.py 4.9 kB
Raw Normal View History

initial version
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. # Copyright 2019 Huawei Technologies Co., Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. # http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. """

  15. JSMA-Attack test.

  16. """

  17. import numpy as np

  18. import pytest

  19. 

  20. import mindspore.nn as nn

  21. from mindspore.nn import Cell

  22. from mindspore import context

  23. from mindspore import Tensor

  24. from mindarmour.attacks.jsma import JSMAAttack

  25. 

  26. 

  27. # for user

  28. class Net(Cell):

  29.     """

  30.     Construct the network of target model.

  31. 

  32.     Examples:

  33.         >>> net = Net()

  34.     """

  35. 

  36.     def __init__(self):

  37.         """

  38.         Introduce the layers used for network construction.

  39.         """

  40.         super(Net, self).__init__()

  41.         self._relu = nn.ReLU()

  42. 

  43.     def construct(self, inputs):

  44.         """

  45.         Construct network.

  46. 

  47.         Args:

  48.             inputs (Tensor): Input data.

  49.         """

  50.         out = self._relu(inputs)

  51.         return out

  52. 

  53. 

  54. @pytest.mark.level0

  55. @pytest.mark.platform_arm_ascend_training

  56. @pytest.mark.platform_x86_ascend_training

  57. @pytest.mark.env_card

  58. @pytest.mark.component_mindarmour

  59. def test_jsma_attack():

  60.     """

  61.     JSMA-Attack test

  62.     """

  63.     context.set_context(mode=context.GRAPH_MODE, device_target="Ascend")

  64.     net = Net()

  65.     input_shape = (1, 5)

  66.     batch_size, classes = input_shape

  67.     np.random.seed(5)

  68.     input_np = np.random.random(input_shape).astype(np.float32)

  69.     label_np = np.random.randint(classes, size=batch_size)

  70.     ori_label = np.argmax(net(Tensor(input_np)).asnumpy(), axis=1)

  71.     for i in range(batch_size):

  72.         if label_np[i] == ori_label[i]:

  73.             if label_np[i] < classes - 1:

  74.                 label_np[i] += 1

  75.             else:

  76.                 label_np[i] -= 1

  77.     attack = JSMAAttack(net, classes, max_iteration=5)

  78.     adv_data = attack.generate(input_np, label_np)

  79.     assert np.any(input_np != adv_data)

  80. 

  81. 

  82. @pytest.mark.level0

  83. @pytest.mark.platform_arm_ascend_training

  84. @pytest.mark.platform_x86_ascend_training

  85. @pytest.mark.env_card

  86. @pytest.mark.component_mindarmour

  87. def test_jsma_attack_2():

  88.     """

  89.     JSMA-Attack test

  90.     """

  91.     context.set_context(mode=context.GRAPH_MODE, device_target="Ascend")

  92.     net = Net()

  93.     input_shape = (1, 5)

  94.     batch_size, classes = input_shape

  95.     np.random.seed(5)

  96.     input_np = np.random.random(input_shape).astype(np.float32)

  97.     label_np = np.random.randint(classes, size=batch_size)

  98.     ori_label = np.argmax(net(Tensor(input_np)).asnumpy(), axis=1)

  99.     for i in range(batch_size):

  100.         if label_np[i] == ori_label[i]:

  101.             if label_np[i] < classes - 1:

  102.                 label_np[i] += 1

  103.             else:

  104.                 label_np[i] -= 1

  105.     attack = JSMAAttack(net, classes, max_iteration=5, increase=False)

  106.     adv_data = attack.generate(input_np, label_np)

  107.     assert np.any(input_np != adv_data)

  108. 

  109. 

  110. @pytest.mark.level0

  111. @pytest.mark.platform_x86_gpu_inference

  112. @pytest.mark.env_card

  113. @pytest.mark.component_mindarmour

  114. def test_jsma_attack_gpu():

  115.     """

  116.     JSMA-Attack test

  117.     """

  118.     context.set_context(device_target="GPU")

  119.     net = Net()

  120.     input_shape = (1, 5)

  121.     batch_size, classes = input_shape

  122.     np.random.seed(5)

  123.     input_np = np.random.random(input_shape).astype(np.float32)

  124.     label_np = np.random.randint(classes, size=batch_size)

  125.     ori_label = np.argmax(net(Tensor(input_np)).asnumpy(), axis=1)

  126.     for i in range(batch_size):

  127.         if label_np[i] == ori_label[i]:

  128.             if label_np[i] < classes - 1:

  129.                 label_np[i] += 1

  130.             else:

  131.                 label_np[i] -= 1

  132.     attack = JSMAAttack(net, classes, max_iteration=5)

  133.     adv_data = attack.generate(input_np, label_np)

  134.     assert np.any(input_np != adv_data)

  135. 

  136. 

  137. @pytest.mark.level0

  138. @pytest.mark.platform_x86_cpu

  139. @pytest.mark.env_card

  140. @pytest.mark.component_mindarmour

  141. def test_jsma_attack_cpu():

  142.     """

  143.     JSMA-Attack test

  144.     """

  145.     context.set_context(mode=context.GRAPH_MODE, device_target="CPU")

  146.     net = Net()

  147.     input_shape = (1, 5)

  148.     batch_size, classes = input_shape

  149.     np.random.seed(5)

  150.     input_np = np.random.random(input_shape).astype(np.float32)

  151.     label_np = np.random.randint(classes, size=batch_size)

  152.     ori_label = np.argmax(net(Tensor(input_np)).asnumpy(), axis=1)

  153.     for i in range(batch_size):

  154.         if label_np[i] == ori_label[i]:

  155.             if label_np[i] < classes - 1:

  156.                 label_np[i] += 1

  157.             else:

  158.                 label_np[i] -= 1

  159.     attack = JSMAAttack(net, classes, max_iteration=5)

  160.     adv_data = attack.generate(input_np, label_np)

  161.     assert np.any(input_np != adv_data)

MindArmour关注AI的安全和隐私问题。致力于增强模型的安全可信、保护用户的数据隐私。主要包含3个模块:对抗样本鲁棒性模块、Fuzz Testing模块、隐私保护与评估模块。 对抗样本鲁棒性模块 对抗样本鲁棒性模块用于评估模型对于对抗样本的鲁棒性,并提供模型增强方法用于增强模型抗对抗样本攻击的能力,提升模型鲁棒性。对抗样本鲁棒性模块包含了4个子模块:对抗样本的生成、对抗样本的检测、模型防御、攻防评估。