hummingbird
/
mindarmour
Not watched
2
0
Fork 0
Code
Releases 17 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
616 Commits
18 Branches
193 MB
600 Download
Tree: 5b6fdaa9ab
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5b6fdaa9ab'
${ noResults }
mindarmour/examples/face_adversarial_attack/example/AFR.py

AFR.py 9.2 kB
Raw Normal View History

update
3 years ago
update examples/face_adversarial_attack/example/AFR.py. 修改了命名错误;包的顺序。 Signed-off-by: 君君臣臣君 <mingjun@isrc.iscas.ac.cn>
3 years ago
update
3 years ago
update examples/face_adversarial_attack/example/AFR.py. 修改了命名错误;包的顺序。 Signed-off-by: 君君臣臣君 <mingjun@isrc.iscas.ac.cn>
3 years ago
update
3 years ago
update examples/face_adversarial_attack/example/AFR.py. 修改了命名错误;包的顺序。 Signed-off-by: 君君臣臣君 <mingjun@isrc.iscas.ac.cn>
3 years ago
update
3 years ago
update examples/face_adversarial_attack/example/AFR.py. 修改了命名错误;包的顺序。 Signed-off-by: 君君臣臣君 <mingjun@isrc.iscas.ac.cn>
3 years ago
update
3 years ago
update examples/face_adversarial_attack/example/AFR.py. 修改了命名错误;包的顺序。 Signed-off-by: 君君臣臣君 <mingjun@isrc.iscas.ac.cn>
3 years ago
update
3 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 
  1. # Copyright 2022 Huawei Technologies Co., Ltd

  2. #

  3. # Licensed under the Apache License, Version 2.0 (the "License");

  4. # you may not use this file except in compliance with the License.

  5. # You may obtain a copy of the License at

  6. #

  7. # http://www.apache.org/licenses/LICENSE-2.0

  8. #

  9. # Unless required by applicable law or agreed to in writing, software

  10. # distributed under the License is distributed on an "AS IS" BASIS,

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. # See the License for the specific language governing permissions and

  13. # limitations under the License.

  14. # ============================================================================

  15. import os

  16. import re

  17. import numpy as np

  18. import mindspore

  19. import mindspore.dataset.vision.py_transforms as P

  20. from mindspore.dataset.vision.py_transforms import ToPIL as ToPILImage

  21. from mindspore import Parameter, ops, nn, Tensor

  22. from mindspore.dataset.vision.py_transforms import ToTensor

  23. import dlib

  24. import matplotlib.image as mp

  25. import face_recognition as fr

  26. import face_recognition_models as frm

  27. from PIL import Image, ImageDraw

  28. from loss_design import MyTrainOneStepCell, MyWithLossCell, FaceLossTargetAttack, FaceLossNoTargetAttack

  29. from FaceRecognition.eval import get_net

  30. 

  31. class FaceAdversarialAttack(object):

  32.     """

  33.     Class used to create adversarial facial recognition attacks

  34.     """

  35. 

  36.     def __init__(self, input_img, target_img, seed=None):

  37.         """

  38.         Initialization for Attack class.

  39. 

  40.         Args:

  41.             input_img : Image to train on.

  42.             target_img : Image to target the adversarial attack against.

  43.             seed : optional Sets custom seed for reproducability. Default is generated randomly.

  44. 

  45.         """

  46. 

  47.         if (seed is not None): np.random.seed(seed)

  48.         self.MEAN = Tensor([0.485, 0.456, 0.406])

  49.         self.STD = Tensor([0.229, 0.224, 0.225])

  50.         self.LOSS = Tensor(0)

  51.         self.expand_dims = mindspore.ops.ExpandDims()

  52.         self.imageize = ToPILImage()

  53.         self.tensorize = ToTensor()

  54.         self.normalize = P.Normalize(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225])

  55.         self.resnet = get_net()

  56.         self.input_tensor = Tensor(self.normalize(self.tensorize(input_img)))

  57.         self.target_tensor = Tensor(self.normalize(self.tensorize(target_img)))

  58.         mp.imsave('./outputs/input图像.jpg', np.transpose(self._reverse_norm(self.input_tensor).asnumpy(), (1, 2, 0)))

  59.         mp.imsave('./outputs/target图像.jpg',

  60.                   np.transpose(self._reverse_norm(self.target_tensor).asnumpy(), (1, 2, 0)))

  61. 

  62. 

