In [1]:
import xgboost as xgb
import numpy as np

from art.defences.trainer import AdversarialTrainer
from art.attacks.evasion import ZooAttack
from art.estimators.classification import XGBoostClassifier
from art.utils import load_mnist

In [2]:
# MNIST 데이터를 불러온 후 train, test 셋으로 나눠준다

(x_train, y_train), (x_test, y_test), min_pixel_value, max_pixel_value = load_mnist()

In [3]:
# 위에서 불러온 데이터를 전처리한다

x_test = x_test[0:5]
y_test = y_test[0:5]

nb_samples_train = x_train.shape[0]
nb_samples_test = x_test.shape[0]
x_train = x_train.reshape((nb_samples_train, 28 * 28))
x_test = x_test.reshape((nb_samples_test, 28 * 28))

In [4]:
# XGboost 모델을 생성하고 학습을 진행한다

params = {"objective": "multi:softprob", "metric": "accuracy", "num_class": 10}
dtrain = xgb.DMatrix(x_train, label=np.argmax(y_train, axis=1))
dtest = xgb.DMatrix(x_test, label=np.argmax(y_test, axis=1))
evals = [(dtest, "test"), (dtrain, "train")]
model = xgb.train(params=params, dtrain=dtrain, num_boost_round=2, evals=evals)

Parameters: { metric } might not be used.

  This may not be accurate due to some parameters are only used in language bindings but
  passed down to XGBoost core.  Or some parameters are not used but slip through this
  verification. Please open an issue if you find above cases.


[0]	test-merror:0.00000	train-merror:0.13210
[1]	test-merror:0.00000	train-merror:0.09192


In [5]:
# ART에서 제공하는 XGboost Classifier를 선언해준다

classifier = XGBoostClassifier(
    model=model, clip_values=(min_pixel_value, max_pixel_value), nb_features=28 * 28, nb_classes=10
)

In [6]:
# 위에서 선언한 Classifier를 이용하여 예측 정도를 확인한다

predictions = classifier.predict(x_test)
accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on benign test examples: {}%".format(accuracy * 100))

Accuracy on benign test examples: 100.0%


In [7]:
# ART 에서 제공하는 ZOO attack을 선언한다
attack = ZooAttack(
    classifier=classifier,
    confidence=0.0,
    targeted=False,
    learning_rate=1e-1,
    max_iter=200,
    binary_search_steps=10,
    initial_const=1e-3,
    abort_early=True,
    use_resize=False,
    use_importance=False,
    nb_parallel=5,
    batch_size=1,
    variable_h=0.01,
)

# 위에서 생성한 attack 을 통해 데이터를 공격한다

x_test_adv = attack.generate(x=x_test, y=y_test)

ZOO:   0%|          | 0/5 [00:00<?, ?it/s]

In [8]:
# 공격된 데이터를 이용하여 예측 정도를 확인한다

predictions = classifier.predict(x_test_adv)
accuracy = np.sum(np.argmax(predictions, axis=1) == np.argmax(y_test, axis=1)) / len(y_test)
print("Accuracy on adversarial test examples: {}%".format(accuracy * 100))

Accuracy on adversarial test examples: 0.0%


In [12]:
# ART 에서 제공되는 Adversarial Trainer 선언한다

trainer = AdversarialTrainer(
    classifier,
    attack,
    ratio=1.0
)

In [13]:
# 위에서 선언한 Trainer도 같은 데이터 셋을 이용하여 학습시켜준다.

trainer.fit(x_train, y_train, batch_size=32, nb_epochs=3)

Precompute adv samples:   0%|          | 0/1 [00:00<?, ?it/s]

Adversarial training epochs:   0%|          | 0/3 [00:00<?, ?it/s]

NotImplementedError: 

In [None]:
# ART에서 제공하는 AdversarialTrainer는 
# XGboost를 제공하지 않는다