Spaces:
Runtime error
Runtime error
| import gradio as gr | |
| import tensorflow as tf | |
| from keras.datasets import mnist | |
| from keras.utils import np_utils | |
| from tensorflow import keras | |
| import numpy as np | |
| from tensorflow.keras import datasets | |
| import os | |
| import matplotlib.pyplot as plt | |
| os.environ['TF_CPP_MIN_LOG_LEVEL'] = '3' | |
| # Adversarial attacks mnist | |
| def create_pattern_mnist(image, label, model): | |
| # Define loss function | |
| loss_function = tf.keras.losses.CategoricalCrossentropy() | |
| # Reshape image | |
| image = image.reshape((1,image.shape[0])) | |
| image = tf.cast(image, tf.float32) | |
| # Reshape label | |
| label = label.reshape(((1,label.shape[0]))) | |
| with tf.GradientTape() as tape: | |
| tape.watch(image) | |
| prediction = model(image) | |
| loss = loss_function(label, prediction) | |
| # Get the gradients of the loss w.r.t to the input image. | |
| gradient = tape.gradient(loss, image) | |
| # Get the sign of the gradients to create the perturbation | |
| signed_grad = tf.sign(gradient) | |
| return signed_grad.numpy() | |
| def fgsm_mnist(image, label, model, epsilon): | |
| pattern = create_pattern_mnist(image, label, model) | |
| adv_x = image + epsilon*pattern | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| def iterative_fgsm_mnist(image, label, model, epsilon, alpha, niter): | |
| adv_x = image | |
| for _ in range(niter): | |
| pattern = create_pattern_mnist(adv_x, label, model) | |
| adv_x = adv_x + alpha * pattern | |
| adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon) | |
| adv_x = adv_x.numpy() | |
| adv_x = adv_x.reshape(adv_x.shape[1]) | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| def iterative_least_likely_fgsm_mnist(image, model, epsilon, alpha, niter, nb_classes): | |
| adv_x = image | |
| image = image.reshape((1,image.shape[0])) | |
| label = np_utils.to_categorical(np.argmin(model(image)), nb_classes) | |
| image = image.reshape(image.shape[1]) | |
| for _ in range(niter): | |
| pattern = create_pattern_mnist(adv_x, label, model) | |
| adv_x = adv_x - alpha * pattern | |
| adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon) | |
| adv_x = adv_x.numpy() | |
| adv_x = adv_x.reshape(adv_x.shape[1]) | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| # Attack functions cifar10 | |
| def create_pattern_cifar10(image, label, model): | |
| # Define loss function | |
| loss_function = tf.keras.losses.CategoricalCrossentropy() | |
| # Reshape image | |
| image = image.reshape((1,32,32,3)) | |
| image = tf.cast(image, tf.float32) | |
| # Reshape label | |
| label = label.reshape(((1,10))) | |
| with tf.GradientTape() as tape: | |
| tape.watch(image) | |
| prediction = model(image) | |
| loss = loss_function(label, prediction) | |
| # Get the gradients of the loss w.r.t to the input image. | |
| gradient = tape.gradient(loss, image) | |
| # Get the sign of the gradients to create the perturbation | |
| signed_grad = tf.sign(gradient) | |
| return signed_grad.numpy() | |
| def fgsm_cifar10(image, label, model, epsilon): | |
| pattern = create_pattern_cifar10(image, label, model) | |
| adv_x = image + epsilon*pattern | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| def iterative_fgsm_cifar10(image, label, model, epsilon, alpha, niter): | |
| adv_x = image | |
| for _ in range(niter): | |
| pattern = create_pattern_cifar10(adv_x, label, model) | |
| adv_x = adv_x + alpha * pattern | |
| adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon) | |
| adv_x = adv_x.numpy() | |
