import gradio as gr import numpy as np from carbon_theme import Carbon import numpy as np import torch import transformers from art.estimators.classification.hugging_face import HuggingFaceClassifierPyTorch from art.attacks.evasion import ProjectedGradientDescentPyTorch, AdversarialPatchPyTorch from art.utils import load_dataset from art.attacks.poisoning import PoisoningAttackBackdoor from art.attacks.poisoning.perturbations import insert_image device = torch.device('cuda' if torch.cuda.is_available() else 'cpu') def clf_poison_evaluate(*args): attack = args[0] model_type = args[1] target_class = args[2] data_type = args[3] print('attack', attack) print('model_type', model_type) print('data_type', data_type) print('target_class', target_class) if model_type == "Example": model = transformers.AutoModelForImageClassification.from_pretrained( 'facebook/deit-tiny-distilled-patch16-224', ignore_mismatched_sizes=True, force_download=True, num_labels=10 ) optimizer = torch.optim.Adam(model.parameters(), lr=1e-4) loss_fn = torch.nn.CrossEntropyLoss() poison_hf_model = HuggingFaceClassifierPyTorch( model=model, loss=loss_fn, optimizer=optimizer, input_shape=(3, 224, 224), nb_classes=10, clip_values=(0, 1), ) poison_hf_model.model.load_state_dict(torch.load('./state_dicts/deit_imagenette_clean_model.pt', map_location=device)) if data_type == "Example": import torchvision transform = torchvision.transforms.Compose([ torchvision.transforms.Resize((224, 224)), torchvision.transforms.ToTensor(), ]) train_dataset = torchvision.datasets.ImageFolder(root="./data/imagenette2-320/train", transform=transform) labels = np.asarray(train_dataset.targets) classes = np.unique(labels) samples_per_class = 100 x_subset = [] y_subset = [] for c in classes: indices = np.where(labels == c)[0][:samples_per_class] for i in indices: x_subset.append(train_dataset[i][0]) y_subset.append(train_dataset[i][1]) x_subset = np.stack(x_subset) y_subset = np.asarray(y_subset) label_names = [ 'fish', 'dog', 'cassette player', 'chainsaw', 'church', 'french horn', 'garbage truck', 'gas pump', 'golf ball', 'parachutte', ] if attack == "Backdoor": from PIL import Image def poison_func(x): return insert_image( x, backdoor_path='./tmp.png', channels_first=True, random=False, x_shift=0, y_shift=0, size=(32, 32), mode='RGB', blend=0.8 ) backdoor = PoisoningAttackBackdoor(poison_func) source_class = 0 target_class = label_names.index(target_class) poison_percent = 0.5 x_poison = np.copy(x_subset) y_poison = np.copy(y_subset) is_poison = np.zeros(len(x_subset)).astype(bool) indices = np.where(y_subset == source_class)[0] num_poison = int(poison_percent * len(indices)) for i in indices[:num_poison]: x_poison[i], _ = backdoor.poison(x_poison[i], []) y_poison[i] = target_class is_poison[i] = True poison_indices = np.where(is_poison)[0] print('fitting') print('x_poison', len(x_poison)) print('y_poison', len(y_poison)) poison_hf_model.fit(x_poison, y_poison, nb_epochs=2) print('finished fitting') clean_x = x_poison[~is_poison] clean_y = y_poison[~is_poison] outputs = poison_hf_model.predict(clean_x) clean_preds = np.argmax(outputs, axis=1) clean_acc = np.mean(clean_preds == clean_y) clean_out = [] for i, im in enumerate(clean_x): clean_out.append( (im.transpose(1,2,0), label_names[clean_preds[i]]) ) poison_x = x_poison[is_poison] poison_y = y_poison[is_poison] outputs = poison_hf_model.predict(poison_x) poison_preds = np.argmax(outputs, axis=1) poison_acc = np.mean(poison_preds == poison_y) poison_out = [] for i, im in enumerate(poison_x): poison_out.append( (im.transpose(1,2,0), label_names[poison_preds[i]]) ) return clean_out, poison_out, clean_acc, poison_acc _, poison_out, _, _ = clf_poison_evaluate('Backdoor', 'Example', 'dog', 'Example') print([i[1] for i in poison_out]) _, poison_out, _, _ = clf_poison_evaluate('Backdoor', 'Example', 'church', 'Example') print([i[1] for i in poison_out]) _, poison_out, _, _ = clf_poison_evaluate('Backdoor', 'Example', 'gas pump', 'Example') print([i[1] for i in poison_out]) _, poison_out, _, _ = clf_poison_evaluate('Backdoor', 'Example', 'golf ball', 'Example') print([i[1] for i in poison_out])