In [1]:
#参考https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_pytorch.py
#加上这些，如果你的python版本是python2.X，你也得按照python3.X那样使用这些函数。
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals

import logging
import numpy as np
import tensorflow as tf

from cleverhans.loss import CrossEntropy
from cleverhans.dataset import MNIST
from cleverhans.utils_tf import model_eval
from cleverhans.train import train
from cleverhans.attacks import FastGradientMethod
from cleverhans.utils import AccuracyReport, set_log_level
from cleverhans_tutorials.tutorial_models import ModelBasicCNN

In [2]:
#定义全局变量

NB_EPOCHS = 6
BATCH_SIZE = 128
LEARNING_RATE = 0.001
CLEAN_TRAIN = True
BACKPROP_THROUGH_ATTACK = False
NB_FILTERS = 64

In [3]:
def mnist_tutorial(train_start=0, train_end=60000, test_start=0,
                   test_end=10000, nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE,
                   learning_rate=LEARNING_RATE,
                   clean_train=CLEAN_TRAIN,
                   testing=False,
                   backprop_through_attack=BACKPROP_THROUGH_ATTACK,
                   nb_filters=NB_FILTERS, num_threads=None,
                   label_smoothing=0.1):

  # Object used to keep track of (and return) key accuracies
  report = AccuracyReport()

  # Set TF random seed to improve reproducibility
  tf.set_random_seed(1234)

  # Set logging level to see debug information
  set_log_level(logging.DEBUG)

  # Create TF session
  #intra_op_parallelism_threads 控制运算符op内部的并行当运算符op为单一运算符，并且内部可以实现并行时，
  #  如矩阵乘法，reduce_sum之类的操作，可以通过设置intra_op_parallelism_threads参数来并行, intra代表内部
  if num_threads:
    config_args = dict(intra_op_parallelism_threads=1)
  else:
    config_args = {}
  sess = tf.Session(config=tf.ConfigProto(**config_args))

  # Get MNIST data
  mnist = MNIST(train_start=train_start, train_end=train_end,
                test_start=test_start, test_end=test_end)
  x_train, y_train = mnist.get_set('train')
  x_test, y_test = mnist.get_set('test')

  # Use Image Parameters
  img_rows, img_cols, nchannels = x_train.shape[1:4]
  nb_classes = y_train.shape[1]

  # Define input TF placeholder
  x = tf.placeholder(tf.float32, shape=(None, img_rows, img_cols,
                                        nchannels))
  y = tf.placeholder(tf.float32, shape=(None, nb_classes))

  # Train an MNIST model
  train_params = {
      'nb_epochs': nb_epochs,
      'batch_size': batch_size,
      'learning_rate': learning_rate
  }
  eval_params = {'batch_size': batch_size}
  fgsm_params = {
      'eps': 0.3,
      'clip_min': 0.,
      'clip_max': 1.
  }
  rng = np.random.RandomState([2017, 8, 30])

  def do_eval(preds, x_set, y_set, report_key, is_adv=None):
    acc = model_eval(sess, x, y, preds, x_set, y_set, args=eval_params)
    setattr(report, report_key, acc)
    if is_adv is None:
      report_text = None
    elif is_adv:
      report_text = 'adversarial'
    else:
      report_text = 'legitimate'
    if report_text:
      print('Test accuracy on %s examples: %0.4f' % (report_text, acc))

  if clean_train:
    model = ModelBasicCNN('model1', nb_classes, nb_filters)
    preds = model.get_logits(x)
    loss = CrossEntropy(model, smoothing=label_smoothing)

    def evaluate():
      do_eval(preds, x_test, y_test, 'clean_train_clean_eval', False)

    train(sess, loss, x_train, y_train, evaluate=evaluate,
          args=train_params, rng=rng, var_list=model.get_params())

    # Calculate training error
    if testing:
      do_eval(preds, x_train, y_train, 'train_clean_train_clean_eval')

    # Initialize the Fast Gradient Sign Method (FGSM) attack object and
    # graph
    fgsm = FastGradientMethod(model, sess=sess)
    adv_x = fgsm.generate(x, **fgsm_params)
    preds_adv = model.get_logits(adv_x)

    # Evaluate the accuracy of the MNIST model on adversarial examples
    do_eval(preds_adv, x_test, y_test, 'clean_train_adv_eval', True)

    # Calculate training error
    if testing:
      do_eval(preds_adv, x_train, y_train, 'train_clean_train_adv_eval')

    print('Repeating the process, using adversarial training')

