├── CONTACT.md
├── Comparison of Attack Images
├── .idea
│ ├── Q2_compare_MR_Lp.iml
│ ├── inspectionProfiles
│ │ └── profiles_settings.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── workspace.xml
├── README.md
├── attack.py
├── attack_evaluate.py
├── compare_result.txt
├── criteria.py
├── data
│ └── use_to_upload_empty_floder.txt
├── deephunter_attack.py
├── mutators.py
├── test_example.sh
└── util.py
├── Correlation
├── .idea
│ ├── Figure 4 and figure 8.iml
│ ├── inspectionProfiles
│ │ └── profiles_settings.xml
│ ├── misc.xml
│ ├── modules.xml
│ └── workspace.xml
├── ALL_ALL.eps
├── README.md
├── adv_train_example.py
├── attack.py
├── attack_evaluate.py
├── attack_evaluate_cifar.py
├── correlation.py
├── correlation.xlsx
├── correlation_sadl.py
├── cov_ALL_ALL.eps
├── coverage.py
├── coverage_cifar.py
├── data
│ ├── cifar_data
│ │ └── model
│ │ │ └── use_to_upload_empty_floder.txt
│ ├── mnist_data
│ │ └── model
│ │ │ └── use_to_upload_empty_floder.txt
│ └── svhn_data
│ │ └── model
│ │ └── use_to_upload_empty_floder.txt
├── hotpicture.py
├── inner_correlation.py
├── inner_hotpicture.py
├── models.py
├── other_models_for_svhn.py
├── result_mnist
│ ├── attack_evaluate_result.txt
│ └── coverage_result.txt
├── result_svhn
│ ├── attack_evaluate_result.txt
│ └── coverage_result.txt
├── results_cifar
│ ├── attack_evaluate_result.txt
│ └── coverage_result.txt
├── test_example.sh
├── tmp
│ └── image
│ │ └── use_to_upload_empty_floder.txt
└── util.py
├── Coverage VS. # Adv Examples
├── Q2_original
│ ├── cov_kmnc.npy
│ ├── cov_kmncl.npy
│ ├── cov_nbc.npy
│ ├── cov_nc1.npy
│ ├── cov_nc2.npy
│ ├── cov_snac.npy
│ ├── cov_tknc.npy
│ ├── cov_tknp.npy
│ ├── tknp_all.npy
│ └── xlabel.npy
├── README.md
├── coverage_curve.py
├── coverage_result.txt
├── figure 6.xlsx
├── figure 7.xlsx
├── testing_coverage_result.txt
├── tknp_testing.py
└── util.py
├── Coverage and Robustness VS. Training Datasets
├── .idea
│ ├── inspectionProfiles
│ │ └── profiles_settings.xml
│ ├── misc.xml
│ ├── modules.xml
│ ├── new_criteria.iml
│ └── workspace.xml
├── Figure 2 and figure 3.xlsx
├── README.md
├── attack_evaluate_result.txt
├── compare_coverage.py
├── coverage_result.txt
├── exchange_testing_dataset.py
├── fuzzing.py
├── fuzzing
│ ├── index.npy
│ ├── nc_index_0.npy
│ ├── nc_index_1.npy
│ ├── nc_index_2.npy
│ ├── nc_index_3.npy
│ ├── nc_index_4.npy
│ ├── nc_index_5.npy
│ ├── nc_index_6.npy
│ ├── nc_index_7.npy
│ ├── nc_index_8.npy
│ ├── nc_index_9.npy
│ ├── nc_index_test_0.npy
│ └── nc_index_test_1.npy
├── fuzzing_testset.py
├── mutators.py
├── new_model
│ └── mnist
│ │ ├── model_0.h5
│ │ ├── model_1.h5
│ │ ├── model_2.h5
│ │ ├── model_3.h5
│ │ ├── model_4.h5
│ │ ├── model_5.h5
│ │ ├── model_6.h5
│ │ ├── model_7.h5
│ │ ├── model_8.h5
│ │ └── model_9.h5
├── retrain_robustness.py
├── robustness.py
├── tmp
│ └── image
│ │ └── use_to_upload_empty_floder.txt
├── util.py
└── x_test_new.npy
├── LICENSE.md
├── Model Accuracy under Different Scenarios
├── .idea
│ ├── inspectionProfiles
│ │ └── profiles_settings.xml
│ ├── misc.xml
│ ├── modules.xml
│ ├── new_criteria.iml
│ └── workspace.xml
├── README.md
├── all.py
├── data
│ └── use_to_upload_empty_floder.txt
├── deephunter_attack.py
├── fuzzing.py
├── fuzzing
│ └── use_to_upload_empty_floder.txt
├── mutators.py
├── new_model
│ └── use_to_upload_empty_floder.txt
├── pgd_attack.py
├── result.txt
├── retrain_robustness.py
├── test_example.sh
├── tmp
│ └── image
│ │ └── use_to_upload_empty_floder.txt
└── util.py
├── README.md
├── data
└── use_to_upload_empty_floder.txt
├── index.md
└── requirements.txt
/CONTACT.md:
--------------------------------------------------------------------------------
1 | Author: Shenao Yan (corresponding author)
2 |
3 | email: shenao.yan@rutgers.edu
4 |
5 | github ids: DNNTesting (https://github.com/DNNTesting) and Jethro85 (https://github.com/Jethro85)
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/.idea/Q2_compare_MR_Lp.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/README.md:
--------------------------------------------------------------------------------
1 | # Comparison of Attack Images (Table 2)
2 |
3 | ---
4 | ## Quick Start Based on Our Data:
5 |
6 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
7 |
8 | 2. We have put [commands](https://github.com/DNNTesting/CovTesting/blob/d462c59c1cbc00c2add20ee0eaf7a9966859788b/Table%202/test_example.sh#L32-L41) in 'test_example.sh' script for reference. Please run the following commands to get the comparison results of different models:
9 |
10 | ```python
11 | python criteria.py -dataset mnist -model lenet1
12 | python criteria.py -dataset mnist -model lenet4
13 | python criteria.py -dataset mnist -model lenet5
14 |
15 | python criteria.py -dataset cifar -model vgg16
16 | python criteria.py -dataset cifar -model resnet20
17 |
18 | python criteria.py -dataset svhn -model svhn_model
19 | python criteria.py -dataset svhn -model svhn_first
20 | python criteria.py -dataset svhn -model svhn_second
21 | ```
22 |
23 | The results will be stored in 'compare_result.txt'.
24 |
25 | (We only keep the original Images dataset for CIFAR and SVHN models. We re-attack the MNIST models and use the newly generated dataset to do testing. So the results of MNIST is slightly different from those shown in our paper. But as you can see, the difference is acceptable and it will not affect our conclusion.)
26 |
27 |
28 |
29 | ## Experiment on Your Own Data:
30 |
31 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
32 |
33 |
34 |
35 | We also provide 'test_example.sh' script as next several steps' reference.
36 |
37 | 2. PGD attack the dataset:
38 |
39 | Please run the following commands to implement the PGD attack for different models:
40 |
41 | ```python
42 | python attack.py -dataset mnist -model lenet1 -attack PGD -batch_size 128
43 | python attack.py -dataset mnist -model lenet4 -attack PGD -batch_size 128
44 | python attack.py -dataset mnist -model lenet5 -attack PGD -batch_size 128
45 |
46 | python attack.py -dataset cifar -model vgg16 -attack PGD -batch_size 128
47 | python attack.py -dataset cifar -model resnet20 -attack PGD -batch_size 128
48 |
49 | python attack.py -dataset svhn -model svhn_model -attack PGD -batch_size 128
50 | python attack.py -dataset svhn -model svhn_first -attack PGD -batch_size 128
51 | python attack.py -dataset svhn -model svhn_second -attack PGD -batch_size 128
52 | ```
53 |
54 | Attacked dataset will be stored as ('./data/' + args.dataset + '_data/model/' + args.model + _PGD.npy').
55 |
56 | 3. Use DeepHunter to generate test cases:
57 | Please run the following commands to use DeepHunter to generate the test cases for different models.
58 |
59 | ```python
60 | python deephunter_attack.py -dataset mnist -model lenet1
61 | python deephunter_attack.py -dataset mnist -model lenet4
62 | python deephunter_attack.py -dataset mnist -model lenet5
63 |
64 | python deephunter_attack.py -dataset cifar -model vgg16
65 | python deephunter_attack.py -dataset cifar -model resnet20
66 |
67 | python deephunter_attack.py -dataset svhn -model svhn_model
68 | python deephunter_attack.py -dataset svhn -model svhn_first
69 | python deephunter_attack.py -dataset svhn -model svhn_second
70 | ```
71 |
72 | 4. Compare DH and DP:
73 |
74 | Please run the following commands to compare DH and DP for different models.
75 |
76 | ```python
77 | python criteria.py -dataset mnist -model lenet1
78 | python criteria.py -dataset mnist -model lenet4
79 | python criteria.py -dataset mnist -model lenet5
80 |
81 | python criteria.py -dataset cifar -model vgg16
82 | python criteria.py -dataset cifar -model resnet20
83 |
84 | python criteria.py -dataset svhn -model svhn_model
85 | python criteria.py -dataset svhn -model svhn_first
86 | python criteria.py -dataset svhn -model svhn_second
87 | ```
88 |
89 | The results will be stored in 'compare_result.txt'.
90 |
91 |
92 |
93 |
94 |
95 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/attack.py:
--------------------------------------------------------------------------------
1 | from __future__ import absolute_import
2 | from __future__ import division
3 | from __future__ import print_function
4 | from __future__ import unicode_literals
5 |
6 | from cleverhans.utils_keras import KerasModelWrapper
7 | from cleverhans.attacks import CarliniWagnerL2
8 | from cleverhans.attacks import SaliencyMapMethod
9 | from cleverhans.attacks import FastGradientMethod
10 | from cleverhans.attacks import BasicIterativeMethod
11 | from cleverhans.attacks import ProjectedGradientDescent
12 |
13 | import tensorflow as tf
14 | import os
15 |
16 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
17 |
18 | ####for solving some specific problems, don't care
19 | config = tf.ConfigProto()
20 | config.gpu_options.allow_growth = True
21 | sess = tf.Session(config=config)
22 |
23 | import keras
24 | from keras import backend as K
25 | import numpy as np
26 | import time
27 | import sys
28 | import argparse
29 |
30 |
31 | # def JSMA(model, x, y):
32 | # sess = K.get_session()
33 | # model_wrap = KerasModelWrapper(model)
34 | # jsma = SaliencyMapMethod(model_wrap, sess=sess)
35 | # jsma_params = {'theta':1., 'gamma': 0.1, 'clip_min':0., 'clip_max':1.}
36 | # adv = jsma.generate_np(x, **jsma_params)
37 | # return adv
38 | #
39 | #
40 | # def FGSM(model, x, y):
41 | # sess = K.get_session()
42 | # model_wrap = KerasModelWrapper(model)
43 | # fgsm = FastGradientMethod(model_wrap, sess=sess)
44 | # fgsm_params={'y':y, 'eps':0.2, 'clip_min':0., 'clip_max': 1.}
45 | # adv = fgsm.generate_np(x, **fgsm_params)
46 | # return adv
47 | #
48 | #
49 | # def BIM(model, x, y):
50 | # sess = K.get_session()
51 | # model_wrap = KerasModelWrapper(model)
52 | # bim = BasicIterativeMethod(model_wrap, sess=sess)
53 | # bim_params={'eps_iter': 0.03, 'nb_iter': 10, 'y':y, 'clip_min': 0., 'clip_max': 1.}
54 | # adv = bim.generate_np(x, **bim_params)
55 | # return adv
56 |
57 | # # invoke the method for many times leads to multiple symbolic graph and may cause OOM
58 | # def CW(model, x, y, batch):
59 | # sess = K.get_session()
60 | # model_wrap = KerasModelWrapper(model)
61 | # cw = CarliniWagnerL2(model_wrap, sess=sess)
62 | # cw_params = {'binary_search_steps': 1,
63 | # 'y': y,
64 | # 'learning_rate': .1,
65 | # 'max_iterations': 50,
66 | # 'initial_const': 10,
67 | # 'batch_size': batch,
68 | # 'clip_min': -0.5,
69 | # 'clip_max': 0.5}
70 | # adv = cw.generate_np(x, **cw_params)# invoke the method for many times leads to multiple symbolic graph and may cause OOM
71 | # # def CW(model, x, y, batch):
72 | # # sess = K.get_session()
73 | # # model_wrap = KerasModelWrapper(model)
74 | # # cw = CarliniWagnerL2(model_wrap, sess=sess)
75 | # # cw_params = {'binary_search_steps': 1,
76 | # # 'y': y,
77 | # # 'learning_rate': .1,
78 | # # 'max_iterations': 50,
79 | # # 'initial_const': 10,
80 | # # 'batch_size': batch,
81 | # # 'clip_min': -0.5,
82 | # # 'clip_max': 0.5}
83 | # # adv = cw.generate_np(x, **cw_params)
84 | # # return adv
85 | # #
86 | # #
87 | # # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
88 | # # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
89 | # # def PGD(model, x, y, batch):
90 | # # sess = K.get_session()
91 | # # model_wrap = KerasModelWrapper(model)
92 | # # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
93 | # # pgd_params = {'eps': 8. / 255.,
94 | # # 'eps_iter': .01,
95 | # # 'nb_iter': 30.,
96 | # # 'clip_min': -0.5,
97 | # # 'clip_max': 0.5,
98 | # # 'y': y}
99 | # # adv = pgd.generate_np(x, **pgd_params)
100 | # # return adv
101 | # return adv
102 | #
103 | #
104 | # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
105 | # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
106 | # def PGD(model, x, y, batch):
107 | # sess = K.get_session()
108 | # model_wrap = KerasModelWrapper(model)
109 | # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
110 | # pgd_params = {'eps': 8. / 255.,
111 | # 'eps_iter': .01,
112 | # 'nb_iter': 30.,
113 | # 'clip_min': -0.5,
114 | # 'clip_max': 0.5,
115 | # 'y': y}
116 | # adv = pgd.generate_np(x, **pgd_params)
117 | # return adv
118 |
119 |
120 | # integrate all attack method in one function and only construct graph once
121 | def gen_adv_data(model, x, y, method, dataset, batch=2048):
122 | sess = K.get_session()
123 | model_wrap = KerasModelWrapper(model)
124 | if method.upper() == 'CW':
125 | params = {'binary_search_steps': 1,
126 | 'y': y,
127 | 'learning_rate': .1,
128 | 'max_iterations': 50,
129 | 'initial_const': 10,
130 | 'batch_size': batch,
131 | # 'clip_min': -0.5,
132 | # 'clip_max': 0.5
133 | }
134 | attack = CarliniWagnerL2(model_wrap, sess=sess)
135 |
136 | data_num = x.shape[0]
137 | begin, end = 0, batch
138 | adv_x_all = np.zeros_like(x)
139 | # every time process batch_size
140 | while end < data_num:
141 | start_time = time.time()
142 | params['y'] = y[begin:end]
143 | adv_x = attack.generate_np(x[begin:end], **params)
144 | adv_x_all[begin: end] = adv_x
145 | print(begin, end, "done")
146 | begin += batch
147 | end += batch
148 | end_time = time.time()
149 | print("time: ", end_time - start_time)
150 |
151 | # process the remaining
152 | if begin < data_num:
153 | start_time = time.time()
154 | params['y'] = y[begin:]
155 | params['batch_size'] = data_num - begin
156 | adv_x = attack.generate_np(x[begin:], **params)
157 | adv_x_all[begin:] = adv_x
158 | print(begin, data_num, "done")
159 | end_time = time.time()
160 | print("time: ", end_time - start_time)
161 |
162 | elif method.upper() == 'PGD':
163 | if dataset == 'cifar':
164 | params = {'eps': 8. / 255.,
165 | 'eps_iter': 2. / 255.,
166 | 'nb_iter': 300.,
167 | # 'clip_min': -0.5,
168 | # 'clip_max': 0.5,
169 | 'y': y}
170 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
171 | elif dataset == 'mnist':
172 | params = {'eps': .3,
173 | 'eps_iter': .03,
174 | 'nb_iter': 500.,
175 | 'clip_min': -0.5,
176 | 'clip_max': 0.5,
177 | 'y': y}
