对抗样本cleverhans的使用

• cleverhans是一个开源的对抗样本库，最新版本v4.0.0支持pytorch，v3.1.0及之前仅仅支持tensorflow
• 里面实现了常见对抗样本的攻击和防御，v4.0.0版本还不太完善，仅仅实现了部分算法
• 下载：
  • pip install cleverhans

• 收集处理数据
• 构建并训练目标模型
• 实现相应的对抗样本算法，实现与之对应的对抗样本

import cleverhans
from cleverhans.torch.attacks.fast_gradient_method import fast_gradient_method
from cleverhans.torch.attacks.carlini_wagner_l2 import carlini_wagner_l2
from cleverhans.torch.attacks.projected_gradient_descent import projected_gradient_descent
import numpy as np
import torch
import torch.nn as nn
from torchvision.datasets import MNIST
from torchvision.transforms import ToTensor
from torch.utils.data import DataLoader
import matplotlib.pyplot as plt
import os
import torch.nn.functional as F
from tqdm import tqdm
os.environ["KMP_DUPLICATE_LIB_OK"]="TRUE"
%matplotlib inline

我们采用torchvision模块中的MNIST数据集

#MNIST数据集加载和处理
train_data=MNIST(root="data",train=True,download=False,transform=ToTensor())
test_data=MNIST(root="data",train=False,download=False,transform=ToTensor())

#数据处理
batch_size=16
train_loader=DataLoader(train_data,batch_size=batch_size)
test_loader=DataLoader(test_data,batch_size=batch_size)

for x,label in train_loader:
    plt.figure(figsize=(16,8))
    id=0
    for i in range(4):
        for j in range(4):
            plt.subplot(4,4,id+1)
            plt.imshow(x[id,0].reshape(28,28),cmap="gray")
            plt.title(str(label[id].detach().numpy()),{"color":"red"})
            plt.axis("off")
            id+=1
    break

#构建网络模型
class Net(nn.Module):
    def __init__(self):
        super(Net,self).__init__()
        self.conv=nn.Sequential(nn.Conv2d(1,16,3,1,0),nn.ReLU(),nn.Conv2d(16,8,3,1,0),nn.ReLU())
        self.full=nn.Sequential(nn.Linear(8*24*24,32),nn.ReLU(),nn.Linear(32,10))
    def weight_init(self):
        for m in self._modules:
            if isinstance(m, nn.Linear) or isinstance(m, nn.Conv2d):  #判断当前网络结构是否为全连接层或者卷积层
                m.weight.data.normal_(0.0, 0.01)
                m.bias.data.zero_()
    def forward(self,inx):
        x=self.conv(inx)
#         print(x.shape)
#         input()
        x=x.view(-1,8*24*24)
        x=self.full(x)
        return x

#模型训练
def train(model,data_loader,loss_func,epochs,lr):
    optimizer=torch.optim.Adam(model.parameters(),lr)
    for epoch in range(1,epochs+1):
        for i,(x,y) in tqdm(enumerate(data_loader)):
            x=x.to(device)
            y=y.to(device)
            out=model(x)
            loss=loss_func(out,y)
            optimizer.zero_grad()
            loss.backward()
            optimizer.step()
            if i%1000==0:
                print(f"epoch:{epoch}|| current_num:{i}|| loss:{loss}")

criterion=nn.CrossEntropyLoss()
lr=1e-3
epochs=1
net.weight_init()

def test(model,data_loader):
    correct_sum=0
    all_sum=0
    for x,y in data_loader:
        x=x.to(device)
        out=torch.argmax(model(x),dim=1).cpu()
        correct=(out==y).sum()
        correct_sum+=correct
        all_sum+=len(y)
    return correct_sum/all_sum

sample=next(iter(test_loader))
data,label=sample
predic=torch.argmax(net(data.to(device)),dim=1).detach().cpu()
plt.figure(figsize=(16,8))
id=0
for i in range(4):
    for j in range(4):
        plt.subplot(4,4,id+1)
        plt.imshow(data[id,0].reshape(28,28),cmap="gray")
        plt.title(f"{label[id]}->{predic[id]}",{"color":"red"})
        plt.axis("off")
        id+=1

advx=fast_gradient_method(net,data.to(device),0.1,np.inf).detach().cpu()
predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()

plt.figure(figsize=(16,8))
id=0
for i in range(4):
    for j in range(4):
        plt.subplot(4,4,id+1)
        plt.imshow(advx[id,0].reshape(28,28),cmap="gray")
        plt.title(f"{label[id]}->{predic[id]}",{"color":"red"})
        plt.axis("off")
        id+=1

advx=projected_gradient_descent(net,data.to(device),0.1,0.05,40,np.inf).detach().cpu()
predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()

advx=carlini_wagner_l2(net,data.to(device),10,torch.tensor([5]*batch_size,device=device),targeted=True).detach().cpu()
predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()

advx=carlini_wagner_l2(net,data.to(device),10,torch.tensor([5]*batch_size,device=device),targeted=False).detach().cpu()
predic=torch.argmax(net(advx.to(device)),dim=1).detach().cpu()