-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPGD.py
46 lines (38 loc) · 1.72 KB
/
PGD.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import cv2
import numpy as np
from art.attacks.evasion import ProjectedGradientDescent
from helpers import create_tf_hub_classifier
def apply_pgd_with_upsized_delta(original_image, eps=0.06, eps_step=0.01, max_iter=10, target_label=964):
"""
Computes adversarial delta at 224x224, then upsizes the delta and applies
it to the original, preserving more detail than doing a full down->up.
"""
print("PGD with upsampled delta to preserve detail.")
#convert original to float in [0,1], but keep a copy for final blending
orig_h, orig_w, _ = original_image.shape
x_orig_float = original_image.astype(np.float32) / 255.0
# downsize to 224×224 for model
small_img = cv2.resize(original_image, (224, 224), interpolation=cv2.INTER_LINEAR)
x_small = small_img.astype(np.float32)[None] / 255.0 # shape (1,224,224,3)
classifier = create_tf_hub_classifier()
#target prep
num_classes = classifier.nb_classes
y_target = np.zeros((1, num_classes), dtype=np.float32)
y_target[0, target_label] = 1.0
# run PGD on the small version
attack = ProjectedGradientDescent(
estimator=classifier,
eps=eps,
eps_step=eps_step,
max_iter=max_iter,
targeted=True,
num_random_init=8
)
x_adv_small = attack.generate(x=x_small, y=y_target)# shape (1,224,224,3) in [0,1]
# upsize delta to original shape
delta_small = x_adv_small - x_small # shape (1,224,224,3)
delta_big = cv2.resize(delta_small[0], (orig_w, orig_h), interpolation=cv2.INTER_CUBIC)
delta_big = np.clip(delta_big, -eps, eps)
x_orig_adv = np.clip(x_orig_float + delta_big, 0, 1)
x_orig_adv = (x_orig_adv * 255.0).astype(np.uint8)
return x_orig_adv