๐Ÿ‘ฉ‍๐Ÿ’ป

[ART] attack_adversarial_patch_TensorFlowV2.ipynb ์ฝ”๋“œ ๋ถ„์„

geum 2022. 1. 19. 16:10

 

jupyter notebook์œผ๋กœ ์ฝ”๋“œ ๋Œ๋ฆฌ๋Š”๋ฐ ์งœ์ž˜ํ•œ ์—๋Ÿฌ๊ฐ€ ์ž๊พธ ๋– ์„œ ์˜ค๋Š˜์€ ์‚ฝ์งˆ ์ข€ ํ–ˆ๋‹ค ๐Ÿ˜ข

 

โœ… ์ฝ”๋“œ ์›๋ณธ : 

https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/art/attacks/evasion/adversarial_patch/adversarial_patch.py

 

GitHub - Trusted-AI/adversarial-robustness-toolbox: Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning S

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams - GitHub - Trusted-AI/adversarial-robustness-too...

github.com

Settings

target_name = 'toaster'
image_shape = (224, 224, 3)
clip_values = (0, 255)
nb_classes  =1000
batch_size = 16
scale_min = 0.4
scale_max = 1.0
rotation_max = 22.5
learning_rate = 5000.
max_iter = 500

 

ํŒจ์น˜๊ฐ€ ๋ถ€์ฐฉ๋œ ์ด๋ฏธ์ง€๋Š” target_name์— ์ •ํ•ด์ง„๋Œ€๋กœ ๋ถ„๋ฅ˜๋œ๋‹ค. toaster ๋ง๊ณ  ๋‹ค๋ฅธ ๊ฑธ๋กœ ๋ช‡ ๋ฒˆ ๋ฐ”๊ฟ”๋ดค๋Š”๋ฐ ๋‹ค toaster์ผ ๋•Œ๋ณด๋‹ค ์„ฑ๋Šฅ์ด ์•ˆ ์ข‹์•˜๋‹ค.

 

target_name ์ข…๋ฅ˜๋Š” https://github.com/nottombrown/imagenet-stubs/blob/master/imagenet_stubs/imagenet_2012_labels.py ์—์„œ ํ™•์ธ ๊ฐ€๋Šฅ!

 

Model Definition

model = tf.keras.applications.resnet50.ResNet50(weights="imagenet")

mean_b = 100
mean_g = 110
mean_r = 120

tfc = TensorFlowV2Classifier(model=model, loss_object=None, train_step=None, nb_classes=nb_classes,
                             input_shape=image_shape, clip_values=clip_values, 
                             preprocessing=([mean_b, mean_g, mean_r], np.array([1.0, 1.0, 1.0])))

 

๋ถ„๋ฅ˜๊ธฐ์™€ ์ƒ‰์ƒ ๊ฐ’์„ ์ •ํ•ด์ค€๋‹ค.

 

Adversarial Patch Generation

ap = AdversarialPatch(classifier=tfc, rotation_max=rotation_max, scale_min=scale_min, scale_max=scale_max,
                      learning_rate=learning_rate, max_iter=max_iter, batch_size=batch_size,
                      patch_shape=(224, 224, 3))

label = name_to_label(target_name)

y_one_hot = np.zeros(nb_classes)
y_one_hot[label] = 1.0

# y_one_hot ๋ฐฐ์—ด์„ ์ด์šฉํ•ด images.shape[0]ํ–‰, 1์—ด์„ ๋งŒ๋“ ๋‹ค.
# y_one_hot ๋‚ด์šฉ์ด ๋ฐ˜๋ณต๋˜๋Š” ํ˜•ํƒœ
y_target = np.tile(y_one_hot, (images.shape[0], 1))

patch, patch_mask = ap.generate(x=images, y=y_target)

 

art/attacks/evasion์— ์ •์˜๋œ AdversarialPatch(~)๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ์•Œ์•„์„œ ํŒจ์น˜๋ฅผ ์ƒ์„ฑํ•ด์ค€๋‹ค. patch_shape๋Š” 224*224 ํฌ๊ธฐ์˜ ์ปฌ๋Ÿฌ ํŒจ์น˜๋ฅผ ์ƒ์„ฑํ•œ๋‹ค๋Š” ์˜๋ฏธ์ด๋‹ค.

 

๋ˆˆ ์–ด์งˆํ•œ ์ƒ‰ ์กฐํ•ฉ ,,

 

์ƒ์„ฑ๋œ ํŒจ์น˜๋Š” ์œ„์™€ ๊ฐ™๊ณ  ์ž์„ธํžˆ ๋ณด๋ฉด ํ† ์Šคํ„ฐ๊ธฐ ํ˜•ํƒœ๊ฐ€ ๋“ค์–ด๊ฐ€์žˆ๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

 

Evaluations

 

์ด์งˆ์ ์ธ ๋ญ”๊ฐ€๊ฐ€ ์ถ”๊ฐ€๋๋‹ค๋Š” ๊ฒŒ ๋งŽ์ด ํ‹ฐ๋‚˜์ง€๋งŒ ์ด๋ฏธ์ง€์— ํŒจ์น˜๊ฐ€ ๋ถ€์ฐฉ๋œ ํ›„ ๋ชจ๋ธ์ด ๋ชฉํ‘œ ํƒ€๊ฒŸ์ด์—ˆ๋˜ ํ† ์Šคํ„ฐ๊ธฐ๋กœ ๋ถ„๋ฅ˜ํ•˜๊ณ  ์žˆ๋‹ค.

(์ •๋‹ต ๋ ˆ์ด๋ธ”์€ bagel๊ณผ beagle)

์ €์ž‘์žํ‘œ์‹œ ๋น„์˜๋ฆฌ ๋ณ€๊ฒฝ๊ธˆ์ง€

'๐Ÿ‘ฉโ€๐Ÿ’ป' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[์ฝ”๋“œ ๋ฆฌ๋ทฐ] ๋…ธ๋…„์ธต ๋Œ€ํ™” ๊ฐ์„ฑ ๋ถ„๋ฅ˜ ๋ชจ๋ธ ๊ตฌํ˜„ (2) : RNN  (0) 2022.12.21
[์ฝ”๋“œ ๋ฆฌ๋ทฐ] ๋…ธ๋…„์ธต ๋Œ€ํ™” ๊ฐ์„ฑ ๋ถ„๋ฅ˜ ๋ชจ๋ธ ๊ตฌํ˜„ (1) : CNN  (0) 2022.12.13
[ART] attack_defence_imagenet.ipynb ์ฝ”๋“œ ์‹ค์Šต  (0) 2022.01.18
[ART] adversarial_training_mnist.ipynb ์ฝ”๋“œ ๋ถ„์„  (0) 2022.01.12
[ART] ART for TensorFlow v2 - Callable ์ฝ”๋“œ ๋ถ„์„  (0) 2022.01.03

'๐Ÿ‘ฉ‍๐Ÿ’ป'์˜ ๋‹ค๋ฅธ๊ธ€

  • ํ˜„์žฌ๊ธ€[ART] attack_adversarial_patch_TensorFlowV2.ipynb ์ฝ”๋“œ ๋ถ„์„

๊ด€๋ จ๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”