178 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
179 | elif dataset == 'svhn':
180 | params = {'eps': 8. / 255.,
181 | 'eps_iter': 0.01,
182 | 'nb_iter': 500.,
183 | 'clip_min': -0.5,
184 | 'clip_max': 0.5,
185 | 'y': y}
186 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
187 |
188 | data_num = x.shape[0]
189 | begin, end = 0, batch
190 | adv_x_all = np.zeros_like(x)
191 | # every time process batch_size
192 | while end < data_num:
193 | start_time = time.time()
194 | params['y'] = y[begin:end]
195 | adv_x = attack.generate_np(x[begin:end], **params)
196 | adv_x_all[begin: end] = adv_x
197 | print(begin, end, "done")
198 | begin += batch
199 | end += batch
200 | end_time = time.time()
201 | print("time: ", end_time - start_time)
202 |
203 | # process the remaining
204 | if begin < data_num:
205 | start_time = time.time()
206 | params['y'] = y[begin:]
207 | adv_x = attack.generate_np(x[begin:], **params)
208 | adv_x_all[begin:] = adv_x
209 | print(begin, data_num, "done")
210 | end_time = time.time()
211 | print("time: ", end_time - start_time)
212 |
213 | else:
214 | print('Unsupported attack')
215 | sys.exit(1)
216 |
217 | return adv_x_all
218 |
219 |
220 | # def gen_adv_data(model, x, y, method, batch=4000):
221 | # data_num = x.shape[0]
222 | # begin, end = 0, batch
223 | # adv_x_all = np.zeros_like(x)
224 | # while begin < data_num:
225 | # start_time = time.time()
226 | # adv_x = method(model, x[begin:end], y[begin:end], end-begin)
227 | # adv_x_all[begin: end] = adv_x
228 | # print(begin, end, "done")
229 | # begin += batch
230 | # end += batch
231 | # if end >= data_num:
232 | # end = data_num
233 | # end_time = time.time()
234 | # print("time: ", end_time - start_time)
235 | # return adv_x_all
236 |
237 |
238 | # the data is in range(-.5, .5)
239 | def load_data(name):
240 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
241 | name = name.lower()
242 | x_train = np.load('./data/' + name + '_data/' + name + '_x_train.npy')
243 | y_train = np.load('./data/' + name + '_data/' + name + '_y_train.npy')
244 | x_test = np.load('./data/' + name + '_data/' + name + '_x_test.npy')
245 | y_test = np.load('./data/' + name + '_data/' + name + '_y_test.npy')
246 | return x_train, y_train, x_test, y_test
247 |
248 |
249 | def softmax(x):
250 | exp_x = np.exp(x)
251 | return exp_x / np.sum(exp_x)
252 |
253 |
254 | def accuracy(model, x, labels):
255 | assert (x.shape[0] == labels.shape[0])
256 | num = x.shape[0]
257 | y = model.predict(x)
258 | y = y.argmax(axis=-1)
259 | labels = labels.argmax(axis=-1)
260 | idx = (labels == y)
261 | print(np.sum(idx) / num)
262 |
263 |
264 | if __name__ == '__main__':
265 | parser = argparse.ArgumentParser(description='attack for DNN')
266 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar', 'svhn'])
267 | parser.add_argument('-model', help="target model to attack", choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'adv_lenet1', 'adv_lenet4', 'adv_lenet5', 'adv_vgg16', 'adv_resnet20', 'svhn_model', 'adv_svhn_model', 'svhn_first', 'adv_svhn_first', 'svhn_second','adv_svhn_second'])
268 | parser.add_argument('-attack', help="attack model", choices=['CW', 'PGD'])
269 | parser.add_argument('-batch_size', help="attack batch size", type=int, default=32)
270 |
271 | args = parser.parse_args()
272 | # args.dataset = 'cifar'
273 | # args.attack = 'PGD'
274 |
275 | # ## get MNIST or SVHN
276 | x_train, y_train, x_test, y_test = load_data(args.dataset)
277 |
278 | ## get CIFAR
279 | # from util import get_data
280 | # x_train, y_train, x_test, y_test = get_data(args.dataset)
281 |
282 | # ## load Xuwei's trained svhn model
283 | # model = get_model(args.dataset, True)
284 | # model.load_weights('./data/' + args.dataset + '_data/model/' + args.model + '.h5')
285 | # model.compile(
286 | # loss='categorical_crossentropy',
287 | # # optimizer='adadelta',
288 | # optimizer='adam',
289 | # metrics=['accuracy']
290 | # )
291 |
292 | ## load mine trained model
293 | from keras.models import load_model
294 | model = load_model('./data/' + args.dataset + '_data/model/' + args.model + '.h5')
295 | model.summary()
296 |
297 | accuracy(model, x_test, y_test)
298 |
299 | adv = gen_adv_data(model, x_test[:1000], y_test[:1000], args.attack, args.dataset, args.batch_size)
300 |
301 | # accuracy(model, adv, y_test)
302 | # np.save('./data/cifar_data/model/test_adv_PGD', adv)
303 | np.save('./data/' + args.dataset + '_data/model/' + args.model + '_' + args.attack + '.npy', adv)
304 |
305 | # y_res = model.predict(x_train)
306 | # y_res = softmax(y_res)
307 | # y_res = y_res.argmax(axis=-1)
308 | # y = y_train.argmax(axis=-1)
309 | # idx = (y_res == y)
310 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/compare_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of mnist lenet1 is:
4 | MR of DH is 0.097
5 | MR of DP is 1.0
6 | Linf of DH is 251.0
7 | Linf of DP is 77.0
8 |
9 | ------------------------------------------------------------------------------
10 | the result of mnist lenet4 is:
11 | MR of DH is 0.036
12 | MR of DP is 1.0
13 | Linf of DH is 248.16666666666666
14 | Linf of DP is 77.0
15 |
16 | ------------------------------------------------------------------------------
17 | the result of mnist lenet5 is:
18 | MR of DH is 0.042
19 | MR of DP is 0.999
20 | Linf of DH is 249.6551724137931
21 | Linf of DP is 77.0
22 |
23 | ------------------------------------------------------------------------------
24 | the result of cifar vgg16 is:
25 | MR of DH is 0.429
26 | MR of DP is 0.898
27 | Linf of DH is 106.45648810392643
28 | Linf of DP is 8.0
29 |
30 | ------------------------------------------------------------------------------
31 | the result of cifar resnet20 is:
32 | MR of DH is 0.422
33 | MR of DP is 0.999
34 | Linf of DH is 92.61751249519415
35 | Linf of DP is 8.0
36 |
37 | ------------------------------------------------------------------------------
38 | the result of svhn svhn_model is:
39 | MR of DH is 0.235
40 | MR of DP is 1.0
41 | Linf of DH is 166.21212121212122
42 | Linf of DP is 8.896969696969697
43 |
44 | ------------------------------------------------------------------------------
45 | the result of svhn svhn_first is:
46 | MR of DH is 0.296
47 | MR of DP is 0.999
48 | Linf of DH is 174.80444444444444
49 | Linf of DP is 8.911111111111111
50 |
51 | ------------------------------------------------------------------------------
52 | the result of svhn svhn_second is:
53 | MR of DH is 0.211
54 | MR of DP is 1.0
55 | Linf of DH is 168.80232558139534
56 | Linf of DP is 8.94186046511628
57 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/criteria.py:
--------------------------------------------------------------------------------
1 | import numpy as np
2 | import tensorflow as tf
3 | import os
4 | from attack_evaluate import AttackEvaluate
5 | import argparse
6 |
7 | import matplotlib.pyplot as plt
8 |
9 | from skimage import data, img_as_float
10 | from skimage.metrics import structural_similarity as ssim
11 |
12 |
13 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
14 |
15 | ####for solving some specific problems, don't care
16 | config = tf.ConfigProto()
17 | config.gpu_options.allow_growth = True
18 | sess = tf.Session(config=config)
19 |
20 | def lp_distance(pic1, pic2):
21 | pic1 = np.round(pic1*255)
22 | pic2 = np.round(pic2*255)
23 |
24 |
25 | dist_li = np.linalg.norm(np.reshape(pic1 - pic2, -1), ord=np.inf)
26 |
27 | return dist_li
28 |
29 | def softmax(x):
30 | exp_x = np.exp(x)
31 | return exp_x / np.sum(exp_x)
32 |
33 | def load_data(name):
34 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
35 | name = name.lower()
36 | x_train = np.load('./data/' + name + '_data/' + name + '_x_train.npy')
37 | y_train = np.load('./data/' + name + '_data/' + name + '_y_train.npy')
38 | x_test = np.load('./data/' + name + '_data/' + name + '_x_test.npy')
39 | y_test = np.load('./data/' + name + '_data/' + name + '_y_test.npy')
40 | return x_train, y_train, x_test, y_test
41 |
42 |
43 | if __name__ == '__main__':
44 | parser = argparse.ArgumentParser(description='MR and Linf')
45 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar', 'svhn'])
46 | parser.add_argument('-model', help="target model to attack",
47 | choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'svhn_model',
48 | 'svhn_first', 'svhn_second'])
49 |
50 | args = parser.parse_args()
51 |
52 | attack = 'PGD'
53 | dataset = args.dataset
54 | model_name = args.model
55 | # print(args.dataset)
56 |
57 |
58 | ### load deephunter adv
59 | x_adv_deep = np.load('./data/' + dataset + '_data/model/' + 'deephunter_adv_test_' + model_name + '.npy')
60 |
61 |
62 | ### load PGD adv
63 | x_adv_pgd = np.load('./data/' + dataset + '_data/model/' + model_name + '_' + attack + '.npy')
64 |
65 |
66 | # load dataset
67 | x_train, y_train, x_test, y_test = load_data(dataset)
68 |
69 | # import model
70 | from keras.models import load_model
71 | model = load_model('./data/' + dataset + '_data/model/' + model_name + '.h5')
72 | model.summary()
73 |
74 |
75 | ## compare MR
76 | criteria1 = AttackEvaluate(model, x_test, y_test, x_adv_deep[:1000])
77 | MR_deep = criteria1.misclassification_rate()
78 | print(MR_deep)
79 |
80 | criteria2 = AttackEvaluate(model, x_test, y_test, x_adv_pgd[:1000])
81 | MR_pgd = criteria2.misclassification_rate()
82 | print(MR_pgd)
83 |
84 | li_deep = 0
85 | li_pgd = 0
86 |
87 | num = 0
88 |
89 | for i in range(1000):
90 | if softmax(model.predict(np.expand_dims(x_adv_deep[i], axis=0))).argmax(axis=-1) != softmax(model.predict(np.expand_dims(x_test[i], axis=0))).argmax(axis=-1):
91 | num += 1
92 |
93 | ## compare Lp
94 | li_deep_new = lp_distance(x_test[i], x_adv_deep[i])
95 | li_pgd_new = lp_distance(x_test[i], x_adv_pgd[i])
96 |
97 | li_deep += li_deep_new
98 | li_pgd += li_pgd_new
99 |
100 | if dataset == 'cifar':
101 | li_deep = li_deep/255
102 |
103 | with open("compare_result.txt", "a") as f:
104 | f.write("\n------------------------------------------------------------------------------\n")
105 | f.write('the result of {} {} is: \n'.format(args.dataset, args.model))
106 | f.write('MR of DH is {} \n'.format(MR_deep))
107 | f.write('MR of DP is {} \n'.format(MR_pgd))
108 | f.write('Linf of DH is {} \n'.format(li_deep/num))
109 | f.write('Linf of DP is {} \n'.format(li_pgd/num))
110 |
111 |
112 | print("li of deephunter is: {}".format(li_deep/num))
113 | print("li of pgd is: {}".format(li_pgd/num))
114 |
115 |
116 |
117 |
118 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/data/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/mutators.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function
2 | from importlib import reload
3 | import sys
4 | import cv2
5 | import numpy as np
6 | import random
7 | import time
8 | import copy
9 | reload(sys)
10 | # sys.setdefaultencoding('utf8')
11 |
12 |
13 |
14 | # keras 1.2.2 tf:1.2.0
15 | class Mutators():
16 | def image_translation(img, params):
17 |
18 | rows, cols, ch = img.shape
19 | # rows, cols = img.shape
20 |
21 | # M = np.float32([[1, 0, params[0]], [0, 1, params[1]]])
22 | M = np.float32([[1, 0, params], [0, 1, params]])
23 | dst = cv2.warpAffine(img, M, (cols, rows))
24 | return dst
25 |
26 | def image_scale(img, params):
27 |
28 | # res = cv2.resize(img, None, fx=params[0], fy=params[1], interpolation=cv2.INTER_CUBIC)
29 | rows, cols, ch = img.shape
30 | res = cv2.resize(img, None, fx=params, fy=params, interpolation=cv2.INTER_CUBIC)
31 | res = res.reshape((res.shape[0],res.shape[1],ch))
32 | y, x, z = res.shape
33 | if params > 1: # need to crop
34 | startx = x // 2 - cols // 2
35 | starty = y // 2 - rows // 2
36 | return res[starty:starty + rows, startx:startx + cols]
37 | elif params < 1: # need to pad
38 | sty = (rows - y) // 2
39 | stx = (cols - x) // 2
40 | return np.pad(res, [(sty, rows - y - sty), (stx, cols - x - stx), (0, 0)], mode='constant', constant_values=0)
41 | return res
42 |
43 | def image_shear(img, params):
44 | rows, cols, ch = img.shape
45 | # rows, cols = img.shape
46 | factor = params * (-1.0)
47 | M = np.float32([[1, factor, 0], [0, 1, 0]])
48 | dst = cv2.warpAffine(img, M, (cols, rows))
49 | return dst
50 |
51 | def image_rotation(img, params):
52 | rows, cols, ch = img.shape
53 | # rows, cols = img.shape
54 | M = cv2.getRotationMatrix2D((cols / 2, rows / 2), params, 1)
55 | dst = cv2.warpAffine(img, M, (cols, rows), flags=cv2.INTER_AREA)
56 | return dst
57 |
58 | def image_contrast(img, params):
59 | alpha = params
60 | new_img = cv2.multiply(img, np.array([alpha])) # mul_img = img*alpha
61 | # new_img = cv2.add(mul_img, beta) # new_img = img*alpha + beta
62 |
63 | return new_img
64 |
65 | def image_brightness(img, params):
66 | beta = params
67 | new_img = cv2.add(img, beta) # new_img = img*alpha + beta
68 | return new_img
69 |
70 | def image_blur(img, params):
71 |
72 | # print("blur")
73 | blur = []
74 | if params == 1:
75 | blur = cv2.blur(img, (3, 3))
76 | if params == 2:
77 | blur = cv2.blur(img, (4, 4))
78 | if params == 3:
79 | blur = cv2.blur(img, (5, 5))
80 | if params == 4:
81 | blur = cv2.GaussianBlur(img, (3, 3), 0)
82 | if params == 5:
83 | blur = cv2.GaussianBlur(img, (5, 5), 0)
84 | if params == 6:
85 | blur = cv2.GaussianBlur(img, (7, 7), 0)
86 | if params == 7:
87 | blur = cv2.medianBlur(img, 3)
88 | if params == 8:
89 | blur = cv2.medianBlur(img, 5)
90 | # if params == 9:
91 | # blur = cv2.blur(img, (6, 6))
92 | if params == 9:
93 | blur = cv2.bilateralFilter(img, 6, 50, 50)
94 | # blur = cv2.bilateralFilter(img, 9, 75, 75)
95 | return blur
96 |
97 | def image_pixel_change(img, params):
98 | # random change 1 - 5 pixels from 0 -255
99 | img_shape = img.shape
100 | img1d = np.ravel(img)
101 | arr = np.random.randint(0, len(img1d), params)
102 | for i in arr:
103 | img1d[i] = np.random.randint(0, 256)
104 | new_img = img1d.reshape(img_shape)
105 | return new_img
106 |
107 | def image_noise(img, params):
108 | if params == 1: # Gaussian-distributed additive noise.