  63.         self.input_emb = self.resnet(self.expand_dims(self.input_tensor, 0))

  64.         self.target_emb = self.resnet(self.expand_dims(self.target_tensor, 0))

  65.         self.adversarial_emb = None

  66.         self.mask_tensor = self._create_mask(input_img)

  67.         self.ref = self.mask_tensor

  68.         self.pm = Parameter(self.mask_tensor)

  69.         self.opt = nn.Adam([self.pm], learning_rate=0.01, weight_decay=0.0001)

  70. 

  71. 

  72. 

  73.     def train(self, attack_method):

  74.         """

  75.         Optimized adversarial image.

  76.         """

  77. 

  78.         if attack_method == "non-target attack":

  79.             LOSS = FaceLossNoTargetAttack(self.target_emb)

  80.         if attack_method == "target_attack":

  81.             LOSS = FaceLossTargetAttack(self.target_emb)

  82. 

  83.         net_with_criterion = MyWithLossCell(self.resnet, LOSS, self.input_tensor)

  84.         train_net = MyTrainOneStepCell(net_with_criterion, self.opt)

  85. 

  86.         for i in range(2000):

  87. 

  88.             self.mask_tensor = Tensor(self.pm)

  89. 

  90.             grads, loss = train_net(self.mask_tensor)

  91. 

  92.             print("epoch %d ,loss: %f \n " % (i, loss.asnumpy().item()))

  93. 

  94.             self.mask_tensor = ops.clip_by_value(

  95.                 self.mask_tensor, Tensor(0, mindspore.float32), Tensor(1, mindspore.float32))

  96. 

  97.         adversarial_tensor = self._apply(

  98.             self.input_tensor,

  99.             (self.mask_tensor - self.MEAN[:, None, None]) / self.STD[:, None, None],

  100.             self.ref)

  101. 

  102.         adversarial_tensor = self._reverse_norm(adversarial_tensor)

  103. 

  104.         return adversarial_tensor, self.mask_tensor

  105. 

  106.     def test(self):

  107.         """

  108.         Test the recognition of adversarial images by the model.

  109.         """

  110. 

  111.         adversarial_tensor = self._apply(

  112.             self.input_tensor,

  113.             (self.mask_tensor - self.MEAN[:, None, None] )/ self.STD[:, None, None],

  114.             self.ref)

  115. 

  116.         self.adversarial_emb = self.resnet(self.expand_dims(adversarial_tensor, 0))

  117.         self.input_emb = self.resnet(self.expand_dims(self.input_tensor, 0))

  118.         self.target_emb = self.resnet(self.expand_dims(self.target_tensor, 0))

  119. 

  120.         adversarial = np.argmax(self.adversarial_emb.asnumpy())

  121.         target = np.argmax(self.target_emb.asnumpy())

  122.         input = np.argmax(self.input_emb.asnumpy())

  123. 

  124.         print("input:", input)

  125.         print("input_confidence:", self.input_emb.asnumpy()[0][input])

  126.         print("================================")

  127.         print("adversarial:", adversarial)

  128.         print("adversarial_confidence:", self.adversarial_emb.asnumpy()[0][adversarial])

  129.         print("Confidence changes for target:", self.adversarial_emb.asnumpy()[0][target])

  130.         print("Confidence changes for input:", self.adversarial_emb.asnumpy()[0][input])

  131.         print("================================")

  132.         print("target:", target)

  133.         print("target_confidence:", self.target_emb.asnumpy()[0][target])

  134.         print("input: %d, target: %d, adversarial: %d" % (input, target, adversarial))

  135. 

  136. 

  137.     def _reverse_norm(self, image_tensor):

  138.         """

  139.         Reverses normalization for a given image_tensor

  140. 

  141.         Args:

  142.             image_tensor : Tensor

  143. 

  144.         Returns:

  145.             Tensor

  146.         """

  147.         tensor = image_tensor * self.STD[:, None, None] + self.MEAN[:, None, None]

  148. 

  149.         return tensor

  150. 

  151.     def _apply(self,

  152.                image_tensor,

  153.                mask_tensor,

  154.                reference_tensor

  155.                ):

  156.         """

  157.         Apply a mask over an image.

  158. 

  159.         Args:

  160.             image_tensor : Canvas to be used to apply mask on.

  161.             mask_tensor : Mask to apply over the image.

  162.             reference_tensor : Used to reference mask boundaries

  163. 

