what.attacks.detection.yolo.PCB
1# Deep Learning Libraries 2import numpy as np 3np.set_printoptions(suppress=True) 4from keras.models import load_model 5 6import tensorflow as tf 7tf.compat.v1.disable_eager_execution() 8import keras.backend as K 9 10from what.utils.proj import proj_lp 11 12class PCBAttack: 13 def __init__(self, model, attack_type, classes, init="zero", learning_rate = 4 / 255.0, batch = 1, decay = 0.98, custom_objects = None): 14 self.classes = len(classes) 15 self.epsilon = 1 16 self.graph = tf.compat.v1.get_default_graph() 17 self.use_filter = False 18 19 if init == "uniform": 20 self.noise = np.random.uniform( -2 / 255.0, 2 / 255.0, size=(416, 416, 3)) 21 else: 22 self.noise = np.zeros((416, 416, 3)) 23 24 self.adv_patch_boxes = [] 25 self.fixed = True 26 27 self.model = load_model(model, custom_objects=custom_objects) 28 self.model.summary() 29 self.attack_type = attack_type 30 31 self.lr = learning_rate 32 self.delta = 0 33 self.decay = decay 34 35 self.current_batch = 0 36 self.batch = batch 37 38 loss = 0 39 40 for out in self.model.output: 41 out = K.reshape(out, (-1, 5 + self.classes)) 42 43 # Targeted One Box 44 if attack_type == "one_targeted": 45 loss = K.max(K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5])) 46 47 # Targeted Multi boxes 48 if attack_type == "multi_targeted": 49 loss = K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5]) 50 51 # Untargeted Multi boxes 52 if attack_type == "multi_untargeted": 53 for i in range(0, self.classes): 54 # PC Attack 55 loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) 56 57 # Small centric 58 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5]) / K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2) ) 59 60 # Large overlapped boxes 61 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 62 63 # Small distributed boxes (PCB Attack) 64 loss = loss / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 65 66 grads = K.gradients(loss, self.model.input) 67 self.delta = self.delta + K.sign(grads[0]) 68 69 self.sess = tf.compat.v1.keras.backend.get_session() 70 71 def attack(self, input_cv_image): 72 with self.graph.as_default(): 73 # Draw each adversarial patch on the input image 74 input_cv_image = input_cv_image + self.noise 75 input_cv_image = np.clip(input_cv_image, 0.0, 1.0).astype(np.float32) 76 77 if not self.fixed: 78 outputs, grads = self.sess.run([self.model.output, self.delta], feed_dict={self.model.input:np.array([input_cv_image])}) 79 80 self.noise = self.noise + self.lr * grads[0, :, :, :] 81 82 self.current_batch = self.current_batch + 1 83 84 if self.current_batch == self.batch: 85 self.lr = self.lr * self.decay 86 self.current_batch = 0 87 88 self.noise = np.clip(self.noise, -1.0, 1.0) 89 90 self.noise = proj_lp(self.noise, xi=8/255.0, p = np.inf) 91 else: 92 outputs = self.sess.run(self.model.output, feed_dict={self.model.input:np.array([input_cv_image])}) 93 94 return input_cv_image, outputs
class
PCBAttack:
13class PCBAttack: 14 def __init__(self, model, attack_type, classes, init="zero", learning_rate = 4 / 255.0, batch = 1, decay = 0.98, custom_objects = None): 15 self.classes = len(classes) 16 self.epsilon = 1 17 self.graph = tf.compat.v1.get_default_graph() 18 self.use_filter = False 19 20 if init == "uniform": 21 self.noise = np.random.uniform( -2 / 255.0, 2 / 255.0, size=(416, 416, 3)) 22 else: 23 self.noise = np.zeros((416, 416, 3)) 24 25 self.adv_patch_boxes = [] 26 self.fixed = True 27 28 self.model = load_model(model, custom_objects=custom_objects) 29 self.model.summary() 30 self.attack_type = attack_type 31 32 self.lr = learning_rate 33 self.delta = 0 34 self.decay = decay 35 36 self.current_batch = 0 37 self.batch = batch 38 39 loss = 0 40 41 for out in self.model.output: 42 out = K.reshape(out, (-1, 5 + self.classes)) 43 44 # Targeted One Box 45 if attack_type == "one_targeted": 46 loss = K.max(K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5])) 47 48 # Targeted Multi boxes 49 if attack_type == "multi_targeted": 50 loss = K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5]) 51 52 # Untargeted Multi boxes 53 if attack_type == "multi_untargeted": 54 for i in range(0, self.classes): 55 # PC Attack 56 loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) 