109 | row, col, ch = img.shape
110 | mean = 0
111 | var = 0.1
112 | sigma = var ** 0.5
113 | gauss = np.random.normal(mean, sigma, (row, col, ch))
114 | gauss = gauss.reshape(row, col, ch)
115 | noisy = img + gauss
116 | return noisy.astype(np.uint8)
117 | elif params == 2: # Replaces random pixels with 0 or 1.
118 | s_vs_p = 0.5
119 | amount = 0.004
120 | out = np.copy(img)
121 | # Salt mode
122 | num_salt = np.ceil(amount * img.size * s_vs_p)
123 | coords = [np.random.randint(0, i, int(num_salt))
124 | for i in img.shape]
125 | out[tuple(coords)] = 1
126 |
127 | # Pepper mode
128 | num_pepper = np.ceil(amount * img.size * (1. - s_vs_p))
129 | coords = [np.random.randint(0, i, int(num_pepper))
130 | for i in img.shape]
131 | out[tuple(coords)] = 0
132 | return out
133 | elif params == 3: # Multiplicative noise using out = image + n*image,where n is uniform noise with specified mean & variance.
134 | row, col, ch = img.shape
135 | gauss = np.random.randn(row, col, ch)
136 | gauss = gauss.reshape(row, col, ch)
137 | noisy = img + img * gauss
138 | return noisy.astype(np.uint8)
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
--------------------------------------------------------------------------------
/Comparison of Attack Images/test_example.sh:
--------------------------------------------------------------------------------
1 | : '
2 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar'])
3 | parser.add_argument('-model', help="target model to attack", choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'svhn_model', 'svhn_first', 'svhn_second'])
4 |
5 | '
6 |
7 | #: 'attack'
8 | #python attack.py -dataset mnist -model lenet1 -attack PGD -batch_size 128
9 | #python attack.py -dataset mnist -model lenet4 -attack PGD -batch_size 128
10 | #python attack.py -dataset mnist -model lenet5 -attack PGD -batch_size 128
11 |
12 | #python attack.py -dataset cifar -model vgg16 -attack PGD -batch_size 128
13 | #python attack.py -dataset cifar -model resnet20 -attack PGD -batch_size 128
14 |
15 | #python attack.py -dataset svhn -model svhn_model -attack PGD -batch_size 128
16 | #python attack.py -dataset svhn -model svhn_first -attack PGD -batch_size 128
17 | #python attack.py -dataset svhn -model svhn_second -attack PGD -batch_size 128
18 |
19 | ## DH
20 | #python deephunter_attack.py -dataset mnist -model lenet1
21 | #python deephunter_attack.py -dataset mnist -model lenet4
22 | #python deephunter_attack.py -dataset mnist -model lenet5
23 |
24 | #python deephunter_attack.py -dataset cifar -model vgg16
25 | #python deephunter_attack.py -dataset cifar -model resnet20
26 |
27 | #python deephunter_attack.py -dataset svhn -model svhn_model
28 | #python deephunter_attack.py -dataset svhn -model svhn_first
29 | #python deephunter_attack.py -dataset svhn -model svhn_second
30 |
31 | # criteria
32 | python criteria.py -dataset mnist -model lenet1
33 | python criteria.py -dataset mnist -model lenet4
34 | python criteria.py -dataset mnist -model lenet5
35 |
36 | python criteria.py -dataset cifar -model vgg16
37 | python criteria.py -dataset cifar -model resnet20
38 |
39 | python criteria.py -dataset svhn -model svhn_model
40 | python criteria.py -dataset svhn -model svhn_first
41 | python criteria.py -dataset svhn -model svhn_second
42 |
43 |
44 |
45 | echo 'Finish!'
46 |
47 |
--------------------------------------------------------------------------------
/Correlation/.idea/Figure 4 and figure 8.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/Correlation/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Correlation/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Correlation/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Correlation/.idea/workspace.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 | 1590466043268
40 |
41 |
42 | 1590466043268
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
--------------------------------------------------------------------------------
/Correlation/adv_train_example.py:
--------------------------------------------------------------------------------
1 | from util import get_data, get_model
2 |
3 | from keras.preprocessing.image import ImageDataGenerator
4 | from art.data_generators import KerasDataGenerator
5 |
6 | from art.classifiers import KerasClassifier
7 | from art.attacks import ProjectedGradientDescent
8 | from art.attacks import BasicIterativeMethod
9 | from art.defences import AdversarialTrainer
10 | from art.attacks import CarliniL2Method
11 | from art.attacks import FastGradientMethod
12 |
13 | import numpy as np
14 | import tensorflow as tf
15 | import os
16 |
17 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
18 |
19 | ####for solving some specific problems, don't care
20 | config = tf.ConfigProto()
21 | config.gpu_options.allow_growth = True
22 | sess = tf.Session(config=config)
23 |
24 | # the data is in range(-.5, .5)
25 | def load_data(name):
26 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
27 | name = name.lower()
28 | x_train = np.load('../data/' + name + '_data/' + name + '_x_train.npy')
29 | y_train = np.load('../data/' + name + '_data/' + name + '_y_train.npy')
30 | x_test = np.load('../data/' + name + '_data/' + name + '_x_test.npy')
31 | y_test = np.load('../data/' + name + '_data/' + name + '_y_test.npy')
32 | return x_train, y_train, x_test, y_test
33 |
34 |
35 | if __name__ == "__main__":
36 | dataset = 'svhn'
37 | model_name = 'svhn_second'
38 | attack_name = 'PGD'
39 |
40 | # dataset = 'cifar'
41 | # model_name = 'resnet20'
42 | # attack_name = 'PGD'
43 |
44 | # x_train, y_train, x_test, y_test = get_data('cifar')
45 | x_train, y_train, x_test, y_test = load_data(dataset)
46 |
47 |
48 | from keras.models import load_model
49 | model = load_model('../data/' + dataset + '_data/model/' + model_name + '.h5')
50 |
51 | # ## for svhn model
52 | # from util import get_model
53 | # model = get_model(dataset, True)
54 | # model.load_weights('./data/' + dataset + '_data/model/' + model_name + '.h5')
55 |
56 | model.compile(
57 | loss='categorical_crossentropy',
58 | # optimizer='adadelta',
59 | optimizer='adam',
60 | metrics=['accuracy']
61 | )
62 |
63 | model.summary()
64 | # Evaluate the benign trained model on clean test set
65 | labels_true = np.argmax(y_test, axis=1)
66 | labels_test = np.argmax(model.predict(x_test), axis=1)
67 | print('Accuracy test set: %.2f%%' % (np.sum(labels_test == labels_true) / x_test.shape[0] * 100))
68 |
69 | # # training for MNIST
70 | # classifier = KerasClassifier(clip_values=(-0.5, 0.5), model=model, use_logits=False)
71 | # attack = ProjectedGradientDescent(classifier, eps=0.3, eps_step=0.01, max_iter=20, batch_size=128)
72 |
73 | # ## training for CIFAR
74 | # classifier = KerasClassifier(model=model, use_logits=False)
75 | # attack = ProjectedGradientDescent(classifier, eps=8/255, eps_step=2/255, max_iter=10, batch_size=512)
76 |
77 | ## training for SVHN
78 | classifier = KerasClassifier(clip_values=(-0.5, 0.5), model=model, use_logits=False)
79 | attack = ProjectedGradientDescent(classifier, eps=8/255, eps_step=1/255, max_iter=20, batch_size=512)
80 |
81 | x_test_pgd = attack.generate(x_test, y_test)
82 | # np.save('./data/' + dataset + '_data/model/' + model_name + '_y_' + attack_name + '.npy', x_test_pgd)
83 |
84 | # Evaluate the benign trained model on adv test set
85 | labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
86 | print('Accuracy on original PGD adversarial samples: %.2f%%' %
87 | (np.sum(labels_pgd == labels_true) / x_test.shape[0] * 100))
88 |
89 | trainer = AdversarialTrainer(classifier, attack, ratio=1.0)
90 | trainer.fit(x_train, y_train, nb_epochs=60, batch_size=1024)
91 |
92 | classifier.save(filename='adv_' + model_name + '.h5', path='../data/' + dataset + '_data/model/')
93 |
94 | # Evaluate the adversarially trained model on clean test set
95 | labels_true = np.argmax(y_test, axis=1)
96 | labels_test = np.argmax(classifier.predict(x_test), axis=1)
97 | print('Accuracy test set: %.2f%%' % (np.sum(labels_test == labels_true) / x_test.shape[0] * 100))
98 |
99 | # Evaluate the adversarially trained model on original adversarial samples
100 | labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
101 | print('Accuracy on original PGD adversarial samples: %.2f%%' %
102 | (np.sum(labels_pgd == labels_true) / x_test.shape[0] * 100))
103 |
104 | # Evaluate the adversarially trained model on fresh adversarial samples produced on the adversarially trained model
105 | x_test_pgd = attack.generate(x_test, y_test)
106 | labels_pgd = np.argmax(classifier.predict(x_test_pgd), axis=1)
107 | print('Accuracy on new PGD adversarial samples: %.2f%%' % (np.sum(labels_pgd == labels_true) / x_test.shape[0] * 100))
108 |
109 |
110 |
111 |
112 |
113 |
--------------------------------------------------------------------------------
/Correlation/attack.py:
--------------------------------------------------------------------------------
1 | from __future__ import absolute_import
2 | from __future__ import division
3 | from __future__ import print_function
4 | from __future__ import unicode_literals
5 |
6 | from cleverhans.utils_keras import KerasModelWrapper
7 | from cleverhans.attacks import CarliniWagnerL2
8 | from cleverhans.attacks import SaliencyMapMethod
9 | from cleverhans.attacks import FastGradientMethod
10 | from cleverhans.attacks import BasicIterativeMethod
11 | from cleverhans.attacks import ProjectedGradientDescent
12 |
13 | import tensorflow as tf
14 | import os
15 |
16 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
17 |
18 | ####for solving some specific problems, don't care
19 | config = tf.ConfigProto()
20 | config.gpu_options.allow_growth = True
21 | sess = tf.Session(config=config)
22 |
23 | import keras
24 | from keras import backend as K
25 | import numpy as np
26 | import time
27 | from util import get_model
28 | import sys
29 | import argparse
30 |
31 |
32 | # def JSMA(model, x, y):
33 | # sess = K.get_session()
34 | # model_wrap = KerasModelWrapper(model)
35 | # jsma = SaliencyMapMethod(model_wrap, sess=sess)
36 | # jsma_params = {'theta':1., 'gamma': 0.1, 'clip_min':0., 'clip_max':1.}
37 | # adv = jsma.generate_np(x, **jsma_params)
38 | # return adv
39 | #
40 | #
41 | # def FGSM(model, x, y):
42 | # sess = K.get_session()
43 | # model_wrap = KerasModelWrapper(model)
44 | # fgsm = FastGradientMethod(model_wrap, sess=sess)
45 | # fgsm_params={'y':y, 'eps':0.2, 'clip_min':0., 'clip_max': 1.}
46 | # adv = fgsm.generate_np(x, **fgsm_params)
47 | # return adv
48 | #
49 | #
50 | # def BIM(model, x, y):
51 | # sess = K.get_session()
52 | # model_wrap = KerasModelWrapper(model)
53 | # bim = BasicIterativeMethod(model_wrap, sess=sess)
54 | # bim_params={'eps_iter': 0.03, 'nb_iter': 10, 'y':y, 'clip_min': 0., 'clip_max': 1.}
55 | # adv = bim.generate_np(x, **bim_params)
56 | # return adv
57 |
58 | # # invoke the method for many times leads to multiple symbolic graph and may cause OOM
59 | # def CW(model, x, y, batch):
60 | # sess = K.get_session()
61 | # model_wrap = KerasModelWrapper(model)
62 | # cw = CarliniWagnerL2(model_wrap, sess=sess)
63 | # cw_params = {'binary_search_steps': 1,
64 | # 'y': y,
65 | # 'learning_rate': .1,
66 | # 'max_iterations': 50,
67 | # 'initial_const': 10,
68 | # 'batch_size': batch,
69 | # 'clip_min': -0.5,
70 | # 'clip_max': 0.5}
71 | # adv = cw.generate_np(x, **cw_params)# invoke the method for many times leads to multiple symbolic graph and may cause OOM
72 | # # def CW(model, x, y, batch):
73 | # # sess = K.get_session()
74 | # # model_wrap = KerasModelWrapper(model)
75 | # # cw = CarliniWagnerL2(model_wrap, sess=sess)
76 | # # cw_params = {'binary_search_steps': 1,
77 | # # 'y': y,
78 | # # 'learning_rate': .1,
79 | # # 'max_iterations': 50,
80 | # # 'initial_const': 10,
81 | # # 'batch_size': batch,
82 | # # 'clip_min': -0.5,
83 | # # 'clip_max': 0.5}
84 | # # adv = cw.generate_np(x, **cw_params)
85 | # # return adv
86 | # #
87 | # #
88 | # # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
89 | # # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
90 | # # def PGD(model, x, y, batch):
91 | # # sess = K.get_session()
92 | # # model_wrap = KerasModelWrapper(model)
