hummingbird
/
mindarmour
Not watched
2
0
Fork 0
Code
Releases 17 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 96302d7f1b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '96302d7f1b'
${ noResults }
mindarmour/mindarmour/defenses/projected_adversarial_defen...

70 lines
2.9 kB
Raw Blame History 

  1. # Copyright 2019 Huawei Technologies Co., Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. # http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. """

  15. Projected Adversarial Defense.

  16. """

  17. from mindarmour.defenses.adversarial_defense import \

  18.     AdversarialDefenseWithAttacks

  19. from mindarmour.attacks.iterative_gradient_method import \

  20.     ProjectedGradientDescent

  21. 

  22. 

  23. class ProjectedAdversarialDefense(AdversarialDefenseWithAttacks):

  24.     """

  25.     Adversarial training based on PGD.

  26. 

  27.     Reference: `A. Madry, et al., "Towards deep learning models resistant to

  28.     adversarial attacks," in ICLR, 2018. <https://arxiv.org/abs/1611.01236>`_

  29. 

  30.     Args:

  31.         network (Cell): A MindSpore network to be defensed.

  32.         loss_fn (Functions): Loss function. Default: None.

  33.         optimizer (Cell): Optimizer used to train the nerwork. Default: None.

  34.         bounds (tuple): Upper and lower bounds of input data. In form of

  35.             (clip_min, clip_max). Default: (0.0, 1.0).

  36.         replace_ratio (float): Ratio of replacing original samples with

  37.             adversarial samples. Default: 0.5.

  38.         eps (float): PGD attack parameters, epsilon. Default: 0.3.

  39.         eps_iter (int): PGD attack parameters, inner loop epsilon.

  40.             Default:0.1.

  41.         nb_iter (int): PGD attack parameters, number of iteration.

  42.             Default: 5.

  43.         norm_level (str): Norm type. 'inf' or 'l2'. Default: 'inf'.

  44. 

  45.     Examples:

  46.         >>> net = Net()

  47.         >>> adv_defense = ProjectedAdversarialDefense(net)

  48.         >>> adv_defense.defense(inputs, labels)

  49.     """

  50.     def __init__(self,

  51.                  network,

  52.                  loss_fn=None,

  53.                  optimizer=None,

  54.                  bounds=(0.0, 1.0),

  55.                  replace_ratio=0.5,

  56.                  eps=0.3,

  57.                  eps_iter=0.1,

  58.                  nb_iter=5,

  59.                  norm_level='inf'):

  60.         attack = ProjectedGradientDescent(network,

  61.                                           eps=eps,

  62.                                           eps_iter=eps_iter,

  63.                                           nb_iter=nb_iter,

  64.                                           bounds=bounds,

  65.                                           norm_level=norm_level,

  66.                                           loss_fn=loss_fn)

  67.         super(ProjectedAdversarialDefense, self).__init__(

  68.             network, [attack], loss_fn=loss_fn, optimizer=optimizer,

  69.             bounds=bounds, replace_ratio=replace_ratio)