  # Create a new model and train it to be robust to FastGradientMethod
  model2 = ModelBasicCNN('model2', nb_classes, nb_filters)
  fgsm2 = FastGradientMethod(model2, sess=sess)

  def attack(x):
    return fgsm2.generate(x, **fgsm_params)

  loss2 = CrossEntropy(model2, smoothing=label_smoothing, attack=attack)
  preds2 = model2.get_logits(x)
  adv_x2 = attack(x)

  if not backprop_through_attack:
    # For the fgsm attack used in this tutorial, the attack has zero
    # gradient so enabling this flag does not change the gradient.
    # For some other attacks, enabling this flag increases the cost of
    # training, but gives the defender the ability to anticipate how
    # the atacker will change their strategy in response to updates to
    # the defender's parameters.
    adv_x2 = tf.stop_gradient(adv_x2)
  preds2_adv = model2.get_logits(adv_x2)

  def evaluate2():
    # Accuracy of adversarially trained model on legitimate test inputs
    do_eval(preds2, x_test, y_test, 'adv_train_clean_eval', False)
    # Accuracy of the adversarially trained model on adversarial examples
    do_eval(preds2_adv, x_test, y_test, 'adv_train_adv_eval', True)

  # Perform and evaluate adversarial training
  train(sess, loss2, x_train, y_train, evaluate=evaluate2,
        args=train_params, rng=rng, var_list=model2.get_params())

  # Calculate training errors
  if testing:
    do_eval(preds2, x_train, y_train, 'train_adv_train_clean_eval')
    do_eval(preds2_adv, x_train, y_train, 'train_adv_train_adv_eval')

  return report


def main(argv=None):

  mnist_tutorial(nb_epochs=NB_EPOCHS, batch_size=BATCH_SIZE,
                 learning_rate=LEARNING_RATE,
                 clean_train=CLEAN_TRAIN,
                 backprop_through_attack=BACKPROP_THROUGH_ATTACK,
                 nb_filters=NB_FILTERS)

if __name__ == '__main__':
    main()

num_devices:  1


[INFO 2018-12-03 10:54:38,576 cleverhans] Epoch 0 took 7.032440662384033 seconds


Test accuracy on legitimate examples: 0.9882


[INFO 2018-12-03 10:54:42,088 cleverhans] Epoch 1 took 3.0253713130950928 seconds


Test accuracy on legitimate examples: 0.9899


[INFO 2018-12-03 10:54:45,455 cleverhans] Epoch 2 took 2.997742176055908 seconds


Test accuracy on legitimate examples: 0.9923


[INFO 2018-12-03 10:54:48,834 cleverhans] Epoch 3 took 3.0095574855804443 seconds


Test accuracy on legitimate examples: 0.9924


[INFO 2018-12-03 10:54:52,227 cleverhans] Epoch 4 took 3.0277392864227295 seconds


Test accuracy on legitimate examples: 0.9927


[INFO 2018-12-03 10:54:55,581 cleverhans] Epoch 5 took 2.9836318492889404 seconds


Test accuracy on legitimate examples: 0.9929
Test accuracy on adversarial examples: 0.1432
Repeating the process, using adversarial training




num_devices:  1


[INFO 2018-12-03 10:55:05,318 cleverhans] Epoch 0 took 7.10737156867981 seconds


Test accuracy on legitimate examples: 0.9790
Test accuracy on adversarial examples: 0.8333


[INFO 2018-12-03 10:55:13,398 cleverhans] Epoch 1 took 6.90619683265686 seconds


Test accuracy on legitimate examples: 0.9865
Test accuracy on adversarial examples: 0.8988


[INFO 2018-12-03 10:55:21,237 cleverhans] Epoch 2 took 6.907305717468262 seconds


Test accuracy on legitimate examples: 0.9895
Test accuracy on adversarial examples: 0.9185


[INFO 2018-12-03 10:55:29,093 cleverhans] Epoch 3 took 6.93480372428894 seconds


Test accuracy on legitimate examples: 0.9901
Test accuracy on adversarial examples: 0.9344


[INFO 2018-12-03 10:55:36,936 cleverhans] Epoch 4 took 6.930524110794067 seconds


Test accuracy on legitimate examples: 0.9893
Test accuracy on adversarial examples: 0.9325


[INFO 2018-12-03 10:55:44,797 cleverhans] Epoch 5 took 6.94186544418335 seconds


Test accuracy on legitimate examples: 0.9899
Test accuracy on adversarial examples: 0.9355
