DeepRobust- Pytorch Library for adversarial attack and defense in deep learning

栏目: IT技术 · 发布时间: 4年前

内容简介:DeepRobust is a pytorch adversarial library for attack and defense methods on images and graphs. List of including algorithms can be found inEnvironment & InstallationUsage

DeepRobust

DeepRobust is a pytorch adversarial library for attack and defense methods on images and graphs. List of including algorithms can be found in [Image Package] and [Graph Package] .

Environment & Installation

Usage

  • Image Attack and Defense

  • Graph Attack and Defense

For more details about attacks and defenses, you can read the following papers.

Adversarial Attacks and Defenses on Graphs: A Review and Empirical Study

Adversarial Attacks and Defenses in Images, Graphs and Text: A Review

Baisc Environment

python >= 3.6
pytorch >= 1.2.0

see setup.py or requirements.txt for more information.

Installation

git clone https://github.com/DSE-MSU/DeepRobust.git
cd DeepRobust
python setup.py install

Test Examples

python examples/graph/test_gcn_jaccard.py --dataset cora
python examples/image/evaluation_attack

Usage

Image Attack and Defense

  1. Train model

    Example: Train a simple CNN model on MNIST dataset for 20 epoch on gpu.

    import deeprobust.image.netmodels.train_model as trainmodel
    trainmodel.train('CNN', 'MNIST', 'cuda', 20)

    Model would be saved in deeprobust/trained_models/.

  2. Instantiated attack methods and defense methods.

    Example: Generate adversary example with PGD attack.

    from deeprobust.image.attack.pgd import PGD
    from deeprobust.image.config import attack_params
    import deeprobust.image.netmodels.resnet as resnet
    
    model = resnet.ResNet18().to('cuda')
    model.load_state_dict(torch.load("./trained_models/CIFAR10_ResNet18_epoch_50.pt"))
    model.eval()
    
    transform_val = transforms.Compose([transforms.ToTensor()])
    test_loader  = torch.utils.data.DataLoader(
                    datasets.CIFAR10('deeprobust/image/data', train = False, download=True,
                    transform = transform_val),
                    batch_size = 10, shuffle=True)
    
    x, y = next(iter(test_loader))
    x = x.to('cuda').float()
    
    adversary = PGD(model, device)
    Adv_img = adversary.generate(x, y, **attack_params['PGD_CIFAR10'])

    Example: Train defense model.

    from deeprobust.image.defense.pgdtraining import PGDtraining
    from deeprobust.image.config import defense_params
    from deeprobust.image.netmodels.CNN import Net
    import torch
    from torchvision import datasets, transforms 
    
    model = Net()
    train_loader = torch.utils.data.DataLoader(
                    datasets.MNIST('deeprobust/image/defense/data', train=True, download=True,
                                    transform=transforms.Compose([transforms.ToTensor()])),
                                    batch_size=100,shuffle=True)
    
    test_loader = torch.utils.data.DataLoader(
                  datasets.MNIST('deeprobust/image/defense/data', train=False,
                                transform=transforms.Compose([transforms.ToTensor()])),
                                batch_size=1000,shuffle=True)
    
    defense = PGDtraining(model, 'cuda')
    defense.generate(train_loader, test_loader, **defense_params["PGDtraining_MNIST"])

    More example code can be found in deeprobust/examples.

  3. Use our evulation program to test attack algorithm against defense.

    Example:

    python -m deeprobust.image.evaluation_attack

Graph Attack and Defense

Attacking Graph Neural Networks

  1. Load dataset

    import torch
    import numpy as np
    from deeprobust.graph.data import Dataset
    from deeprobust.graph.defense import GCN
    from deeprobust.graph.global_attack import Metattack
    
    data = Dataset(root='/tmp/', name='cora', setting='nettack')
    adj, features, labels = data.adj, data.features, data.labels
    idx_train, idx_val, idx_test = data.idx_train, data.idx_val, data.idx_test
    idx_unlabeled = np.union1d(idx_val, idx_test)
  2. Set up surrogate model

    device = torch.device("cuda:0" if torch.cuda.is_available() else "cpu")
    surrogate = GCN(nfeat=features.shape[1], nclass=labels.max().item()+1, nhid=16,
                    with_relu=False, device=device)
    surrogate = surrogate.to(device)
    surrogate.fit(features, adj, labels, idx_train)
  3. Set up attack model and generate perturbations

    model = Metattack(model=surrogate, nnodes=adj.shape[0], feature_shape=features.shape, device=device)
    model = model.to(device)
    perturbations = int(0.05 * (adj.sum() // 2))
    model.attack(features, adj, labels, idx_train, idx_unlabeled, perturbations, ll_constraint=False)
    modified_adj = model.modified_adj

For more details please refer to mettack.py or run python examples/graph/test_mettack.py --dataset cora --ptb_rate 0.05

Defending Against Graph Attacks

  1. Load dataset
    import torch
    from deeprobust.graph.data import Dataset, PtbDataset
    from deeprobust.graph.defense import GCN, GCNJaccard
    import numpy as np
    np.random.seed(15)
    
    # load clean graph
    data = Dataset(root='/tmp/', name='cora', setting='nettack')
    adj, features, labels = data.adj, data.features, data.labels
    idx_train, idx_val, idx_test = data.idx_train, data.idx_val, data.idx_test
    
    # load pre-attacked graph by mettack
    perturbed_data = PtbDataset(root='/tmp/', name='cora')
    perturbed_adj = perturbed_data.adj
  2. Test
    # Set up defense model and test performance
    device = torch.device("cuda:0" if torch.cuda.is_available() else "cpu")
    model = GCNJaccard(nfeat=features.shape[1], nclass=labels.max()+1, nhid=16, device=device)
    model = model.to(device)
    model.fit(features, perturbed_adj, labels, idx_train)
    model.eval()
    output = model.test(idx_test)
    
    # Test on GCN
    model = GCN(nfeat=features.shape[1], nclass=labels.max()+1, nhid=16, device=device)
    model = model.to(device)
    model.fit(features, perturbed_adj, labels, idx_train)
    model.eval()
    output = model.test(idx_test)

For more details please refer to test_gcn_jaccard.py or run python examples/graph/test_gcn_jaccard.py --dataset cora

Acknowledgement

Some of the algorithms are refer to paper authors' implementations. References can be found at the top of the file. Thanks to their outstanding works!


以上所述就是小编给大家介绍的《DeepRobust- Pytorch Library for adversarial attack and defense in deep learning》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

计算机程序设计艺术(第3卷)

计算机程序设计艺术(第3卷)

Donald E.Knuth / 苏运霖 / 国防工业出版社 / 2002-9 / 98.00元

第3卷的头一次修订对经典计算机排序和查找技术做了最全面的考察。它扩充了第1卷对数据结构的处理,以将大小数据库和内外存储器一并考虑;遴选了精心核验的计算机方法,并对其效率做了定量分析。第3卷的突出特点是对“最优排序”一节的修订和对排列论与通用散列法的讨论。一起来看看 《计算机程序设计艺术(第3卷)》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

HEX HSV 转换工具
HEX HSV 转换工具

HEX HSV 互换工具