57 58 # Small centric 59 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5]) / K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2) ) 60 61 # Large overlapped boxes 62 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 63 64 # Small distributed boxes (PCB Attack) 65 loss = loss / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 66 67 grads = K.gradients(loss, self.model.input) 68 self.delta = self.delta + K.sign(grads[0]) 69 70 self.sess = tf.compat.v1.keras.backend.get_session() 71 72 def attack(self, input_cv_image): 73 with self.graph.as_default(): 74 # Draw each adversarial patch on the input image 75 input_cv_image = input_cv_image + self.noise 76 input_cv_image = np.clip(input_cv_image, 0.0, 1.0).astype(np.float32) 77 78 if not self.fixed: 79 outputs, grads = self.sess.run([self.model.output, self.delta], feed_dict={self.model.input:np.array([input_cv_image])}) 80 81 self.noise = self.noise + self.lr * grads[0, :, :, :] 82 83 self.current_batch = self.current_batch + 1 84 85 if self.current_batch == self.batch: 86 self.lr = self.lr * self.decay 87 self.current_batch = 0 88 89 self.noise = np.clip(self.noise, -1.0, 1.0) 90 91 self.noise = proj_lp(self.noise, xi=8/255.0, p = np.inf) 92 else: 93 outputs = self.sess.run(self.model.output, feed_dict={self.model.input:np.array([input_cv_image])}) 94 95 return input_cv_image, outputs
PCBAttack( model, attack_type, classes, init='zero', learning_rate=0.01568627450980392, batch=1, decay=0.98, custom_objects=None)
14 def __init__(self, model, attack_type, classes, init="zero", learning_rate = 4 / 255.0, batch = 1, decay = 0.98, custom_objects = None): 15 self.classes = len(classes) 16 self.epsilon = 1 17 self.graph = tf.compat.v1.get_default_graph() 18 self.use_filter = False 19 20 if init == "uniform": 21 self.noise = np.random.uniform( -2 / 255.0, 2 / 255.0, size=(416, 416, 3)) 22 else: 23 self.noise = np.zeros((416, 416, 3)) 24 25 self.adv_patch_boxes = [] 26 self.fixed = True 27 28 self.model = load_model(model, custom_objects=custom_objects) 29 self.model.summary() 30 self.attack_type = attack_type 31 32 self.lr = learning_rate 33 self.delta = 0 34 self.decay = decay 35 36 self.current_batch = 0 37 self.batch = batch 38 39 loss = 0 40 41 for out in self.model.output: 42 out = K.reshape(out, (-1, 5 + self.classes)) 43 44 # Targeted One Box 45 if attack_type == "one_targeted": 46 loss = K.max(K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5])) 47 48 # Targeted Multi boxes 49 if attack_type == "multi_targeted": 50 loss = K.sigmoid(out[:, 4]) * K.sigmoid(out[:, 5]) 51 52 # Untargeted Multi boxes 53 if attack_type == "multi_untargeted": 54 for i in range(0, self.classes): 55 # PC Attack 56 loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) 57 58 # Small centric 59 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5]) / K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2) ) 60 61 # Large overlapped boxes 62 # loss = loss + tf.reduce_sum( K.sigmoid(out[:, 4]) * K.sigmoid(out[:, i+5])) / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 63 64 # Small distributed boxes (PCB Attack) 65 loss = loss / tf.reduce_sum(K.pow(K.sigmoid(out[:, 2]) * K.sigmoid(out[:, 3]), 2)) 66 67 grads = K.gradients(loss, self.model.input) 68 self.delta = self.delta + K.sign(grads[0]) 69 70 self.sess = tf.compat.v1.keras.backend.get_session()
def
attack(self, input_cv_image):
72 def attack(self, input_cv_image): 73 with self.graph.as_default(): 74 # Draw each adversarial patch on the input image 75 input_cv_image = input_cv_image + self.noise 76 input_cv_image = np.clip(input_cv_image, 0.0, 1.0).astype(np.float32) 77 78 if not self.fixed: 79 outputs, grads = self.sess.run([self.model.output, self.delta], feed_dict={self.model.input:np.array([input_cv_image])}) 80 81 self.noise = self.noise + self.lr * grads[0, :, :, :] 82 83 self.current_batch = self.current_batch + 1 84 85 if self.current_batch == self.batch: 86 self.lr = self.lr * self.decay 87 self.current_batch = 0 88 89 self.noise = np.clip(self.noise, -1.0, 1.0) 90 91 self.noise = proj_lp(self.noise, xi=8/255.0, p = np.inf) 92 else: 93 outputs = self.sess.run(self.model.output, feed_dict={self.model.input:np.array([input_cv_image])}) 94 95 return input_cv_image, outputs