def forward(self, x): x = self.conv(x) x = F.relu(x) x = F.max_pool2d(x, 2) x = self.dropout(x) x = torch.flatten(x, 1) x = self.fc(x) output = F.log_softmax(x, dim=1) return output
# Define image transform transform=transforms.Compose([ transforms.ToTensor(), transforms.Normalize((0.1307,), (0.3081,)) # mean and std for the MNIST training set ])
# Save and load model torch.save(model.state_dict(), "mnist_cnn.pt") model = Net() model.load_state_dict(torch.load("mnist_cnn.pt"))
# Test test(model, test_loader)
训练参数储存
e)训练结果
3.FGSM攻击
a)模型加载
加载模型
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
# MNIST Test dataset and dataloader declaration transform = transforms.Compose([ transforms.ToTensor(), ]) train_dataset = datasets.MNIST('./data', train=True, download=True, transform=transform) test_loader = torch.utils.data.DataLoader(train_dataset,batch_size=1, shuffle=True) # Define what device we are using print("CUDA Available: ",torch.cuda.is_available()) device = torch.device("cuda" if (use_cuda and torch.cuda.is_available()) else "cpu")
# Initialize the network model = Net().to(device)
# Load the pretrained model model.load_state_dict(torch.load("mnist_cnn.pt", map_location='cpu'))
# Set the model in evaluation mode. In this case this is for the Dropout layers model.eval()
b)攻击函数创建
现在,我们可以通过扰动原始输入来定义创建对抗性示例的函数。Fgsm 攻击函数有三个输入,图像是原始清晰图像(xx) ,ε 是像素级扰动量(εε) ,data _ grad 是损失的梯度,输入图像(∇xJ(θ,x,y))。然后,该函数创建扰动图像 $$ perturbed_image=image+epsilon∗sign(data_grad)=x+ϵ∗sign(∇ x J(θ,x,y)) $$
1 2 3 4 5 6 7 8 9 10
# FGSM attack code def fgsm_attack(image, epsilon, data_grad): # Collect the element-wise sign of the data gradient sign_data_grad = data_grad.sign() # Create the perturbed image by adjusting each pixel of the input image perturbed_image = image + epsilon*sign_data_grad # Adding clipping to maintain [0,1] range perturbed_image = torch.clamp(perturbed_image, 0, 1) # Return the perturbed image return perturbed_image
c)开始攻击
1 2 3 4 5 6 7 8
accuracies = [] examples = []
# Run test for each epsilon for eps in epsilons: acc, ex = test(model, device, test_loader, eps) accuracies.append(acc) examples.append(ex)
# Plot several examples of adversarial samples at each epsilon cnt = 0 plt.figure(figsize=(8,10)) for i in range(len(epsilons)): for j in range(len(examples[i])): cnt += 1 plt.subplot(len(epsilons),len(examples[0]),cnt) plt.xticks([], []) plt.yticks([], []) if j == 0: plt.ylabel("Eps: {}".format(epsilons[i]), fontsize=14) orig,adv,ex = examples[i][j] plt.title("{} -> {}".format(orig, adv)) plt.imshow(ex, cmap="gray") plt.tight_layout() plt.show()