  164.         Returns:

  165.             Tensor

  166.         """

  167.         tensor = mindspore.numpy.where((reference_tensor == 0), image_tensor, mask_tensor)

  168. 

  169.         return tensor

  170. 

  171.     def _create_mask(self, face_image):

  172.         """

  173.         Create mask image.

  174. 

  175.         Args:

  176.             face_image : image of a detected face.

  177. 

  178.         Returns:

  179.             mask_tensor : A mask image.

  180.         """

  181. 

  182.         mask = Image.new('RGB', face_image.size, color=(0, 0, 0))

  183.         d = ImageDraw.Draw(mask)

  184.         landmarks = fr.face_landmarks(np.array(face_image))

  185.         area = [landmark

  186.                 for landmark in landmarks[0]['chin']

  187.                 if landmark[1] > max(landmarks[0]['nose_tip'])[1]]

  188.         area.append(landmarks[0]['nose_bridge'][1])

  189.         d.polygon(area, fill=(255, 255, 255))

  190.         mask_array = np.array(mask)

  191.         mask_array = mask_array.astype(np.float32)

  192. 

  193.         for i in range(mask_array.shape[0]):

  194. 

  195.             for j in range(mask_array.shape[1]):

  196. 

  197.                 for k in range(mask_array.shape[2]):

  198. 

  199.                     if mask_array[i][j][k] == 255.:

  200.                         mask_array[i][j][k] = 0.5

  201.                     else:

  202.                         mask_array[i][j][k] = 0

  203. 

  204.         mask_tensor = Tensor(mask_array)

  205.         mask_tensor = mask_tensor.swapaxes(0, 2).swapaxes(1, 2)

  206.         mask_tensor.requires_grad = True

  207.         return mask_tensor

  208. 

  209.     def _reverse_norm(self, image_tensor):

  210.         """

  211.         Reverses normalization for a given image_tensor.

  212. 

  213.         Args:

  214.             image_tensor : Tensor.

  215. 

  216.         Returns:

  217.             Tensor.

  218.         """

  219.         tensor = image_tensor * self.STD[:, None, None] + self.MEAN[:, None, None]

  220.         return tensor

  221. 

  222. 

  223. def detect_face(image_loc):

  224.     """

  225.     Helper function to run the facial detection and alignment process using

  226.     dlib.  Detects a given face and aligns it using dlib's 5 point landmark

  227.     detector.

  228. 

  229.      Args:

  230.         image_loc : image file location.

  231. 

  232.      Returns:

  233.         face_image : Resized face image.

  234. 

  235.      """

  236. 

  237.     detector = dlib.get_frontal_face_detector()

  238.     shape_predictor = dlib.shape_predictor(frm.pose_predictor_model_location())

  239.     image = dlib.load_rgb_image(image_loc)

  240.     dets = detector(image, 1)

  241. 

  242.     faces = dlib.full_object_detections()

  243.     for detection in dets:

  244.         faces.append(shape_predictor(image, detection))

  245.     face_image = Image.fromarray(dlib.get_face_chip(image, faces[0], size=112))

  246. 

  247.     return face_image

  248. 

  249. 

  250. def load_data(path_to_data):

  251.     """

  252.     Helper function for loading image data.  Allows user to load the input, target,

  253.     and test images.

  254. 

  255.     Args:

  256.         path_to_data : Path to the given data.

  257. 

  258.     Returns:

  259.         list : List of resized face images.

  260.     """

  261.     img_files = [f for f in os.listdir(path_to_data) if re.search(r'.*\.(jpe?g|png)', f)]

  262.     img_files_locs = [os.path.join(path_to_data, f) for f in img_files]

  263. 

  264.     image_list = []

  265. 

  266.     for loc in img_files_locs:

  267.         image_list.append(detect_face(loc))

  268. 

  269.     return image_list

  270.

MindArmour关注AI的安全和隐私问题。致力于增强模型的安全可信、保护用户的数据隐私。主要包含3个模块:对抗样本鲁棒性模块、Fuzz Testing模块、隐私保护与评估模块。 对抗样本鲁棒性模块 对抗样本鲁棒性模块用于评估模型对于对抗样本的鲁棒性,并提供模型增强方法用于增强模型抗对抗样本攻击的能力,提升模型鲁棒性。对抗样本鲁棒性模块包含了4个子模块:对抗样本的生成、对抗样本的检测、模型防御、攻防评估。