Spaces:
Runtime error
Runtime error
File size: 7,586 Bytes
cc87b21 c0e9162 cc87b21 c0e9162 cc87b21 c0e9162 cc87b21 c0e9162 cc87b21 c0e9162 cc87b21 c0e9162 cc87b21 1fcc608 77bae22 cc87b21 b0e5419 cc87b21 b0e5419 cc87b21 c7b4c51 7f64e97 cc87b21 eebb69d ed1ab29 2a45c40 cc87b21 3ee882a cc87b21 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
import gradio as gr
import tensorflow as tf
from keras.datasets import mnist
from keras.utils import np_utils
from tensorflow import keras
import numpy as np
from tensorflow.keras import datasets
import os
import matplotlib.pyplot as plt
os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3'
# Adversarial attacks mnist
def create_pattern_mnist(image, label, model):
# Define loss function
loss_function = tf.keras.losses.CategoricalCrossentropy()
# Reshape image
image = image.reshape((1,image.shape[0]))
image = tf.cast(image, tf.float32)
# Reshape label
label = label.reshape(((1,label.shape[0])))
with tf.GradientTape() as tape:
tape.watch(image)
prediction = model(image)
loss = loss_function(label, prediction)
# Get the gradients of the loss w.r.t to the input image.
gradient = tape.gradient(loss, image)
# Get the sign of the gradients to create the perturbation
signed_grad = tf.sign(gradient)
return signed_grad.numpy()
def fgsm_mnist(image, label, model, epsilon):
pattern = create_pattern_mnist(image, label, model)
adv_x = image + epsilon*pattern
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
def iterative_fgsm_mnist(image, label, model, epsilon, alpha, niter):
adv_x = image
for _ in range(niter):
pattern = create_pattern_mnist(adv_x, label, model)
adv_x = adv_x + alpha * pattern
adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon)
adv_x = adv_x.numpy()
adv_x = adv_x.reshape(adv_x.shape[1])
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
def iterative_least_likely_fgsm_mnist(image, model, epsilon, alpha, niter, nb_classes):
adv_x = image
image = image.reshape((1,image.shape[0]))
label = np_utils.to_categorical(np.argmin(model(image)), nb_classes)
image = image.reshape(image.shape[1])
for _ in range(niter):
pattern = create_pattern_mnist(adv_x, label, model)
adv_x = adv_x - alpha * pattern
adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon)
adv_x = adv_x.numpy()
adv_x = adv_x.reshape(adv_x.shape[1])
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
# Attack functions cifar10
def create_pattern_cifar10(image, label, model):
# Define loss function
loss_function = tf.keras.losses.CategoricalCrossentropy()
# Reshape image
image = image.reshape((1,32,32,3))
image = tf.cast(image, tf.float32)
# Reshape label
label = label.reshape(((1,10)))
with tf.GradientTape() as tape:
tape.watch(image)
prediction = model(image)
loss = loss_function(label, prediction)