93 | # # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
94 | # # pgd_params = {'eps': 8. / 255.,
95 | # # 'eps_iter': .01,
96 | # # 'nb_iter': 30.,
97 | # # 'clip_min': -0.5,
98 | # # 'clip_max': 0.5,
99 | # # 'y': y}
100 | # # adv = pgd.generate_np(x, **pgd_params)
101 | # # return adv
102 | # return adv
103 | #
104 | #
105 | # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
106 | # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
107 | # def PGD(model, x, y, batch):
108 | # sess = K.get_session()
109 | # model_wrap = KerasModelWrapper(model)
110 | # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
111 | # pgd_params = {'eps': 8. / 255.,
112 | # 'eps_iter': .01,
113 | # 'nb_iter': 30.,
114 | # 'clip_min': -0.5,
115 | # 'clip_max': 0.5,
116 | # 'y': y}
117 | # adv = pgd.generate_np(x, **pgd_params)
118 | # return adv
119 |
120 |
121 | # integrate all attack method in one function and only construct graph once
122 | def gen_adv_data(model, x, y, method, dataset, batch=2048):
123 | sess = K.get_session()
124 | model_wrap = KerasModelWrapper(model)
125 | if method.upper() == 'CW':
126 | params = {'binary_search_steps': 1,
127 | 'y': y,
128 | 'learning_rate': .1,
129 | 'max_iterations': 50,
130 | 'initial_const': 10,
131 | 'batch_size': batch,
132 | # 'clip_min': -0.5,
133 | # 'clip_max': 0.5
134 | }
135 | attack = CarliniWagnerL2(model_wrap, sess=sess)
136 |
137 | data_num = x.shape[0]
138 | begin, end = 0, batch
139 | adv_x_all = np.zeros_like(x)
140 | # every time process batch_size
141 | while end < data_num:
142 | start_time = time.time()
143 | params['y'] = y[begin:end]
144 | adv_x = attack.generate_np(x[begin:end], **params)
145 | adv_x_all[begin: end] = adv_x
146 | print(begin, end, "done")
147 | begin += batch
148 | end += batch
149 | end_time = time.time()
150 | print("time: ", end_time - start_time)
151 |
152 | # process the remaining
153 | if begin < data_num:
154 | start_time = time.time()
155 | params['y'] = y[begin:]
156 | params['batch_size'] = data_num - begin
157 | adv_x = attack.generate_np(x[begin:], **params)
158 | adv_x_all[begin:] = adv_x
159 | print(begin, data_num, "done")
160 | end_time = time.time()
161 | print("time: ", end_time - start_time)
162 |
163 | elif method.upper() == 'PGD':
164 | if dataset == 'cifar':
165 | params = {'eps': 16. / 255.,
166 | 'eps_iter': 2. / 255.,
167 | 'nb_iter': 30.,
168 | # 'clip_min': -0.5,
169 | # 'clip_max': 0.5,
170 | 'y': y}
171 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
172 | elif dataset == 'mnist':
173 | params = {'eps': .3,
174 | 'eps_iter': .03,
175 | 'nb_iter': 20.,
176 | 'clip_min': -0.5,
177 | 'clip_max': 0.5,
178 | 'y': y}
179 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
180 | elif dataset == 'svhn':
181 | params = {'eps': 8. / 255.,
182 | 'eps_iter': 0.01,
183 | 'nb_iter': 30.,
184 | 'clip_min': -0.5,
185 | 'clip_max': 0.5,
186 | 'y': y}
187 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
188 |
189 | data_num = x.shape[0]
190 | begin, end = 0, batch
191 | adv_x_all = np.zeros_like(x)
192 | # every time process batch_size
193 | while end < data_num:
194 | start_time = time.time()
195 | params['y'] = y[begin:end]
196 | adv_x = attack.generate_np(x[begin:end], **params)
197 | adv_x_all[begin: end] = adv_x
198 | print(begin, end, "done")
199 | begin += batch
200 | end += batch
201 | end_time = time.time()
202 | print("time: ", end_time - start_time)
203 |
204 | # process the remaining
205 | if begin < data_num:
206 | start_time = time.time()
207 | params['y'] = y[begin:]
208 | adv_x = attack.generate_np(x[begin:], **params)
209 | adv_x_all[begin:] = adv_x
210 | print(begin, data_num, "done")
211 | end_time = time.time()
212 | print("time: ", end_time - start_time)
213 |
214 | else:
215 | print('Unsupported attack')
216 | sys.exit(1)
217 |
218 | return adv_x_all
219 |
220 |
221 | # def gen_adv_data(model, x, y, method, batch=4000):
222 | # data_num = x.shape[0]
223 | # begin, end = 0, batch
224 | # adv_x_all = np.zeros_like(x)
225 | # while begin < data_num:
226 | # start_time = time.time()
227 | # adv_x = method(model, x[begin:end], y[begin:end], end-begin)
228 | # adv_x_all[begin: end] = adv_x
229 | # print(begin, end, "done")
230 | # begin += batch
231 | # end += batch
232 | # if end >= data_num:
233 | # end = data_num
234 | # end_time = time.time()
235 | # print("time: ", end_time - start_time)
236 | # return adv_x_all
237 |
238 |
239 | # the data is in range(-.5, .5)
240 | def load_data(name):
241 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
242 | name = name.lower()
243 | x_train = np.load('../data/' + name + '_data/' + name + '_x_train.npy')
244 | y_train = np.load('../data/' + name + '_data/' + name + '_y_train.npy')
245 | x_test = np.load('../data/' + name + '_data/' + name + '_x_test.npy')
246 | y_test = np.load('../data/' + name + '_data/' + name + '_y_test.npy')
247 | return x_train, y_train, x_test, y_test
248 |
249 |
250 | def softmax(x):
251 | exp_x = np.exp(x)
252 | return exp_x / np.sum(exp_x)
253 |
254 |
255 | def accuracy(model, x, labels):
256 | assert (x.shape[0] == labels.shape[0])
257 | num = x.shape[0]
258 | y = model.predict(x)
259 | y = y.argmax(axis=-1)
260 | labels = labels.argmax(axis=-1)
261 | idx = (labels == y)
262 | print(np.sum(idx) / num)
263 |
264 |
265 | if __name__ == '__main__':
266 | parser = argparse.ArgumentParser(description='attack for DNN')
267 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar', 'svhn'])
268 | parser.add_argument('-model', help="target model to attack", choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'adv_lenet1', 'adv_lenet4', 'adv_lenet5', 'adv_vgg16', 'adv_resnet20', 'svhn_model', 'adv_svhn_model', 'svhn_first', 'adv_svhn_first', 'svhn_second','adv_svhn_second'])
269 | parser.add_argument('-attack', help="attack model", choices=['CW', 'PGD'])
270 | parser.add_argument('-batch_size', help="attack batch size", type=int, default=32)
271 |
272 | args = parser.parse_args()
273 | # args.dataset = 'cifar'
274 | # args.attack = 'PGD'
275 |
276 | # ## get MNIST or SVHN
277 | x_train, y_train, x_test, y_test = load_data(args.dataset)
278 |
279 | ## get CIFAR
280 | # from util import get_data
281 | # x_train, y_train, x_test, y_test = get_data(args.dataset)
282 |
283 | # ## load Xuwei's trained svhn model
284 | # model = get_model(args.dataset, True)
285 | # model.load_weights('./data/' + args.dataset + '_data/model/' + args.model + '.h5')
286 | # model.compile(
287 | # loss='categorical_crossentropy',
288 | # # optimizer='adadelta',
289 | # optimizer='adam',
290 | # metrics=['accuracy']
291 | # )
292 |
293 | ## load mine trained model
294 | from keras.models import load_model
295 | model = load_model('../data/' + args.dataset + '_data/model/' + args.model + '.h5')
296 | model.summary()
297 |
298 | accuracy(model, x_test, y_test)
299 |
300 | adv = gen_adv_data(model, x_test, y_test, args.attack, args.dataset, args.batch_size)
301 |
302 | # accuracy(model, adv, y_test)
303 | # np.save('./data/cifar_data/model/test_adv_PGD', adv)
304 | np.save('./data/' + args.dataset + '_data/model/' + args.model + '_' + args.attack + '.npy', adv)
305 |
306 | # y_res = model.predict(x_train)
307 | # y_res = softmax(y_res)
308 | # y_res = y_res.argmax(axis=-1)
309 | # y = y_train.argmax(axis=-1)
310 | # idx = (y_res == y)
311 |
--------------------------------------------------------------------------------
/Correlation/correlation.py:
--------------------------------------------------------------------------------
1 | from scipy.stats import kendalltau
2 | import numpy as np
3 | import xlrd
4 |
5 | def row2array(row, length):
6 | row = np.array(row)
7 | arr = np.array([])
8 |
9 | for i in range(1, length, 1):
10 | arr = np.append(arr, float(row[i]))
11 |
12 | return arr, row[0]
13 |
14 |
15 | def func(a, b):
16 | Lens = len(a)
17 |
18 | ties_onlyin_x = 0
19 | ties_onlyin_y = 0
20 | con_pair = 0
21 | dis_pair = 0
22 | for i in range(Lens - 1):
23 | for j in range(i + 1, Lens):
24 | test_tying_x = np.sign(a[i] - a[j])
25 | test_tying_y = np.sign(b[i] - b[j])
26 | panduan = test_tying_x * test_tying_y
27 | if panduan == 1:
28 | con_pair += 1
29 | elif panduan == -1:
30 | dis_pair += 1
31 |
32 | if test_tying_y == 0 and test_tying_x != 0:
33 | ties_onlyin_y += 1
34 | elif test_tying_x == 0 and test_tying_y != 0:
35 | ties_onlyin_x += 1
36 |
37 | if (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y) == 0:
38 | k = 10**-1
39 | else:
40 | k = (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y)
41 |
42 | Kendallta1 = (con_pair - dis_pair) / np.sqrt(k)
43 |
44 | return Kendallta1
45 |
46 | if __name__ == '__main__':
47 | excel = xlrd.open_workbook('correlation.xlsx')
48 |
49 | ## MNIST's related values are in sheet 0
50 | mnist_data = excel.sheet_by_index(0)
51 |
52 | print(mnist_data.name, mnist_data.nrows, mnist_data.ncols)
53 |
54 | ## get every row's value and put them in a dictionary
55 | mnist_dic = {}
56 |
57 | for j in range(2, mnist_data.nrows):
58 | row_excel = mnist_data.row_values(j)
59 | row_value, name = row2array(row_excel, mnist_data.ncols)
60 | mnist_dic[name] = row_value
61 |
62 | print(mnist_dic)
63 |
64 | # calculate Kendallta
65 | for metric_1 in np.array(mnist_data.col_values(0))[2:13]:
66 | for metric_2 in np.array(mnist_data.col_values(0))[13:23]:
67 | Kendallta, p_value = kendalltau(mnist_dic[metric_1], mnist_dic[metric_2])
68 | v = func(mnist_dic[metric_2], mnist_dic[metric_1])
69 | # print(v)
70 | # print('---------------------------------------------')
71 | print('The Kendallta between {} and {} is {}'.format(metric_2, metric_1, v))
72 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/Correlation/correlation.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Correlation/correlation.xlsx
--------------------------------------------------------------------------------
/Correlation/correlation_sadl.py:
--------------------------------------------------------------------------------
1 | from scipy.stats import kendalltau
2 | import numpy as np
3 | import xlrd
4 |
5 | def row2array(row, length):
6 | row = np.array(row)
7 | arr = np.array([])
8 |
9 | for i in range(1, length, 1):
10 | arr = np.append(arr, float(row[i]))
11 |
12 | return arr, row[0]
13 |
14 |
15 | def func(a, b):
16 | Lens = len(a)
17 |
18 | ties_onlyin_x = 0
19 | ties_onlyin_y = 0
20 | con_pair = 0
21 | dis_pair = 0
22 | for i in range(Lens - 1):
23 | for j in range(i + 1, Lens):
24 | test_tying_x = np.sign(a[i] - a[j])
25 | test_tying_y = np.sign(b[i] - b[j])
26 | panduan = test_tying_x * test_tying_y
27 | if panduan == 1:
28 | con_pair += 1
29 | elif panduan == -1:
30 | dis_pair += 1
31 |
32 | if test_tying_y == 0 and test_tying_x != 0:
33 | ties_onlyin_y += 1
34 | elif test_tying_x == 0 and test_tying_y != 0:
35 | ties_onlyin_x += 1
36 |
37 | if (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y) == 0:
38 | k = 10**-1
39 | else:
40 | k = (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y)
41 |
42 | Kendallta1 = (con_pair - dis_pair) / np.sqrt(k)
43 |
44 | return Kendallta1
45 |
46 | if __name__ == '__main__':
47 | excel = xlrd.open_workbook('correlation.xlsx')
48 |
49 | ## MNIST's related values are in sheet 0
50 | mnist_data = excel.sheet_by_index(1)
51 |
52 | print(mnist_data.name, mnist_data.nrows, mnist_data.ncols)
53 |
54 | ## get every row's value and put them in a dictionary
55 | mnist_dic = {}
56 |
57 | for j in range(2, mnist_data.nrows):
58 | row_excel = mnist_data.row_values(j)
59 | row_value, name = row2array(row_excel, mnist_data.ncols)
60 | mnist_dic[name] = row_value
61 |
62 | print(mnist_dic)
63 |
64 | # calculate Kendallta
65 | for metric_1 in np.array(mnist_data.col_values(0))[2:13]:
66 | for metric_2 in np.array(mnist_data.col_values(0))[13:15]:
67 | Kendallta, p_value = kendalltau(mnist_dic[metric_1], mnist_dic[metric_2])
68 | v = func(mnist_dic[metric_2], mnist_dic[metric_1])
69 | # print(v)
70 | # print('---------------------------------------------')
71 | print('The Kendallta between {} and {} is {}'.format(metric_2, metric_1, v))
72 |
73 |
74 |
75 |
76 |
77 |
78 |
--------------------------------------------------------------------------------
