In [1]:
from PIL import Image
import matplotlib.pyplot as plt

import numpy as np
import tensorflow as tf
from tensorflow.keras.preprocessing import image
from tensorflow.keras.applications import InceptionV3
from tensorflow.keras.applications.inception_v3 import preprocess_input, decode_predictions

In [2]:
from adversarial_lab.core.noise_generators import AdditiveNoiseGenerator, BoundedNoiseGenerator
from adversarial_lab.attacks.whitebox import WhiteBoxMisclassification
from adversarial_lab.core.preprocessing import PreprocessingFromFunction
from adversarial_lab.utils.plotting import plot_images_and_noise

In [3]:
model = InceptionV3(weights='imagenet')

def preprocess(x, input):
    input = tf.cast(input, dtype=tf.float32)
    if len(input.shape) == 2:
        input = tf.expand_dims(input, axis=-1)
        input = tf.image.grayscale_to_rgb(input)

    elif len(input.shape) == 3 and input.shape[-1] == 1:
        input = tf.image.grayscale_to_rgb(input)

    input_tensor = tf.convert_to_tensor(input, dtype=tf.float32)
    resized_image = tf.image.resize(input_tensor, (299, 299))
    batch_image = tf.expand_dims(resized_image, axis=0)
    return preprocess_input(batch_image)

pp = PreprocessingFromFunction.create(preprocess)

In [None]:
image = Image.open('data/panda.jpg')
image_array = np.array(image)

np.argmax(model.predict(pp.preprocess(image_array)), axis=1)

In [5]:
bbgen = BoundedNoiseGenerator(framework='tf', use_constraints=True, epsilon=0.02, strict=False)
bbgen.set_bounds(pp.preprocess(image_array), [(0, 0, 0, 128, 128, 3), (50, 50, 0, 128, 128, 3)])

In [6]:
attacker = WhiteBoxMisclassification(model, "cce", "adam", preprocessing=pp, noise_generator=bbgen)

In [None]:
noise = attacker.attack(image_array, epochs=100, strategy="random", verbose=3)

In [None]:
plot_images_and_noise(pp.preprocess(image_array), noise)