# Get the gradients of the loss w.r.t to the input image.
gradient = tape.gradient(loss, image)
# Get the sign of the gradients to create the perturbation
signed_grad = tf.sign(gradient)
return signed_grad.numpy()
def fgsm_cifar10(image, label, model, epsilon):
pattern = create_pattern_cifar10(image, label, model)
adv_x = image + epsilon*pattern
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
def iterative_fgsm_cifar10(image, label, model, epsilon, alpha, niter):
adv_x = image
for _ in range(niter):
pattern = create_pattern_cifar10(adv_x, label, model)
adv_x = adv_x + alpha * pattern
adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon)
adv_x = adv_x.numpy()
adv_x = adv_x.reshape((32,32,3))
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
def iterative_least_likely_fgsm_cifar10(image, model, epsilon, alpha, niter, nb_classes):
adv_x = image
image = image.reshape((1,32,32,3))
label = np_utils.to_categorical(np.argmin(model(image)), nb_classes)
image = image.reshape((32,32,3))
for _ in range(niter):
pattern = create_pattern_cifar10(adv_x, label, model)
adv_x = adv_x - alpha * pattern
adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon)
adv_x = adv_x.numpy()
adv_x = adv_x.reshape((32,32,3))
adv_x = tf.clip_by_value(adv_x, 0, 1)
# adv_x = adv_x * 0.5 + 0.5
return adv_x.numpy()
def fn(dataset, attack, epsilon):
epsilon = epsilon/255
alpha = 1
niter = int(min(4 + epsilon*255, 1.25 * epsilon * 255))
nb_classes = 10
classes = ["airplane", "automobile", "bird", "cat", "deer", "dog", "frog", "horse", "ship", "truck"]
if dataset == "MNIST":
idx = np.random.randint(0, len(X_test_mnist))
image1 = X_test_mnist[idx]
label1 = Y_test_mnist[idx]
pred1 = np.argmax(label1)
if attack == "FGSM":
image2 = fgsm_mnist(image1, label1, model_mnist, epsilon)
elif attack == "I-FGSM":
image2 = iterative_fgsm_mnist(image1, label1, model_mnist, epsilon, alpha, niter)
else:
image2 = iterative_least_likely_fgsm_mnist(image1, model_mnist, epsilon, alpha, niter, nb_classes)
pred2 = np.argmax(model_mnist(image2.reshape((1,784))))
image1 = image1.reshape((28,28))
image2 = image2.reshape((28,28))
else:
idx = np.random.randint(0, len(X_test_cifar10))
image1 = X_test_cifar10[idx]
label1 = Y_test_cifar10[idx]
pred1 = classes[np.argmax(label1)]
if attack == "FGSM":
image2 = fgsm_cifar10(image1, label1, model_cifar10, epsilon)
elif attack == "I-FGSM":
image2 = iterative_fgsm_cifar10(image1, label1, model_cifar10, epsilon, alpha, niter)
else:
image2 = iterative_least_likely_fgsm_cifar10(image1, model_cifar10, epsilon, alpha, niter, nb_classes)
pred2 = classes[np.argmax(model_cifar10(image2.reshape((1,32,32,3))))]
image1 = image1.reshape((32,32,3))
image2 = image2.reshape((32,32,3))
return image1, pred1, image2, pred2
model_mnist = keras.models.load_model('mnist.h5')
model_cifar10 = keras.models.load_model('cifar10.h5')
# Load MNIST data
(_, _), (X_test_mnist, Y_test_mnist) = mnist.load_data()
X_test_mnist = X_test_mnist.astype('float32')
X_test_mnist = X_test_mnist.reshape(10000, 784)
X_test_mnist /= 255
nb_classes = 10
Y_test_mnist = np_utils.to_categorical(Y_test_mnist, nb_classes)
# Load CIFAR10 data
(_, _), (X_test_cifar10, Y_test_cifar10) = datasets.cifar10.load_data()
X_test_cifar10 = X_test_cifar10 / 255.0
Y_test_cifar10 = np_utils.to_categorical(Y_test_cifar10, nb_classes)
demo = gr.Interface(
fn=fn,
allow_flagging="never",
title="Adversarial attack demonstration",
description="A random image from the chosen dataset will be perturbated with the chosen attack type and both the original image and the perturbated image will be displayed. The epsilon parameter controls the aggressiveness of the attack.",
inputs=[
gr.Radio(choices=["MNIST", "CIFAR10"], label="Dataset", value="MNIST"),
gr.Radio(choices=["FGSM", "I-FGSM", "I-LL-FGSM"], label="Attack", value="FGSM"),
gr.Slider(value=15, minimum=0, maximum=255, step=1, label="Epsilon"),
],
outputs=[
gr.Image(label="Original Image").style(height=256,width=256),
gr.Textbox(label="Predicted class"),
gr.Image(label="Perturbated image").style(height=256,width=256),
gr.Textbox(label="Predicted class")],
)
demo.launch() |