/Correlation/data/cifar_data/model/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Correlation/data/mnist_data/model/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Correlation/data/svhn_data/model/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Correlation/hotpicture.py:
--------------------------------------------------------------------------------
1 | import numpy as np
2 | import pandas as pd
3 | import seaborn as sns
4 | import matplotlib.pyplot as plt
5 |
6 | if __name__ == '__main__':
7 | data = pd.read_excel(io='correlation.xlsx', sheet_name='ALL_ALL')
8 | data = data.set_index(' ')
9 |
10 | # create hot picture in Seaborn
11 | f, ax = plt.subplots(figsize=(10, 11))
12 | ax.set_xticklabels(data, rotation='horizontal')
13 |
14 | heatmap = sns.heatmap(data,
15 | square=True,
16 | cmap='coolwarm',
17 | cbar_kws={'shrink': 0.7, 'ticks': [-1, -.5, 0, 0.5, 1]},
18 | vmin=-1,
19 | vmax=1,
20 | annot=True,
21 | annot_kws={'size': 16})
22 |
23 | label_y = ax.get_yticklabels()
24 | plt.setp(label_y, rotation = 45)
25 |
26 | label_x = ax.get_xticklabels()
27 | plt.setp(label_x, rotation = 45)
28 |
29 |
30 | # cb = heatmap.figure.colorbar(heatmap.collections[0])
31 | # cb.ax.tick_params(length = 0.001, width=2, labelsize=10)
32 |
33 | # sns.set_style({'yticklabels.top': True})
34 | plt.xticks(fontsize=16)
35 | plt.yticks(fontsize=16)
36 | plt.savefig('ALL_ALL.eps', format='eps', bbox_inches='tight')
37 |
38 | plt.show()
39 |
40 |
41 |
--------------------------------------------------------------------------------
/Correlation/inner_correlation.py:
--------------------------------------------------------------------------------
1 | from scipy.stats import kendalltau
2 | import numpy as np
3 | import xlrd
4 |
5 | def row2array(row, length):
6 | row = np.array(row)
7 | arr = np.array([])
8 |
9 | for i in range(1, length, 1):
10 | arr = np.append(arr, float(row[i]))
11 |
12 | return arr, row[0]
13 |
14 |
15 | def func(a, b):
16 | Lens = len(a)
17 |
18 | ties_onlyin_x = 0
19 | ties_onlyin_y = 0
20 | con_pair = 0
21 | dis_pair = 0
22 | for i in range(Lens - 1):
23 | for j in range(i + 1, Lens):
24 | test_tying_x = np.sign(a[i] - a[j])
25 | test_tying_y = np.sign(b[i] - b[j])
26 | panduan = test_tying_x * test_tying_y
27 | if panduan == 1:
28 | con_pair += 1
29 | elif panduan == -1:
30 | dis_pair += 1
31 |
32 | if test_tying_y == 0 and test_tying_x != 0:
33 | ties_onlyin_y += 1
34 | elif test_tying_x == 0 and test_tying_y != 0:
35 | ties_onlyin_x += 1
36 |
37 | if (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y) == 0:
38 | k = 10**-1
39 | else:
40 | k = (con_pair + dis_pair + ties_onlyin_x) * (dis_pair + con_pair + ties_onlyin_y)
41 |
42 | Kendallta1 = (con_pair - dis_pair) / np.sqrt(k)
43 |
44 | return Kendallta1
45 |
46 | if __name__ == '__main__':
47 | excel = xlrd.open_workbook('correlation.xlsx')
48 |
49 | ## MNIST's related values are in sheet 0
50 | mnist_data = excel.sheet_by_index(3)
51 |
52 | print(mnist_data.name, mnist_data.nrows, mnist_data.ncols)
53 |
54 | ## get every row's value and put them in a dictionary
55 | mnist_dic = {}
56 |
57 | for j in range(2, mnist_data.nrows):
58 | row_excel = mnist_data.row_values(j)
59 | row_value, name = row2array(row_excel, mnist_data.ncols)
60 | mnist_dic[name] = row_value
61 |
62 | print(mnist_dic)
63 |
64 | # calculate Kendallta
65 | for metric_1 in np.array(mnist_data.col_values(0))[2:]:
66 | for metric_2 in np.array(mnist_data.col_values(0))[2:]:
67 | Kendallta, p_value = kendalltau(mnist_dic[metric_1], mnist_dic[metric_2])
68 | v = func(mnist_dic[metric_2], mnist_dic[metric_1])
69 | print('The Kendallta between {} and {} is {}'.format(metric_2, metric_1, v))
70 | # print(v)
71 | # print('----------------')
72 |
73 |
74 |
75 |
76 |
77 |
--------------------------------------------------------------------------------
/Correlation/inner_hotpicture.py:
--------------------------------------------------------------------------------
1 | import numpy as np
2 | import pandas as pd
3 | import seaborn as sns
4 | import matplotlib.pyplot as plt
5 |
6 | if __name__ == '__main__':
7 | data = pd.read_excel(io='correlation.xlsx', sheet_name='inner_correlation')
8 | data = data.set_index(' ')
9 | # create hot picture in Seaborn
10 | f, ax = plt.subplots(figsize=(10, 11))
11 | ax.set_xticklabels(data, rotation='horizontal')
12 |
13 | mask = np.zeros_like(data, dtype=np.bool)
14 | mask[np.triu_indices_from(mask)] = True
15 | print(type(mask))
16 |
17 | # mask = np.array([[ False, True, True, True, True, True, True, True, True, True],
18 | # [False, False, True, True, True, True, True, True, True, True],
19 | # [False, False, False, True, True, True, True, True, True, True],
20 | # [False, False, False, False, True, True, True, True, True, True],
21 | # [False, False, False, False, False, True, True, True, True, True],
22 | # [False, False, False, False, False, False, True, True, True, True],
23 | # [False, False, False, False, False, False, False, True, True, True],
24 | # [False, False, False, False, False, False, False, False, True, True],
25 | # [False, False, False, False, False, False, False, False, False, True],
26 | # [False, False, False, False, False, False, False, False, False, False]])
27 |
28 | heatmap = sns.heatmap(data,
29 | square=True,
30 | mask=mask,
31 | cmap='coolwarm',
32 | cbar_kws={'shrink': .7, 'ticks': [-1, -.5, 0, 0.5, 1]},
33 | # cbar=False,
34 | vmin=-1,
35 | vmax=1,
36 | annot=True,
37 | annot_kws={"size": 14})
38 | label_y = ax.get_yticklabels()
39 | plt.setp(label_y, rotation = 45)
40 |
41 | label_x = ax.get_xticklabels()
42 | plt.setp(label_x, rotation = 45)
43 |
44 |
45 | # cb = heatmap.figure.colorbar(heatmap.collections[0])
46 | # cb.ax.tick_params(length = 0.001, width=2, labelsize=10)
47 |
48 | # sns.set_style({'yticklabels.top': True})
49 | plt.xticks(fontsize=14)
50 | plt.yticks(fontsize=14)
51 | plt.savefig('cov_ALL_ALL.eps', format='eps', bbox_inches='tight')
52 |
53 | plt.show()
54 |
55 |
56 |
--------------------------------------------------------------------------------
/Correlation/models.py:
--------------------------------------------------------------------------------
1 | from __future__ import absolute_import
2 | from __future__ import print_function
3 |
4 | import argparse
5 | from util import get_data, get_model, cross_entropy
6 | from keras.preprocessing.image import ImageDataGenerator
7 |
8 | import tensorflow as tf
9 | import os
10 |
11 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
12 |
13 | ####for solving some specific problems, don't care
14 | config = tf.ConfigProto()
15 | config.gpu_options.allow_growth = True
16 | sess = tf.Session(config=config)
17 |
18 | CLIP_MIN = -0.5
19 | CLIP_MAX = 0.5
20 |
21 | def train(dataset='mnist', batch_size=128, epochs=50):
22 | """
23 | Train one model with data augmentation: random padding+cropping and horizontal flip
24 | :param args:
25 | :return:
26 | """
27 | print('Data set: %s' % dataset)
28 | X_train, Y_train, X_test, Y_test = get_data(dataset)
29 | model = get_model(dataset)
30 | model.compile(
31 | loss='categorical_crossentropy',
32 | # optimizer='adadelta',
33 | optimizer='adam',
34 | metrics=['accuracy']
35 | )
36 |
37 | # training without data augmentation
38 | model.fit(
39 | X_train, Y_train,
40 | epochs=epochs,
41 | batch_size=batch_size,
42 | shuffle=True,
43 | verbose=1,
44 | validation_data=(X_test, Y_test)
45 | )
46 |
47 | # # training with data augmentation
48 | # # data augmentation
49 | # datagen = ImageDataGenerator(
50 | # rotation_range=20,
51 | # width_shift_range=0.2,
52 | # height_shift_range=0.2,
53 | # horizontal_flip=True)
54 | #
55 | # model.fit_generator(
56 | # datagen.flow(X_train, Y_train, batch_size=batch_size),
57 | # steps_per_epoch=len(X_train) / batch_size,
58 | # epochs=epochs,
59 | # verbose=1,
60 | # validation_data=(X_test, Y_test))
61 |
62 | model.save('data/model_%s.h5' % dataset)
63 |
64 | def main(args):
65 | """
66 | Train model with data augmentation: random padding+cropping and horizontal flip
67 | :param args:
68 | :return:
69 | """
70 | assert args.dataset in ['mnist', 'cifar', 'svhn', 'all'], \
71 | "dataset parameter must be either 'mnist', 'cifar', 'svhn' or all"
72 | if args.dataset == 'all':
73 | for dataset in ['mnist', 'cifar', 'svhn']:
74 | train(dataset, args.batch_size, args.epochs)
75 | else:
76 | train(args.dataset, args.batch_size, args.epochs)
77 |
78 |
79 | if __name__ == "__main__":
80 | parser = argparse.ArgumentParser()
81 | parser.add_argument(
82 | '-d', '--dataset',
83 | help="Dataset to use; either 'mnist', 'cifar', 'svhn' or 'all'",
84 | required=True, type=str
85 | )
86 | parser.add_argument(
87 | '-e', '--epochs',
88 | help="The number of epochs to train for.",
89 | required=False, type=int
90 | )
91 | parser.add_argument(
92 | '-b', '--batch_size',
93 | help="The batch size to use for training.",
94 | required=False, type=int
95 | )
96 | parser.set_defaults(epochs=120)
97 | parser.set_defaults(batch_size=100)
98 | args = parser.parse_args()
99 | main(args)
100 |
--------------------------------------------------------------------------------
/Correlation/other_models_for_svhn.py:
--------------------------------------------------------------------------------
1 | from __future__ import absolute_import
2 | from __future__ import print_function
3 |
4 | import argparse
5 | import keras
6 | import numpy as np
7 | from keras.preprocessing.image import ImageDataGenerator
8 |
9 | import keras.backend as K
10 | from keras.datasets import mnist, cifar10
11 | from keras.utils import np_utils
12 | from keras.models import Sequential
13 | from keras.layers import Dense, Dropout, Activation, Flatten
14 | from keras.layers import Conv2D, MaxPooling2D, BatchNormalization, AveragePooling2D
15 | from keras.regularizers import l2
16 |
17 | import tensorflow as tf
18 | import os
19 |
20 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
21 |
22 | ####for solving some specific problems, don't care
23 | config = tf.ConfigProto()
24 | config.gpu_options.allow_growth = True
25 | sess = tf.Session(config=config)
26 |
27 |
28 | def get_model(dataset, softmax=False):
29 | if dataset == 'svhn1':
30 | ##MNIST model: 0, 2, 7, 10
31 | layers = [
32 | Conv2D(64, (3, 3), padding='valid', input_shape=(32, 32, 3)), # 0
33 | Activation('relu'), # 1
34 | BatchNormalization(), # 2
35 | Conv2D(64, (3, 3)), # 3
36 | Activation('relu'), # 4
37 | BatchNormalization(), # 5
38 | MaxPooling2D(pool_size=(2, 2)), # 6
39 | Dropout(0.5), # 7
40 | Flatten(), # 8
41 | Dense(128), # 9
42 | Activation('relu'), # 10
43 | BatchNormalization(), # 11
44 | Dropout(0.5), # 12
45 | Dense(10), # 13
46 | ]
47 |
48 | elif dataset == 'svhn2':
49 | # CIFAR-10 model
50 | layers = [
51 | Conv2D(32, (3, 3), padding='same', input_shape=(32, 32, 3)), # 0
52 | Activation('relu'), # 1
53 | BatchNormalization(), # 2
54 | Conv2D(32, (3, 3), padding='same'), # 3
55 | Activation('relu'), # 4
56 | BatchNormalization(), # 5
57 | MaxPooling2D(pool_size=(2, 2)), # 6
58 |
59 | Conv2D(64, (3, 3), padding='same'), # 7
60 | Activation('relu'), # 8
61 | BatchNormalization(), # 9
62 | Conv2D(64, (3, 3), padding='same'), # 10
63 | Activation('relu'), # 11
64 | BatchNormalization(), # 12
65 | MaxPooling2D(pool_size=(2, 2)), # 13
66 |
67 | Conv2D(128, (3, 3), padding='same'), # 14
68 | Activation('relu'), # 15
69 | BatchNormalization(), # 16
70 | Conv2D(128, (3, 3), padding='same'), # 17
71 | Activation('relu'), # 18
72 | BatchNormalization(), # 19
73 | MaxPooling2D(pool_size=(2, 2)), # 20
74 |
75 | Flatten(), # 21
76 | Dropout(0.5), # 22
77 |
78 | Dense(1024, kernel_regularizer=l2(0.01), bias_regularizer=l2(0.01)), # 23
79 | Activation('relu'), # 24
80 | BatchNormalization(), # 25
81 | Dropout(0.5), # 26
82 | Dense(512, kernel_regularizer=l2(0.01), bias_regularizer=l2(0.01)), # 27
83 | Activation('relu'), # 28
84 | BatchNormalization(), # 29
85 | Dropout(0.5), # 30
86 | Dense(10), # 31
87 | ]
88 | else:
89 | # SVHN model
90 | layers = [
91 | Conv2D(64, (3, 3), padding='valid', input_shape=(32, 32, 3)), # 0
92 | Activation('relu'), # 1
93 | BatchNormalization(), # 2
94 | Conv2D(64, (3, 3)), # 3
95 | Activation('relu'), # 4
96 | BatchNormalization(), # 5
