search

bethgelab / foolbox

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
https://foolbox.jonasrauber.de
MIT License
2.75k stars 425 forks source link

Cannot pass arguments to DeepFool or CWL2 #527

Closed aldahdooh closed 2 years ago

aldahdooh commented 4 years ago

Why I cannot pass steps or overshoot parameters to deepfool attack?? same happens for CWL2 attacks, i cannot pass steps or override parameters? whay I should pass epsilon to deepfool and to CWL2? This code works fine with FGSM!

I am using (colab) with tensorflow 2.1 foolbox 3

import tensorflow as tf
import eagerpy as ep
from foolbox import TensorFlowModel, accuracy, samples
from foolbox.attacks import LinfFastGradientAttack, LinfPGD, LinfDeepFoolAttack, L2CarliniWagnerAttack
import matplotlib as mpl
import matplotlib.pyplot as plt
from tensorflow.keras.preprocessing.image import save_img

import glob
import ntpath
import numpy as np
import random
import shutil
import warnings

def preprocess(image, w, h):
  image = tf.cast(image, tf.float32)
  image = image/255
  image = tf.image.resize(image, (w, h))
  image = image[None, ...]
  return image

def getLabel(filename):
  l = tf.cast(int(filename.split(".")[0]), tf.int64)
  return l

#Import pre-VGG16-trained classifier
img_vgg16_classifier = tf.keras.applications.VGG16()
img_vgg16_classifier.trainable = False

#Create wrapper to Foolbox modules
wrap = TensorFlowModel(img_vgg16_classifier, bounds=(0, 1))

#deepfool Instance on trained img_vgg16_classifier
deepfool = LinfDeepFoolAttack()
epsilon = [0.002, 0.02, 0.05, 0.1, 0.15]

#prepair the image
w=224
h=224
c=3

image_dir = '/content/drive/My Drive/Colab Notebooks/adv_dnn/datasets/imagenet_test_sub/'
save_dir = '/content/drive/My Drive/Colab Notebooks/adv_dnn/adv_imgs/'
img_list = glob.glob(image_dir + '*.*')

for img_file in img_list:
  # for e in epsilon:

    #print(img_file)
  image_raw = tf.io.read_file(img_file)
  image = tf.io.decode_jpeg(image_raw)
  image = preprocess(image, w, h)
  image_name = ntpath.basename(img_file)
  if image.shape[3]!=3:
      continue
  lable = [getLabel(image_name)]
  label = ep.from_numpy(wrap.dummy, lable)
  dics = {'steps': 20}
  #Generate adversarial data
  advs, _, _ = deepfool (wrap, image, label, epsilons=epsilon, steps=20)  #even with **dics

  for i in range(len(epsilon)):
    plt.figure()
    plt.imshow(advs[i][0])
    plt.title('Image Preview')
    plt.show()

    new_image_name = image_name[0:len(image_name)-4] + '_vgg16_deepfool_' + str(epsilon[i]) + '.jpg'
    save_path = save_dir + 'vgg16/deepfool/' + new_image_name
    save_img(save_path, advs[i][0].numpy())

I have the following error

---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
<ipython-input-10-92a7953fd063> in <module>()
     26   dics = {'steps': 20}
     27   #Generate adversarial data
---> 28   advs, _, _ = deepfool(wrap, image, label, epsilons=epsilon, steps=20) #even with **dics
     29 
     30   for i in range(len(epsilon)):

2 frames
/usr/local/lib/python3.6/dist-packages/foolbox/attacks/base.py in __call__(***failed resolving arguments***)
    408 
    409         # run the actual attack
--> 410         xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs)
    411 
    412         xpcs = []

/usr/local/lib/python3.6/dist-packages/foolbox/attacks/deepfool.py in run(self, model, inputs, criterion, early_stop, **kwargs)
    102         **kwargs: Any,
    103     ) -> T:
--> 104         raise_if_kwargs(kwargs)
    105         x, restore_type = ep.astensor_(inputs)
    106         del inputs, kwargs

