(#6) Attack: Impl. attack with defense model

betarixm · Mar 31, 2022 · 670b997 · 670b997
1 parent 92fef73
commit 670b997
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 30 deletions.
diff --git a/src/attack/models.py b/src/attack/models.py
@@ -1,37 +1,28 @@
-from typings.models import Attack, Model
-from typings.dataset import Dataset
+from typings.models import Attack
 
 from cleverhans.tf2.attacks.fast_gradient_method import fast_gradient_method
 
 from victim.models import Classifier
+from defense.models import Reformer
+
 from utils.dataset import Cifar10
 
 import numpy as np
 import tensorflow as tf
 
-
 keras = tf.keras
 
 
 class Fgsm(Attack):
-    def __init__(
-        self,
-        model: Model,
-        dataset: Dataset,
-        accuracy_normal: keras.metrics.Accuracy = tf.metrics.SparseCategoricalAccuracy(),
-        accuracy_under_attack: keras.metrics.Accuracy = tf.metrics.SparseCategoricalAccuracy(),
-    ):
-        super(Fgsm, self).__init__(
-            model, dataset, accuracy_normal, accuracy_under_attack
-        )
-
     def add_perturbation(self, x: np.array) -> np.array:
-        return fast_gradient_method(self.model.model(), x, 0.05, np.inf)
+        return fast_gradient_method(self.victim_model.model(), x, 0.05, np.inf)
 
 
 if __name__ == "__main__":
     f = Fgsm(
-        Classifier(name="victim_classifier_cifar10", input_shape=(32, 32, 3)), Cifar10()
+        Classifier(name="victim_classifier_cifar10", input_shape=(32, 32, 3)),
+        Cifar10(),
+        defense_model=Reformer("defense_reformer_cifar10", input_shape=(32, 32, 3)),
     )
-    acc_with_attack, acc = f.attack()
-    print(acc_with_attack.result(), acc.result())
+    acc, acc_under_attack, acc_with_defense = f.attack()
+    print(acc.result(), acc_under_attack.result(), acc_with_defense.result())
diff --git a/src/typings/models.py b/src/typings/models.py
@@ -1,5 +1,5 @@
 from abc import ABC, abstractmethod
-from typing import List
+from typing import List, Tuple, Optional
 from typings.dataset import Dataset
 
 import datetime
@@ -148,37 +148,51 @@ def train(self, epochs: int = 100):
 class Attack(ABC):
     def __init__(
         self,
-        model: Model,
+        victim_model: Model,
         dataset: Dataset,
+        defense_model: Model = None,
         accuracy_normal: keras.metrics.Accuracy = tf.metrics.SparseCategoricalAccuracy(),
         accuracy_under_attack: keras.metrics.Accuracy = tf.metrics.SparseCategoricalAccuracy(),
+        accuracy_with_defense: keras.metrics.Accuracy = tf.metrics.SparseCategoricalAccuracy(),
     ):
-        self.model = model
-        self.dataset = dataset
-        self.accuracy_normal = accuracy_normal
-        self.accuracy_under_attack = accuracy_under_attack
+        self.victim_model: Model = victim_model
+        self.defense_model: Model = defense_model
+        self.dataset: Dataset = dataset
+        self.accuracy_normal: tf.metrics.Accuracy = accuracy_normal
+        self.accuracy_under_attack: tf.metrics.Accuracy = accuracy_under_attack
+        self.accuracy_with_defense: tf.metrics.Accuracy = accuracy_with_defense
 
-        self.model.compile()
-        self.model.load()
+        self.victim_model.compile()
+        self.victim_model.load()
 
     @abstractmethod
     def add_perturbation(self, x: np.array) -> np.array:
         pass
 
-    def attack(self):
+    def attack(
+        self,
+    ) -> Tuple[tf.metrics.Accuracy, tf.metrics.Accuracy, Optional[tf.metrics.Accuracy]]:
         _, test = self.dataset.dataset()
 
         progress = keras.utils.Progbar(test.cardinality().numpy())
 
         for x, y in test:
             x_attack = self.add_perturbation(x)
 
-            y_attack = self.model.predict(x_attack)
-            y_normal = self.model.predict(x)
+            y_attack = self.victim_model.predict(x_attack)
+            y_normal = self.victim_model.predict(x)
 
             self.accuracy_under_attack(y, y_attack)
             self.accuracy_normal(y, y_normal)
 
+            if self.defense_model is not None:
+                self.accuracy_with_defense(
+                    y, self.victim_model.predict(self.defense_model.predict(x_attack))
+                )
             progress.add(1)
 
-        return self.accuracy_under_attack, self.accuracy_normal
+        return (
+            self.accuracy_normal,
+            self.accuracy_under_attack,
+            self.accuracy_with_defense,
+        )