97 | MaxPooling2D(pool_size=(2, 2)), # 6
98 |
99 | Dropout(0.5), # 7
100 | Flatten(), # 8
101 |
102 | Dense(512), # 9
103 | Activation('relu'), # 10
104 | BatchNormalization(), # 11
105 | Dropout(0.5), # 12
106 |
107 | Dense(128), # 13
108 | Activation('relu'), # 14
109 | BatchNormalization(), # 15
110 | Dropout(0.5), # 16
111 | Dense(10), # 17
112 | ]
113 |
114 | model = Sequential()
115 | for layer in layers:
116 | model.add(layer)
117 | if softmax:
118 | model.add(Activation('softmax'))
119 |
120 | return model
121 |
122 | def load_data(name):
123 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
124 | name = name.lower()
125 | x_train = np.load('./data/' + name + '_data/' + name + '_x_train.npy')
126 | y_train = np.load('./data/' + name + '_data/' + name + '_y_train.npy')
127 | x_test = np.load('./data/' + name + '_data/' + name + '_x_test.npy')
128 | y_test = np.load('./data/' + name + '_data/' + name + '_y_test.npy')
129 | return x_train, y_train, x_test, y_test
130 |
131 | if __name__ == '__main__':
132 | model = get_model('svhn1', softmax=True)
133 | adam = keras.optimizers.Adam(lr=0.00001)
134 | model.compile(loss="categorical_crossentropy", optimizer=adam, metrics=["accuracy"])
135 | model.summary()
136 |
137 | x_train, y_train, x_test, y_test = load_data('svhn')
138 |
139 | # training without data augmentation
140 | batch_size = 256
141 | epochs = 100
142 |
143 | model.fit(
144 | x_train, y_train,
145 | epochs=epochs,
146 | batch_size=batch_size,
147 | shuffle=True,
148 | verbose=1,
149 | validation_data=(x_test, y_test)
150 | )
151 |
152 | # Evaluate the adversarially trained model on clean test set
153 | labels_true = np.argmax(y_test, axis=1)
154 | labels_test = np.argmax(model.predict(x_test), axis=1)
155 | print('Accuracy test set: %.2f%%' % (np.sum(labels_test == labels_true) / x_test.shape[0] * 100))
156 |
157 | model.save('data/svhn_data/model/%s_first.h5' % 'svhn')
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/Correlation/result_mnist/attack_evaluate_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of mnist lenet1 CW is:
4 | MR: 0.9794
5 | ACAC: 0.17283572617150678
6 | ACTC: 0.12205986727591264
7 | ALP_L0: 0.9921087410868445
8 | ALP_L2: 2.3182776152342606
9 | ALP_Li: 0.43571376279589835
10 | ASS: 0.8871262006226946
11 | PSD: 14.399044853103101
12 | NTE: 0.050693713149867155
13 | RGB: 0.17367776189503778
14 | RIC: 0.13947314682458647
15 |
16 | ------------------------------------------------------------------------------
17 | the result of mnist lenet1 PGD is:
18 | MR: 1.0
19 | ACAC: 0.23194701477736235
20 | ACTC: 0.08533799987137318
21 | ALP_L0: 0.7287400510204094
22 | ALP_L2: 5.602157426643371
23 | ALP_Li: 0.30000001192092896
24 | ASS: 0.49252673611811426
25 | PSD: 111.87970784534276
26 | NTE: 0.14659806428477168
27 | RGB: 1.0
28 | RIC: 0.9657
29 |
30 | ------------------------------------------------------------------------------
31 | the result of mnist lenet4 CW is:
32 | MR: 0.983
33 | ACAC: 0.1892458970638585
34 | ACTC: 0.11104896648020492
35 | ALP_L0: 0.9915198683746588
36 | ALP_L2: 2.090469827627996
37 | ALP_Li: 0.39790846779108774
38 | ASS: 0.904372138386259
39 | PSD: 12.824029170503213
40 | NTE: 0.07797693169750615
41 | RGB: 0.11932858596134283
42 | RIC: 0.1264496439471007
43 |
44 | ------------------------------------------------------------------------------
45 | the result of mnist lenet4 PGD is:
46 | MR: 0.9998
47 | ACAC: 0.23195935824521186
48 | ACTC: 0.08533735356809116
49 | ALP_L0: 0.7458536350127186
50 | ALP_L2: 5.4303080887287996
51 | ALP_Li: 0.30000001192092896
52 | ASS: 0.5139489292607722
53 | PSD: 108.32622096825128
54 | NTE: 0.1466175194343082
55 | RGB: 1.0
56 | RIC: 0.8719743948789758
57 |
58 | ------------------------------------------------------------------------------
59 | the result of mnist lenet5 CW is:
60 | MR: 0.9835
61 | ACAC: 0.18864190615353757
62 | ACTC: 0.11170779725031982
63 | ALP_L0: 0.9918638400963259
64 | ALP_L2: 2.0719733404437393
65 | ALP_Li: 0.40644184084004054
66 | ASS: 0.9075297662690401
67 | PSD: 12.64846976746352
68 | NTE: 0.07679800383015581
69 | RGB: 0.15648195221148958
70 | RIC: 0.09374682257244535
71 |
72 | ------------------------------------------------------------------------------
73 | the result of mnist lenet5 PGD is:
74 | MR: 0.9982
75 | ACAC: 0.23193746924167452
76 | ACTC: 0.08533887733150952
77 | ALP_L0: 0.7333689160897772
78 | ALP_L2: 5.2311566093359225
79 | ALP_Li: 0.30000001192092896
80 | ASS: 0.528019939865247
81 | PSD: 102.14174285296298
82 | NTE: 0.14658266358619412
83 | RGB: 0.9998998196754157
84 | RIC: 0.7003606491685033
85 |
86 | ------------------------------------------------------------------------------
87 | the result of mnist adv_lenet1 CW is:
88 | MR: 0.2169
89 | ACAC: 0.1509020343910664
90 | ACTC: 0.13296078411031836
91 | ALP_L0: 0.9595500371656276
92 | ALP_L2: 1.097532869881336
93 | ALP_Li: 0.42148500351160556
94 | ASS: 0.96513926767561
95 | PSD: 3.844222946938152
96 | NTE: 0.017652714624142196
97 | RGB: 0.2236053480866759
98 | RIC: 0.19271553711387737
99 |
100 | ------------------------------------------------------------------------------
101 | the result of mnist adv_lenet1 PGD is:
102 | MR: 0.8084
103 | ACAC: 0.19586184434408394
104 | ACTC: 0.09686195757378303
105 | ALP_L0: 0.7350670321319991
106 | ALP_L2: 5.684536102029252
107 | ALP_Li: 0.30000001192092896
108 | ASS: 0.458765770736072
109 | PSD: 115.64191662988247
110 | NTE: 0.09533791299328717
111 | RGB: 0.9541068777832756
112 | RIC: 0.7277337951509154
113 |
114 | ------------------------------------------------------------------------------
115 | the result of mnist adv_lenet4 CW is:
116 | MR: 0.8064
117 | ACAC: 0.14898552589159134
118 | ACTC: 0.13539920206780412
119 | ALP_L0: 0.9785977169885844
120 | ALP_L2: 2.574272739751265
121 | ALP_Li: 0.7478944921075175
122 | ASS: 0.8666812471454919
123 | PSD: 13.709095931637668
124 | NTE: 0.013435594075071137
125 | RGB: 0.29377480158730157
126 | RIC: 0.17038690476190477
127 |
128 | ------------------------------------------------------------------------------
129 | the result of mnist adv_lenet4 PGD is:
130 | MR: 0.9041
131 | ACAC: 0.18634453413151175
132 | ACTC: 0.09639092566013442
133 | ALP_L0: 0.7942644788254896
134 | ALP_L2: 6.076932689334265
135 | ALP_Li: 0.30000001192092896
136 | ASS: 0.4195931704597744
137 | PSD: 131.25381342815768
138 | NTE: 0.08516287773570687
139 | RGB: 0.9931423515097887
140 | RIC: 0.8723592522951001
141 |
142 | ------------------------------------------------------------------------------
143 | the result of mnist adv_lenet5 CW is:
144 | MR: 0.3148
145 | ACAC: 0.15158166795533523
146 | ACTC: 0.13147711384156305
147 | ALP_L0: 0.9624429504965878
148 | ALP_L2: 1.4646354016854979
149 | ALP_Li: 0.5623365876938216
150 | ASS: 0.9451747020663418
151 | PSD: 5.641872926844772
152 | NTE: 0.01966621042045811
153 | RGB: 0.32750952986022874
154 | RIC: 0.20806861499364676
155 |
156 | ------------------------------------------------------------------------------
157 | the result of mnist adv_lenet5 PGD is:
158 | MR: 0.6945
159 | ACAC: 0.18551514112129755
160 | ACTC: 0.10028983638216216
161 | ALP_L0: 0.6839553856099705
162 | ALP_L2: 5.198092304776263
163 | ALP_Li: 0.30000001192092896
164 | ASS: 0.48039829112029103
165 | PSD: 100.56022387870048
166 | NTE: 0.08152225567571031
167 | RGB: 0.4514038876889849
168 | RIC: 0.31691864650827933
169 |
--------------------------------------------------------------------------------
/Correlation/result_mnist/coverage_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of mnist lenet1 CW is:
4 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
5 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
6 | NC(0.5): 0.986171132238548 activate_num: 2282 total_num: 2314
7 | NC(0.7): 0.6607605877268798 activate_num: 1529 total_num: 2314
8 | NC(0.9): 0.2999135695764909 activate_num: 694 total_num: 2314
9 | TKNC: 0.4299913569576491 pattern_num: 995 total_num: 2314
10 | TKNP: 8162
11 | KMNC: 0.963828867761452 covered_num: 22303 total_num: 23140
12 | NBC: 0.23530682800345723 l_covered_num: 513 u_covered_num: 576
13 | SNAC: 0.24891961970613655
14 |
15 | ------------------------------------------------------------------------------
16 | the result of mnist lenet1 PGD is:
17 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
18 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
19 | NC(0.5): 1.0 activate_num: 2314 total_num: 2314
20 | NC(0.7): 0.6443388072601556 activate_num: 1491 total_num: 2314
21 | NC(0.9): 0.22082973206568712 activate_num: 511 total_num: 2314
22 | TKNC: 0.45073465859982714 pattern_num: 1043 total_num: 2314
23 | TKNP: 8025
24 | KMNC: 0.9450734658599828 covered_num: 21869 total_num: 23140
25 | NBC: 0.10198789974070872 l_covered_num: 242 u_covered_num: 230
26 | SNAC: 0.09939498703543648
27 |
28 | ------------------------------------------------------------------------------
29 | the result of mnist lenet4 CW is:
30 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
31 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
32 | NC(0.5): 0.9930755914598961 activate_num: 3442 total_num: 3466
33 | NC(0.7): 0.7642815926139642 activate_num: 2649 total_num: 3466
34 | NC(0.9): 0.09636468551644548 activate_num: 334 total_num: 3466
35 | TKNC: 0.3366993652625505 pattern_num: 1167 total_num: 3466
36 | TKNP: 7591
37 | KMNC: 0.9654068090017311 covered_num: 33461 total_num: 34660
38 | NBC: 0.24812463935372187 l_covered_num: 852 u_covered_num: 868
39 | SNAC: 0.2504327755337565
40 |
41 | ------------------------------------------------------------------------------
42 | the result of mnist lenet4 PGD is:
43 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
44 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
45 | NC(0.5): 1.0 activate_num: 3466 total_num: 3466
46 | NC(0.7): 0.7386035776110791 activate_num: 2560 total_num: 3466
47 | NC(0.9): 0.08424697057126371 activate_num: 292 total_num: 3466
48 | TKNC: 0.3739180611656088 pattern_num: 1296 total_num: 3466
49 | TKNP: 8161
50 | KMNC: 0.9418061165608771 covered_num: 32643 total_num: 34660
51 | NBC: 0.17671667628390075 l_covered_num: 612 u_covered_num: 613
52 | SNAC: 0.1768609347951529
53 |
54 | ------------------------------------------------------------------------------
55 | the result of mnist lenet5 CW is:
56 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
57 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
58 | NC(0.5): 0.9893248701673398 activate_num: 3429 total_num: 3466
59 | NC(0.7): 0.8023658395845354 activate_num: 2781 total_num: 3466
60 | NC(0.9): 0.1070398153491056 activate_num: 371 total_num: 3466
61 | TKNC: 0.3231390652048471 pattern_num: 1120 total_num: 3466
62 | TKNP: 7553
63 | KMNC: 0.9663877668782458 covered_num: 33495 total_num: 34660
64 | NBC: 0.2800057703404501 l_covered_num: 950 u_covered_num: 991
65 | SNAC: 0.2859203693017888
66 |
67 | ------------------------------------------------------------------------------
68 | the result of mnist lenet5 PGD is:
69 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
70 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
71 | NC(0.5): 1.0 activate_num: 3466 total_num: 3466
72 | NC(0.7): 0.7919792267743797 activate_num: 2745 total_num: 3466
73 | NC(0.9): 0.07991921523369878 activate_num: 277 total_num: 3466
74 | TKNC: 0.39844200807847663 pattern_num: 1381 total_num: 3466
75 | TKNP: 8557
76 | KMNC: 0.9507212925562608 covered_num: 32952 total_num: 34660
77 | NBC: 0.19518176572417772 l_covered_num: 541 u_covered_num: 812
78 | SNAC: 0.23427582227351415
79 |
80 | ------------------------------------------------------------------------------
81 | the result of mnist adv_lenet1 CW is:
82 | NC(0.1): 0.9939498703543648 activate_num: 2300 total_num: 2314
83 | NC(0.3): 0.9917891097666378 activate_num: 2295 total_num: 2314
84 | NC(0.5): 0.9515989628349178 activate_num: 2202 total_num: 2314
85 | NC(0.7): 0.4848746758859118 activate_num: 1122 total_num: 2314
86 | NC(0.9): 0.24200518582541056 activate_num: 560 total_num: 2314
87 | TKNC: 0.21348314606741572 pattern_num: 494 total_num: 2314
88 | TKNP: 8552
89 | KMNC: 0.9444252376836646 covered_num: 21854 total_num: 23140
90 | NBC: 0.15730337078651685 l_covered_num: 356 u_covered_num: 372
