无法 运行 Carlini 和 Wagner 在 tensorflow 模型上使用 foolbox 进行攻击
Cannot run Carlini and Wagner Attack using foolbox on a tensorflow Model
我使用的是最新版本的 foolbox (3.3.1),我的代码只是加载了一个 RESNET-50 CNN,为迁移学习应用程序添加了一些层,并按如下方式加载了权重。
from numpy.core.records import array
import tensorflow as tf
from keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
import cv2
import os
import numpy as np
import foolbox as FB
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from PIL import Image
import foolbox as FB
import math
from foolbox.criteria import Misclassification
#load model
num_classes = 12
#Load model and prepare it for testing
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
model.load_weights("RESNET-50/weights/train1-test1.h5")
print("Step 2: prepare testing data")
#features is a set of (1200,10,224,224,3) images
features=np.load("features.npy")
labels=np.load("labels.npy")
现在我想用foolbox 3.3.1 Carlini和Wagner攻击来攻击它,这是我加载foolbox模型的方式
#Lets test the foolbox model
bounds = (0, 1)
fmodel = fb.TensorFlowModel(model, bounds=bounds)
我的数据集被分成每个文档 10 张图像,我将使用 Carlini 和 Wagner 攻击使用批量大小为 10 的 foolbox 攻击这 10 张图像
#for each i, I have 10 images
for i in range(0, features.shape[0]):
print("document "+str(i))
#Receive current values
#This is a batch of (10,224,224,3) images
features_to_test=features[i,:]
#Get their labels
labels_to_test=labels[i,:]
######################ATTACK IN THE NORMALIZED DOMAIN###########################
#lets do the attack
#We use an interval of epsilons
epsilons = np.linspace(0.01, 1, num=2)
attack = fb.attacks.L2CarliniWagnerAttack(fmodel)
adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
但是,每当我 运行 代码时,这里是返回给我的错误
Traceback (most recent call last):
File "test_carlini_wagner.py", line 161, in <module>
adversarials = attack(features_to_test, labels_to_test,
criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/base.py", line 410, in
__call__
xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/carlini_wagner.py", line 100, in run
bounds = model.bounds
AttributeError: 'tensorflow.python.framework.ops.EagerTensor' object has no attribute
'bounds'
应该是什么错误?我错误地加载了我的模型吗?我应该为调用的攻击添加新参数吗?如前所述,我使用的是 foolbox 3.3.1.
我认为您可能混淆了 L2CarliniWagnerAttack 的参数。这是一个带有虚拟数据的简化工作示例:
import tensorflow as tf
import numpy as np
from tensorflow.keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from foolbox import TensorFlowModel
from foolbox.criteria import Misclassification
from foolbox.attacks import L2CarliniWagnerAttack
num_classes = 12
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
bounds = (0, 1)
fmodel = TensorFlowModel(model, bounds=bounds)
images, labels = tf.random.normal((64, 10, 224, 224, 3)), tf.random.uniform((64, 10,), maxval=13, dtype=tf.int32)
for i in range(0, images.shape[0]):
print("document "+str(i))
features_to_test=images[i,:]
labels_to_test=labels[i,:]
epsilons = np.linspace(0.01, 1, num=2)
attack = L2CarliniWagnerAttack()
adversarials = attack(fmodel, features_to_test, criterion=Misclassification(labels_to_test), epsilons=epsilons)
Step 1: Load model and weights
document 0
document 1
document 2
document 3
document 4
document 5
document 6
...
我使用的是最新版本的 foolbox (3.3.1),我的代码只是加载了一个 RESNET-50 CNN,为迁移学习应用程序添加了一些层,并按如下方式加载了权重。
from numpy.core.records import array
import tensorflow as tf
from keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
import cv2
import os
import numpy as np
import foolbox as FB
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from PIL import Image
import foolbox as FB
import math
from foolbox.criteria import Misclassification
#load model
num_classes = 12
#Load model and prepare it for testing
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
model.load_weights("RESNET-50/weights/train1-test1.h5")
print("Step 2: prepare testing data")
#features is a set of (1200,10,224,224,3) images
features=np.load("features.npy")
labels=np.load("labels.npy")
现在我想用foolbox 3.3.1 Carlini和Wagner攻击来攻击它,这是我加载foolbox模型的方式
#Lets test the foolbox model
bounds = (0, 1)
fmodel = fb.TensorFlowModel(model, bounds=bounds)
我的数据集被分成每个文档 10 张图像,我将使用 Carlini 和 Wagner 攻击使用批量大小为 10 的 foolbox 攻击这 10 张图像
#for each i, I have 10 images
for i in range(0, features.shape[0]):
print("document "+str(i))
#Receive current values
#This is a batch of (10,224,224,3) images
features_to_test=features[i,:]
#Get their labels
labels_to_test=labels[i,:]
######################ATTACK IN THE NORMALIZED DOMAIN###########################
#lets do the attack
#We use an interval of epsilons
epsilons = np.linspace(0.01, 1, num=2)
attack = fb.attacks.L2CarliniWagnerAttack(fmodel)
adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
但是,每当我 运行 代码时,这里是返回给我的错误
Traceback (most recent call last):
File "test_carlini_wagner.py", line 161, in <module>
adversarials = attack(features_to_test, labels_to_test,
criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/base.py", line 410, in
__call__
xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/carlini_wagner.py", line 100, in run
bounds = model.bounds
AttributeError: 'tensorflow.python.framework.ops.EagerTensor' object has no attribute
'bounds'
应该是什么错误?我错误地加载了我的模型吗?我应该为调用的攻击添加新参数吗?如前所述,我使用的是 foolbox 3.3.1.
我认为您可能混淆了 L2CarliniWagnerAttack 的参数。这是一个带有虚拟数据的简化工作示例:
import tensorflow as tf
import numpy as np
from tensorflow.keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from foolbox import TensorFlowModel
from foolbox.criteria import Misclassification
from foolbox.attacks import L2CarliniWagnerAttack
num_classes = 12
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
bounds = (0, 1)
fmodel = TensorFlowModel(model, bounds=bounds)
images, labels = tf.random.normal((64, 10, 224, 224, 3)), tf.random.uniform((64, 10,), maxval=13, dtype=tf.int32)
for i in range(0, images.shape[0]):
print("document "+str(i))
features_to_test=images[i,:]
labels_to_test=labels[i,:]
epsilons = np.linspace(0.01, 1, num=2)
attack = L2CarliniWagnerAttack()
adversarials = attack(fmodel, features_to_test, criterion=Misclassification(labels_to_test), epsilons=epsilons)
Step 1: Load model and weights
document 0
document 1
document 2
document 3
document 4
document 5
document 6
...