| adv_x = adv_x.reshape((32,32,3)) | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| def iterative_least_likely_fgsm_cifar10(image, model, epsilon, alpha, niter, nb_classes): | |
| adv_x = image | |
| image = image.reshape((1,32,32,3)) | |
| label = np_utils.to_categorical(np.argmin(model(image)), nb_classes) | |
| image = image.reshape((32,32,3)) | |
| for _ in range(niter): | |
| pattern = create_pattern_cifar10(adv_x, label, model) | |
| adv_x = adv_x - alpha * pattern | |
| adv_x = tf.clip_by_value(adv_x, image - epsilon, image+epsilon) | |
| adv_x = adv_x.numpy() | |
| adv_x = adv_x.reshape((32,32,3)) | |
| adv_x = tf.clip_by_value(adv_x, 0, 1) | |
| # adv_x = adv_x * 0.5 + 0.5 | |
| return adv_x.numpy() | |
| def fn(dataset, attack): | |
| epsilon=15/255 | |
| alpha=1/255 | |
| niter = int(min(4 + epsilon*255, 1.25 * epsilon * 255)) | |
| nb_classes = 10 | |
| classes = ["airplane", "automobile", "bird", "cat", "deer", "dog", "frog", "horse", "ship", "truck"] | |
| if dataset == "MNIST": | |
| idx = np.random.randint(0, len(X_test_mnist)) | |
| image1 = X_test_mnist[idx] | |
| label1 = Y_test_mnist[idx] | |
| pred1 = np.argmax(label1) | |
| if attack == "FGSM": | |
| image2 = fgsm_mnist(image1, label1, model_mnist, epsilon) | |
| elif attack == "I_FGSM": | |
| image2 = iterative_fgsm_mnist(image1, label1, model_mnist, epsilon, alpha, niter) | |
| else: | |
| image2 = iterative_least_likely_fgsm_mnist(image1, model_mnist, epsilon, alpha, niter, nb_classes) | |
| pred2 = np.argmax(model_mnist(image2.reshape((1,784)))) | |
| image1 = image1.reshape((28,28)) | |
| image2 = image2.reshape((28,28)) | |
| else: | |
| idx = np.random.randint(0, len(X_test_cifar10)) | |
| image1 = X_test_cifar10[idx] | |
| label1 = Y_test_cifar10[idx] | |
| pred1 = classes[np.argmax(label1)] | |
| if attack == "FGSM": | |
| image2 = fgsm_cifar10(image1, label1, model_cifar10, epsilon) | |
| elif attack == "I_FGSM": | |
| image2 = iterative_fgsm_cifar10(image1, label1, model_cifar10, epsilon, alpha, niter) | |
| else: | |
| image2 = iterative_least_likely_fgsm_cifar10(image1, model_cifar10, epsilon, alpha, niter, nb_classes) | |
| pred2 = classes[np.argmax(model_cifar10(image2.reshape((1,32,32,3))))] | |
| image1 = image1.reshape((32,32,3)) | |
| image2 = image2.reshape((32,32,3)) | |
| return image1, pred1, image2, pred2 | |
| model_mnist = keras.models.load_model('mnist.h5') | |
| model_cifar10 = keras.models.load_model('cifar10.h5') | |
| # Load MNIST data | |
| (_, _), (X_test_mnist, Y_test_mnist) = mnist.load_data() | |
| X_test_mnist = X_test_mnist.astype('float32') | |
| X_test_mnist = X_test_mnist.reshape(10000, 784) | |
| X_test_mnist /= 255 | |
| nb_classes = 10 | |
| Y_test_mnist = np_utils.to_categorical(Y_test_mnist, nb_classes) | |
| # Load CIFAR10 data | |
| (_, _), (X_test_cifar10, Y_test_cifar10) = datasets.cifar10.load_data() | |
| X_test_cifar10 = X_test_cifar10 / 255.0 | |
| Y_test_cifar10 = np_utils.to_categorical(Y_test_cifar10, nb_classes) | |
| demo = gr.Interface( | |
| fn=fn, | |
| allow_flagging="never", | |
| title="Adversarial attack demonstration", | |
| description="A random image from the chosen dataset will be perturbated with the chosen attack type and both the original image and the perturbated image will be displayed.", | |
| inputs=[ | |
| gr.Radio(choices=["MNIST", "CIFAR10"], label="Pick a dataset"), | |
| gr.Radio(choices=["FGSM", "I-FGSM", "I-LL-FGSM"], label="Pick an attack") | |
| ], | |
| outputs=[ | |
| gr.Image(label="Original Image").style(height=256,width=256), | |
| gr.Textbox(label="Predicted class"), | |
| gr.Image(label="Perturbated image").style(height=256,width=256), | |
| gr.Textbox(label="Predicted class")], | |
| ) | |
| demo.launch() |