91 | SNAC: 0.16076058772687987
92 |
93 | ------------------------------------------------------------------------------
94 | the result of mnist adv_lenet1 PGD is:
95 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
96 | NC(0.3): 0.9922212618841832 activate_num: 2296 total_num: 2314
97 | NC(0.5): 0.958513396715644 activate_num: 2218 total_num: 2314
98 | NC(0.7): 0.4848746758859118 activate_num: 1122 total_num: 2314
99 | NC(0.9): 0.2407087294727744 activate_num: 557 total_num: 2314
100 | TKNC: 0.19187554019014694 pattern_num: 444 total_num: 2314
101 | TKNP: 8850
102 | KMNC: 0.9684961106309421 covered_num: 22411 total_num: 23140
103 | NBC: 0.10350043215211754 l_covered_num: 194 u_covered_num: 285
104 | SNAC: 0.12316335350043216
105 |
106 | ------------------------------------------------------------------------------
107 | the result of mnist adv_lenet4 CW is:
108 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
109 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
110 | NC(0.5): 0.9717253317945759 activate_num: 3368 total_num: 3466
111 | NC(0.7): 0.8107328332371609 activate_num: 2810 total_num: 3466
112 | NC(0.9): 0.30496249278707444 activate_num: 1057 total_num: 3466
113 | TKNC: 0.10761684939411426 pattern_num: 373 total_num: 3466
114 | TKNP: 7482
115 | KMNC: 0.9399019042123485 covered_num: 32577 total_num: 34660
116 | NBC: 0.1984997114829775 l_covered_num: 573 u_covered_num: 803
117 | SNAC: 0.2316791690709752
118 |
119 | ------------------------------------------------------------------------------
120 | the result of mnist adv_lenet4 PGD is:
121 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
122 | NC(0.3): 1.0 activate_num: 3466 total_num: 3466
123 | NC(0.5): 0.964800923254472 activate_num: 3344 total_num: 3466
124 | NC(0.7): 0.7795729948066936 activate_num: 2702 total_num: 3466
125 | NC(0.9): 0.16358915175995384 activate_num: 567 total_num: 3466
126 | TKNC: 0.11800346220427005 pattern_num: 409 total_num: 3466
127 | TKNP: 8248
128 | KMNC: 0.9435660703981535 covered_num: 32704 total_num: 34660
129 | NBC: 0.0878534333525678 l_covered_num: 177 u_covered_num: 432
130 | SNAC: 0.12463935372186959
131 |
132 | ------------------------------------------------------------------------------
133 | the result of mnist adv_lenet5 CW is:
134 | NC(0.1): 0.9913444893248702 activate_num: 3436 total_num: 3466
135 | NC(0.3): 0.9293133294864397 activate_num: 3221 total_num: 3466
136 | NC(0.5): 0.6304096941719561 activate_num: 2185 total_num: 3466
137 | NC(0.7): 0.16330063473744952 activate_num: 566 total_num: 3466
138 | NC(0.9): 0.16156953260242354 activate_num: 560 total_num: 3466
139 | TKNC: 0.1457010963646855 pattern_num: 505 total_num: 3466
140 | TKNP: 9027
141 | KMNC: 0.9470282746682054 covered_num: 32824 total_num: 34660
142 | NBC: 0.15983843046739757 l_covered_num: 451 u_covered_num: 657
143 | SNAC: 0.18955568378534335
144 |
145 | ------------------------------------------------------------------------------
146 | the result of mnist adv_lenet5 PGD is:
147 | NC(0.1): 1.0 activate_num: 3466 total_num: 3466
148 | NC(0.3): 0.9440276976341604 activate_num: 3272 total_num: 3466
149 | NC(0.5): 0.6350259665320254 activate_num: 2201 total_num: 3466
150 | NC(0.7): 0.16358915175995384 activate_num: 567 total_num: 3466
151 | NC(0.9): 0.15983843046739757 activate_num: 554 total_num: 3466
152 | TKNC: 0.13906520484708598 pattern_num: 482 total_num: 3466
153 | TKNP: 9188
154 | KMNC: 0.9611656087709175 covered_num: 33314 total_num: 34660
155 | NBC: 0.10199076745527987 l_covered_num: 210 u_covered_num: 497
156 | SNAC: 0.1433929601846509
157 |
--------------------------------------------------------------------------------
/Correlation/result_svhn/attack_evaluate_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of svhn svhn_model CW is:
4 | MR: 1.0
5 | ACAC: 0.14566868116286913
6 | ACTC: 0.0989080177518163
7 | ALP_L0: 0.9340709021188695
8 | ALP_L2: 2.202644929653868
9 | ALP_Li: 0.05260082829878714
10 | ASS: 0.7413029095025264
11 | PSD: 112.46066871608348
12 | NTE: 0.038303708707995036
13 | RGB: 0.9563229870928088
14 | RIC: 0.7092424708051629
15 |
16 | ------------------------------------------------------------------------------
17 | the result of svhn svhn_model PGD is:
18 | MR: 0.9999231714812539
19 | ACAC: 0.23121028172794644
20 | ACTC: 0.08540613357946591
21 | ALP_L0: 0.9730665463127534
22 | ALP_L2: 1.4693323006732528
23 | ALP_Li: 0.03137255070278084
24 | ASS: 0.8214582750728917
25 | PSD: 73.60352172641657
26 | NTE: 0.145636270548168
27 | RGB: 0.9956972723780254
28 | RIC: 0.6953899346907415
29 |
30 | ------------------------------------------------------------------------------
31 | the result of svhn svhn_first CW is:
32 | MR: 1.0
33 | ACAC: 0.17587180969064348
34 | ACTC: 0.0954641474373112
35 | ALP_L0: 0.9232779207641951
36 | ALP_L2: 2.0574905610201815
37 | ALP_Li: 0.047423432462636354
38 | ASS: 0.7594119080264856
39 | PSD: 105.83307755223734
40 | NTE: 0.07323318791301542
41 | RGB: 0.9710356484326982
42 | RIC: 0.5978027043638598
43 |
44 | ------------------------------------------------------------------------------
45 | the result of svhn svhn_first PGD is:
46 | MR: 0.9991548862937922
47 | ACAC: 0.229699448987939
48 | ACTC: 0.08552298736155194
49 | ALP_L0: 0.9724395239611362
50 | ALP_L2: 1.484331595146028
51 | ALP_Li: 0.03137255071553873
52 | ASS: 0.8193188652023211
53 | PSD: 74.4017986551727
54 | NTE: 0.14347430005618034
55 | RGB: 0.9841214917339485
56 | RIC: 0.5869281045751634
57 |
58 | ------------------------------------------------------------------------------
59 | the result of svhn svhn_second CW is:
60 | MR: 1.0
61 | ACAC: 0.19783647243962718
62 | ACTC: 0.09172811965585743
63 | ALP_L0: 0.9516163774993328
64 | ALP_L2: 2.1913029322178756
65 | ALP_Li: 0.05096070944104337
66 | ASS: 0.7442135764111958
67 | PSD: 112.33869536419378
68 | NTE: 0.09939896804523857
69 | RGB: 0.9741472034419176
70 | RIC: 0.5694145666871543
71 |
72 | ------------------------------------------------------------------------------
73 | the result of svhn svhn_second PGD is:
74 | MR: 1.0
75 | ACAC: 0.2319681611869166
76 | ACTC: 0.08533705284472122
77 | ALP_L0: 0.9640272844279751
78 | ALP_L2: 1.3931732662411358
79 | ALP_Li: 0.03137255070951997
80 | ASS: 0.8328152779781176
81 | PSD: 68.52689735345196
82 | NTE: 0.14663088663075333
83 | RGB: 0.996120159803319
84 | RIC: 0.5596957590657652
85 |
86 | ------------------------------------------------------------------------------
87 | the result of svhn adv_svhn_model CW is:
88 | MR: 1.0
89 | ACAC: 0.13649764455186308
90 | ACTC: 0.11951145331003803
91 | ALP_L0: 0.7323415201722918
92 | ALP_L2: 0.9650971156984273
93 | ALP_Li: 0.18204951055517354
94 | ASS: 0.9247394815799541
95 | PSD: 25.66290678291724
96 | NTE: 0.016406980971104542
97 | RGB: 0.6796250768285187
98 | RIC: 0.5588890596189305
99 |
100 | ------------------------------------------------------------------------------
101 | the result of svhn adv_svhn_model PGD is:
102 | MR: 0.5341886908420406
103 | ACAC: 0.1401421699941364
104 | ACTC: 0.10098970443648982
105 | ALP_L0: 0.9903688811634046
106 | ALP_L2: 1.6439591869936905
107 | ALP_Li: 0.03137255064992018
108 | ASS: 0.7715088979259542
109 | PSD: 86.01947728073502
110 | NTE: 0.03381033398036337
111 | RGB: 0.9554868402128578
112 | RIC: 0.8377678699841795
113 |
114 | ------------------------------------------------------------------------------
115 | the result of svhn adv_svhn_first CW is:
116 | MR: 1.0
117 | ACAC: 0.13108901331429018
118 | ACTC: 0.11841718629105606
119 | ALP_L0: 0.6869537347263273
120 | ALP_L2: 0.8025845361892847
121 | ALP_Li: 0.17276204316278654
122 | ASS: 0.9410469935834265
123 | PSD: 19.963012295167232
124 | NTE: 0.0119352349041221
125 | RGB: 0.6791256914566687
126 | RIC: 0.562960971112477
127 |
128 | ------------------------------------------------------------------------------
129 | the result of svhn adv_svhn_first PGD is:
130 | MR: 0.5539720344191764
131 | ACAC: 0.132852166974795
132 | ACTC: 0.10140303557067148
133 | ALP_L0: 0.9908050127273825
134 | ALP_L2: 1.6474500662674894
135 | ALP_Li: 0.031372550658473
136 | ASS: 0.770005421854356
137 | PSD: 86.27861590022452
138 | NTE: 0.025504858086500326
139 | RGB: 0.9626932945010748
140 | RIC: 0.8546564038554886
141 |
142 | ------------------------------------------------------------------------------
143 | the result of svhn adv_svhn_second CW is:
144 | MR: 1.0
145 | ACAC: 0.13780119538091962
146 | ACTC: 0.11938095144004765
147 | ALP_L0: 0.7075527810923443
148 | ALP_L2: 0.9284559242672349
149 | ALP_Li: 0.20027124299367258
150 | ASS: 0.932774386674483
151 | PSD: 22.401488446039888
152 | NTE: 0.017818856805210365
153 | RGB: 0.7050169022741242
154 | RIC: 0.5424093423478795
155 |
156 | ------------------------------------------------------------------------------
157 | the result of svhn adv_svhn_second PGD is:
158 | MR: 0.49435310387215736
159 | ACAC: 0.14193962903458696
160 | ACTC: 0.10127391155419238
161 | ALP_L0: 0.9932724261063393
162 | ALP_L2: 1.6756741138260092
163 | ALP_Li: 0.03137255063149764
164 | ASS: 0.7611276766097638
165 | PSD: 88.39400395061284
166 | NTE: 0.03531877603360161
167 | RGB: 0.9717926800839226
168 | RIC: 0.8536016784520942
169 |
--------------------------------------------------------------------------------
/Correlation/result_svhn/coverage_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of svhn svhn_model CW is:
4 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
5 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
6 | NC(0.5): 0.7816698489845513 activate_num: 45032 total_num: 57610
7 | NC(0.7): 0.5880229126887693 activate_num: 33876 total_num: 57610
8 | NC(0.9): 0.018156570039923624 activate_num: 1046 total_num: 57610
9 | TKNC: 0.16934559972227045 pattern_num: 9756 total_num: 57610
10 | TKNP: 24987
11 | KMNC: 0.9766307932650582 covered_num: 562637 total_num: 576100
12 | NBC: 0.41511022391945845 l_covered_num: 23662 u_covered_num: 24167
13 | SNAC: 0.4194931435514668
14 |
15 | ------------------------------------------------------------------------------
16 | the result of svhn svhn_model PGD is:
17 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
18 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
19 | NC(0.5): 0.9985592779031418 activate_num: 57527 total_num: 57610
20 | NC(0.7): 0.595764624197188 activate_num: 34322 total_num: 57610
21 | NC(0.9): 0.026002430133657353 activate_num: 1498 total_num: 57610
22 | TKNC: 0.16787016143030725 pattern_num: 9671 total_num: 57610
23 | TKNP: 24153
24 | KMNC: 0.9689741364346468 covered_num: 558226 total_num: 576100
25 | NBC: 0.35657003992362435 l_covered_num: 20370 u_covered_num: 20714
26 | SNAC: 0.3595556327026558
27 |
28 | ------------------------------------------------------------------------------
29 | the result of svhn svhn_first CW is:
30 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
31 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
32 | NC(0.5): 1.0 activate_num: 57610 total_num: 57610
33 | NC(0.7): 0.41022391945842734 activate_num: 23633 total_num: 57610
34 | NC(0.9): 0.01909390730775907 activate_num: 1100 total_num: 57610
35 | TKNC: 0.03711161256726263 pattern_num: 2138 total_num: 57610
36 | TKNP: 25189
37 | KMNC: 0.9897986460683909 covered_num: 570223 total_num: 576100
38 | NBC: 0.5771220274257941 l_covered_num: 33749 u_covered_num: 32747
39 | SNAC: 0.5684256205519875
40 |
41 | ------------------------------------------------------------------------------
42 | the result of svhn svhn_first PGD is:
43 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
44 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
45 | NC(0.5): 1.0 activate_num: 57610 total_num: 57610
46 | NC(0.7): 0.41414684950529423 activate_num: 23859 total_num: 57610
47 | NC(0.9): 0.0229474049644159 activate_num: 1322 total_num: 57610
48 | TKNC: 0.03669501822600243 pattern_num: 2114 total_num: 57610
49 | TKNP: 24513
50 | KMNC: 0.9849158132268704 covered_num: 567410 total_num: 576100
51 | NBC: 0.4898628710293352 l_covered_num: 29145 u_covered_num: 27297
52 | SNAC: 0.47382398889081756
53 |
54 | ------------------------------------------------------------------------------