/usr/local/lib/python3.6/dist-packages/foolbox/attacks/base.py in raise_if_kwargs(kwargs)
    484     if kwargs:
    485         raise TypeError(
--> 486             f"attack got an unexpected keyword argument '{next(iter(kwargs.keys()))}'"
    487         )

TypeError: attack got an unexpected keyword argument 'steps'
zimmerrol commented 4 years ago

You need to pass all arguments to the attack during its init and not when you call the attack. This means you have to replace 

deepfool = LinfDeepFoolAttack()
deepfool(wrap, image, label, epsilons=epsilon, steps=20)

with 

deepfool = LinfDeepFoolAttack(steps=20) 
deepfool(wrap, image, label, epsilons=epsilon)
aldahdooh commented 4 years ago

I realized that, Many thanks.

But Why I get the adversarial image the same as input and no changes happen and some times black image. it applies for Deepfool and CWL2?

Check this:

import tensorflow as tf
import eagerpy as ep
from foolbox import TensorFlowModel, accuracy, samples
from foolbox.attacks import LinfFastGradientAttack, LinfPGD, LinfDeepFoolAttack, L2CarliniWagnerAttack
import matplotlib as mpl
import matplotlib.pyplot as plt
from tensorflow.keras.preprocessing.image import save_img

import glob
import ntpath
import numpy as np
import random
import shutil
import warnings

def preprocess(image, w, h):
  image = tf.cast(image, tf.float32)
  image = image/255
  image = tf.image.resize(image, (w, h))
  image = image[None, ...]
  return image

def getLabel(filename):
  l = tf.cast(int(filename.split(".")[0]), tf.int64)
  return l

#Import pre-VGG16-trained classifier
img_vgg16_classifier = tf.keras.applications.VGG16()
img_vgg16_classifier.trainable = False

#Create wrapper to Foolbox modules
wrap = TensorFlowModel(img_vgg16_classifier, bounds=(0, 1))

cwl2_params_arra= [{'confidence': 0, 'stepsize': 0.09, 'steps': 400, 'binary_search_steps': 5},
                   {'confidence': 0, 'stepsize': 0.09, 'steps': 400, 'binary_search_steps': 5},
                   {'confidence': 70, 'stepsize': 0.13, 'steps': 400, 'binary_search_steps': 5},
                   {'confidence': 0, 'stepsize': 1.3, 'steps': 400, 'binary_search_steps': 5},
                   {'confidence': 0, 'stepsize': 0.02, 'steps': 400, 'binary_search_steps': 5}]
#prepair the image
w=224
h=224
c=3

image_dir = '/content/drive/My Drive/Colab Notebooks/adv_dnn/datasets/imagenet_test_sub/'
save_dir = '/content/drive/My Drive/Colab Notebooks/adv_dnn/adv_imgs/'
img_list = glob.glob(image_dir + '*.*')
count = 0
for img_file in img_list:
  count = count + 1
  # for e in epsilon:
  for cwl2_params in cwl2_params_arra:
    #DeepFool Instance
    cwl2 = L2CarliniWagnerAttack(**cwl2_params)  

    #print(img_file)
    image_raw = tf.io.read_file(img_file)
    image = tf.io.decode_jpeg(image_raw)
    image = preprocess(image, w, h)
    image_name = ntpath.basename(img_file)
    if image.shape[3]!=3:
      continue

    lable = [getLabel(image_name)]
    label = ep.from_numpy(wrap.dummy, lable)
    cr = Misclassification(label)
    advs, _, _ = cwl2(wrap, image, cr, epsilons=0.1)

    plt.figure()
    plt.imshow(advs[0])
    plt.title('Image Preview')
    plt.show()

    new_image_name = image_name[0:len(image_name)-4] + '_vgg16_cwl2_' + str(cwl2.confidence) + '_' + str(cwl2.stepsize) + '.jpg'
    save_path = save_dir + 'vgg16/cwl2/' + new_image_name
    save_img(save_path, advs[0].numpy())
    print('image count: ' + str(count) + ' -- image saved: ' + new_image_name)