- cleverhans是一个开源的对抗样本库,最新版本v4.0.0支持pytorch,v3.1.0及之前仅仅支持tensorflow
- 里面实现了常见对抗样本的攻击和防御,v4.0.0版本还不太完善,仅仅实现了部分算法
- 下载:
- pip install cleverhans
- 收集处理数据
- 构建并训练目标模型
- 实现相应的对抗样本算法,实现与之对应的对抗样本
import cleverhans from cleverhans.torch.attacks.fast_gradient_method import fast_gradient_method from cleverhans.torch.attacks.carlini_wagner_l2 import carlini_wagner_l2 from cleverhans.torch.attacks.projected_gradient_descent import projected_gradient_descent import numpy as np import torch import torch.nn as nn from torchvision.datasets import MNIST from torchvision.transforms import ToTensor from torch.utils.data import DataLoader import matplotlib.pyplot as plt import os import torch.nn.functional as F from tqdm import tqdm os.environ["KMP_DUPLICATE_LIB_OK"]="TRUE" %matplotlib inline收集处理数据:
我们采用torchvision模块中的MNIST数据集
#MNIST数据集加载和处理 train_data=MNIST(root="data",train=True,download=False,transform=ToTensor()) test_data=MNIST(root="data",train=False,download=False,transform=ToTensor())
#数据处理 batch_size=16 train_loader=DataLoader(train_data,batch_size=batch_size) test_loader=DataLoader(test_data,batch_size=batch_size)原始数据可视化:
for x,label in train_loader:
plt.figure(figsize=(16,8))
id=0
for i in range(4):
for j in range(4):
plt.subplot(4,4,id+1)
plt.imshow(x[id,0].reshape(28,28),cmap="gray")
plt.title(str(label[id].detach().numpy()),{"color":"red"})
plt.axis("off")
id+=1
break
构建模型进行训练:
#构建网络模型
class Net(nn.Module):
def __init__(self):
super(Net,self).__init__()
self.conv=nn.Sequential(nn.Conv2d(1,16,3,1,0),nn.ReLU(),nn.Conv2d(16,8,3,1,0),nn.ReLU())
self.full=nn.Sequential(nn.Linear(8*24*24,32),nn.ReLU(),nn.Linear(32,10))
def weight_init(self):
for m in self._modules:
if isinstance(m, nn.Linear) or isinstance(m, nn.Conv2d): #判断当前网络结构是否为全连接层或者卷积层
m.weight.data.normal_(0.0, 0.01)
m.bias.data.zero_()
def forward(self,inx):
x=self.conv(inx)
# print(x.shape)
# input()
x=x.view(-1,8*24*24)
x=self.full(x)
return x
模型训练
#模型训练
def train(model,data_loader,loss_func,epochs,lr):
optimizer=torch.optim.Adam(model.parameters(),lr)
for epoch in range(1,epochs+1):
for i,(x,y) in tqdm(enumerate(data_loader)):
x=x.to(device)
y=y.to(device)
out=model(x)
loss=loss_func(out,y)
optimizer.zero_grad()
loss.backward()
optimizer.step()
if i%1000==0:
print(f"epoch:{epoch}|| current_num:{i}|| loss:{loss}")
criterion=nn.CrossEntropyLoss() lr=1e-3 epochs=1 net.weight_init()模型测试:
def test(model,data_loader):
correct_sum=0
all_sum=0
for x,y in data_loader:
x=x.to(device)
out=torch.argmax(model(x),dim=1).cpu()
correct=(out==y).sum()
correct_sum+=correct
all_sum+=len(y)
return correct_sum/all_sum
sample=next(iter(test_loader))
data,label=sample
predic=torch.argmax(net(data.to(device)),dim=1).detach().cpu()
plt.figure(figsize=(16,8))
id=0
for i in range(4):
for j in range(4):
plt.subplot(4,4,id+1)
plt.imshow(data[id,0].reshape(28,28),cmap="gray")
plt.title(f"{label[id]}->{predic[id]}",{"color":"red"})
plt.axis("off")
id+=1
对抗样本生成
FGSM算法:
advx=fast_gradient_method(net,data.to(device),0.1,np.inf).detach().cpu() predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()
plt.figure(figsize=(16,8))
id=0
for i in range(4):
for j in range(4):
plt.subplot(4,4,id+1)
plt.imshow(advx[id,0].reshape(28,28),cmap="gray")
plt.title(f"{label[id]}->{predic[id]}",{"color":"red"})
plt.axis("off")
id+=1
PGD算法:
advx=projected_gradient_descent(net,data.to(device),0.1,0.05,40,np.inf).detach().cpu() predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()CW算法 1.定向攻击,target=5
advx=carlini_wagner_l2(net,data.to(device),10,torch.tensor([5]*batch_size,device=device),targeted=True).detach().cpu() predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()2.非定向攻击
advx=carlini_wagner_l2(net,data.to(device),10,torch.tensor([5]*batch_size,device=device),targeted=False).detach().cpu() predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)