55 | the result of svhn svhn_second CW is:
56 | NC(0.1): 1.0 activate_num: 32778 total_num: 32778
57 | NC(0.3): 1.0 activate_num: 32778 total_num: 32778
58 | NC(0.5): 1.0 activate_num: 32778 total_num: 32778
59 | NC(0.7): 0.48627127951674903 activate_num: 15939 total_num: 32778
60 | NC(0.9): 0.029684544511562633 activate_num: 973 total_num: 32778
61 | TKNC: 0.06132161815852096 pattern_num: 2010 total_num: 32778
62 | TKNP: 23387
63 | KMNC: 0.988785160778571 covered_num: 324104 total_num: 327780
64 | NBC: 0.5282659100616267 l_covered_num: 17467 u_covered_num: 17164
65 | SNAC: 0.5236439074989322
66 |
67 | ------------------------------------------------------------------------------
68 | the result of svhn svhn_second PGD is:
69 | NC(0.1): 1.0 activate_num: 32778 total_num: 32778
70 | NC(0.3): 1.0 activate_num: 32778 total_num: 32778
71 | NC(0.5): 1.0 activate_num: 32778 total_num: 32778
72 | NC(0.7): 0.4583867228018793 activate_num: 15025 total_num: 32778
73 | NC(0.9): 0.029440478369638173 activate_num: 965 total_num: 32778
74 | TKNC: 0.06055891146500702 pattern_num: 1985 total_num: 32778
75 | TKNP: 21906
76 | KMNC: 0.9831350295930197 covered_num: 322252 total_num: 327780
77 | NBC: 0.4458478247605101 l_covered_num: 14843 u_covered_num: 14385
78 | SNAC: 0.4388614314479224
79 |
80 | ------------------------------------------------------------------------------
81 | the result of svhn adv_svhn_model CW is:
82 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
83 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
84 | NC(0.5): 0.8150321124804721 activate_num: 46954 total_num: 57610
85 | NC(0.7): 0.5678528033327548 activate_num: 32714 total_num: 57610
86 | NC(0.9): 0.004808193022044784 activate_num: 277 total_num: 57610
87 | TKNC: 0.10269050512063878 pattern_num: 5916 total_num: 57610
88 | TKNP: 22411
89 | KMNC: 0.9782798125325465 covered_num: 563587 total_num: 576100
90 | NBC: 0.39771741017184514 l_covered_num: 22683 u_covered_num: 23142
91 | SNAC: 0.4017010935601458
92 |
93 | ------------------------------------------------------------------------------
94 | the result of svhn adv_svhn_model PGD is:
95 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
96 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
97 | NC(0.5): 0.8333275473008158 activate_num: 48008 total_num: 57610
98 | NC(0.7): 0.6021003298038535 activate_num: 34687 total_num: 57610
99 | NC(0.9): 0.013400451310536365 activate_num: 772 total_num: 57610
100 | TKNC: 0.10119770873112306 pattern_num: 5830 total_num: 57610
101 | TKNP: 23606
102 | KMNC: 0.9759763929873286 covered_num: 562260 total_num: 576100
103 | NBC: 0.36251518833535845 l_covered_num: 19837 u_covered_num: 21932
104 | SNAC: 0.3806977955216108
105 |
106 | ------------------------------------------------------------------------------
107 | the result of svhn adv_svhn_first CW is:
108 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
109 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
110 | NC(0.5): 0.9935948620031244 activate_num: 57241 total_num: 57610
111 | NC(0.7): 0.7678701614303073 activate_num: 44237 total_num: 57610
112 | NC(0.9): 0.015761152577677486 activate_num: 908 total_num: 57610
113 | TKNC: 0.06045825377538622 pattern_num: 3483 total_num: 57610
114 | TKNP: 21733
115 | KMNC: 0.9831800034716195 covered_num: 566410 total_num: 576100
116 | NBC: 0.4008071515361916 l_covered_num: 23581 u_covered_num: 22600
117 | SNAC: 0.3922930046866863
118 |
119 | ------------------------------------------------------------------------------
120 | the result of svhn adv_svhn_first PGD is:
121 | NC(0.1): 1.0 activate_num: 57610 total_num: 57610
122 | NC(0.3): 1.0 activate_num: 57610 total_num: 57610
123 | NC(0.5): 1.0 activate_num: 57610 total_num: 57610
124 | NC(0.7): 0.806248915118903 activate_num: 46448 total_num: 57610
125 | NC(0.9): 0.06825203957646242 activate_num: 3932 total_num: 57610
126 | TKNC: 0.06103107099461899 pattern_num: 3516 total_num: 57610
127 | TKNP: 23148
128 | KMNC: 0.9813469883700746 covered_num: 565354 total_num: 576100
129 | NBC: 0.4100243013365735 l_covered_num: 23447 u_covered_num: 23796
130 | SNAC: 0.4130532893594862
131 |
132 | ------------------------------------------------------------------------------
133 | the result of svhn adv_svhn_second CW is:
134 | NC(0.1): 1.0 activate_num: 32778 total_num: 32778
135 | NC(0.3): 1.0 activate_num: 32778 total_num: 32778
136 | NC(0.5): 0.9710171456464702 activate_num: 31828 total_num: 32778
137 | NC(0.7): 0.843431569955458 activate_num: 27646 total_num: 32778
138 | NC(0.9): 0.060284337055341995 activate_num: 1976 total_num: 32778
139 | TKNC: 0.06717920556470804 pattern_num: 2202 total_num: 32778
140 | TKNP: 20859
141 | KMNC: 0.9913142961742633 covered_num: 324933 total_num: 327780
142 | NBC: 0.43959362987369577 l_covered_num: 14533 u_covered_num: 14285
143 | SNAC: 0.4358106046738666
144 |
145 | ------------------------------------------------------------------------------
146 | the result of svhn adv_svhn_second PGD is:
147 | NC(0.1): 1.0 activate_num: 32778 total_num: 32778
148 | NC(0.3): 1.0 activate_num: 32778 total_num: 32778
149 | NC(0.5): 0.9683324180853011 activate_num: 31740 total_num: 32778
150 | NC(0.7): 0.8411129416071755 activate_num: 27570 total_num: 32778
151 | NC(0.9): 0.05906400634571969 activate_num: 1936 total_num: 32778
152 | TKNC: 0.0644639697357984 pattern_num: 2113 total_num: 32778
153 | TKNP: 21835
154 | KMNC: 0.9895997315272439 covered_num: 324371 total_num: 327780
155 | NBC: 0.5257184697052901 l_covered_num: 16274 u_covered_num: 18190
156 | SNAC: 0.5549453902007444
157 |
--------------------------------------------------------------------------------
/Correlation/results_cifar/attack_evaluate_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of cifar vgg16 CW is:
4 | MR: 0.9952
5 | ACAC: 0.2016010640310333
6 | ACTC: 0.09067666997692857
7 | ALP_L0: 0.8464631206353015
8 | ALP_L2: 35.28332974153749
9 | ALP_Li: 1.7517106995447704
10 | ASS: 0.24973824056924193
11 | PSD: 1034.5292113811524
12 | NTE: 0.1042720888048063
13 | RGB: 0.886153536977492
14 | RIC: 0.900120578778135
15 |
16 | ------------------------------------------------------------------------------
17 | the result of cifar vgg16 PGD is:
18 | MR: 0.9877
19 | ACAC: 0.2312322617334502
20 | ACTC: 0.08544942551964121
21 | ALP_L0: 0.9828457408942523
22 | ALP_L2: 2.934429439320863
23 | ALP_Li: 0.06274518393560183
24 | ASS: 0.9571337045607645
25 | PSD: 107.5961986052659
26 | NTE: 0.14555208691100402
27 | RGB: 0.9038169484661335
28 | RIC: 0.8992609091829503
29 |
30 | ------------------------------------------------------------------------------
31 | the result of cifar resnet20 CW is:
32 | MR: 0.9997
33 | ACAC: 0.19346248752071318
34 | ACTC: 0.09274839146221663
35 | ALP_L0: 0.8337841521727367
36 | ALP_L2: 35.522431576670535
37 | ALP_Li: 1.750516465917711
38 | ASS: 0.2466552361482849
39 | PSD: 1054.2924747007467
40 | NTE: 0.09206673715103743
41 | RGB: 0.8923677103130939
42 | RIC: 0.9000700210063018
43 |
44 | ------------------------------------------------------------------------------
45 | the result of cifar resnet20 PGD is:
46 | MR: 0.9999
47 | ACAC: 0.2319688284986674
48 | ACTC: 0.08533677904054349
49 | ALP_L0: 0.9832891817827633
50 | ALP_L2: 2.890635849225639
51 | ALP_Li: 0.06274518362431898
52 | ASS: 0.9587496408391027
53 | PSD: 104.98767689642138
54 | NTE: 0.14663185535555948
55 | RGB: 0.8966896689668967
56 | RIC: 0.8970897089708971
57 |
58 | ------------------------------------------------------------------------------
59 | the result of cifar adv_vgg16 CW is:
60 | MR: 0.9827
61 | ACAC: 0.19105400080002494
62 | ACTC: 0.0981462115405401
63 | ALP_L0: 0.8097335201061707
64 | ALP_L2: 34.8221648148211
65 | ALP_Li: 1.752351226630259
66 | ASS: 0.27889771464217583
67 | PSD: 975.8164637804003
68 | NTE: 0.08773710485803665
69 | RGB: 0.7658491910043757
70 | RIC: 0.8983413045690445
71 |
72 | ------------------------------------------------------------------------------
73 | the result of cifar adv_vgg16 PGD is:
74 | MR: 0.5905
75 | ACAC: 0.22323622221819533
76 | ACTC: 0.0888688243036044
77 | ALP_L0: 0.9936629555637918
78 | ALP_L2: 3.3085157591846412
79 | ALP_Li: 0.06274518240921383
80 | ASS: 0.9459121817589304
81 | PSD: 129.6744993679694
82 | NTE: 0.1335512093827444
83 | RGB: 0.9109229466553768
84 | RIC: 0.9046570702794242
85 |
86 | ------------------------------------------------------------------------------
87 | the result of cifar adv_resnet20 CW is:
88 | MR: 0.993
89 | ACAC: 0.17127820807851454
90 | ACTC: 0.1023049955259097
91 | ALP_L0: 0.8011165069549325
92 | ALP_L2: 34.729862737811004
93 | ALP_Li: 1.7515871508273952
94 | ASS: 0.28095779742696625
95 | PSD: 971.1499454272861
96 | NTE: 0.0631620064542853
97 | RGB: 0.7794561933534743
98 | RIC: 0.9015105740181268
99 |
100 | ------------------------------------------------------------------------------
101 | the result of cifar adv_resnet20 PGD is:
102 | MR: 0.6337
103 | ACAC: 0.2176216954307468
104 | ACTC: 0.09146298134324113
105 | ALP_L0: 0.995130491886277
106 | ALP_L2: 3.347958404596096
107 | ALP_Li: 0.06274518356049345
108 | ASS: 0.9448974516023043
109 | PSD: 131.7033476655155
110 | NTE: 0.12497087111157236
111 | RGB: 0.8570301404450055
112 | RIC: 0.858450370837936
113 |
--------------------------------------------------------------------------------
/Correlation/results_cifar/coverage_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | the result of cifar vgg16 CW is:
4 | NC(0.1): 1.0 activate_num: 65546 total_num: 65546
5 | NC(0.3): 1.0 activate_num: 65546 total_num: 65546
6 | NC(0.5): 0.8975528636377506 activate_num: 58831 total_num: 65546
7 | NC(0.7): 0.2159552070301773 activate_num: 14155 total_num: 65546
8 | NC(0.9): 0.001388337961126537 activate_num: 91 total_num: 65546
9 | TKNC: 0.07472614652305251 pattern_num: 4898 total_num: 65546
10 | TKNP: 8715
11 | KMNC: 0.6972828242760809 covered_num: 457041 total_num: 655460
12 | NBC: 0.08510816830927898 l_covered_num: 8715 u_covered_num: 2442
13 | SNAC: 0.03725627803374729
14 |
15 | ------------------------------------------------------------------------------
16 | the result of cifar vgg16 PGD is:
17 | NC(0.1): 1.0 activate_num: 65546 total_num: 65546
18 | NC(0.3): 1.0 activate_num: 65546 total_num: 65546
19 | NC(0.5): 1.0 activate_num: 65546 total_num: 65546
20 | NC(0.7): 0.21560430842461784 activate_num: 14132 total_num: 65546
21 | NC(0.9): 0.013730815000152564 activate_num: 900 total_num: 65546
22 | TKNC: 0.062429438867360326 pattern_num: 4092 total_num: 65546
23 | TKNP: 9591
24 | KMNC: 0.9541863729289354 covered_num: 625431 total_num: 655460
25 | NBC: 0.1830546486437006 l_covered_num: 12089 u_covered_num: 11908
26 | SNAC: 0.18167393891312972
27 |
28 | ------------------------------------------------------------------------------
29 | the result of cifar resnet20 CW is:
30 | NC(0.1): 1.0 activate_num: 16394 total_num: 16394
31 | NC(0.3): 1.0 activate_num: 16394 total_num: 16394
32 | NC(0.5): 1.0 activate_num: 16394 total_num: 16394
33 | NC(0.7): 0.5233622056850067 activate_num: 8580 total_num: 16394
34 | NC(0.9): 0.03775771623764792 activate_num: 619 total_num: 16394
35 | TKNC: 0.16847627180675856 pattern_num: 2762 total_num: 16394
36 | TKNP: 8581
37 | KMNC: 0.6984872514334513 covered_num: 114510 total_num: 163940
38 | NBC: 0.04986580456264487 l_covered_num: 1145 u_covered_num: 490
39 | SNAC: 0.029888983774551667
40 |
41 | ------------------------------------------------------------------------------
42 | the result of cifar resnet20 PGD is:
43 | NC(0.1): 1.0 activate_num: 16394 total_num: 16394
44 | NC(0.3): 1.0 activate_num: 16394 total_num: 16394
45 | NC(0.5): 1.0 activate_num: 16394 total_num: 16394
46 | NC(0.7): 0.38989874344272296 activate_num: 6392 total_num: 16394
47 | NC(0.9): 0.03507380749054532 activate_num: 575 total_num: 16394
48 | TKNC: 0.16072953519580335 pattern_num: 2635 total_num: 16394
49 | TKNP: 8990
50 | KMNC: 0.9265950957667439 covered_num: 151906 total_num: 163940
51 | NBC: 0.15670367207514946 l_covered_num: 2815 u_covered_num: 2323
52 | SNAC: 0.14169818226180309
53 |
54 | ------------------------------------------------------------------------------
55 | the result of cifar adv_vgg16 CW is:
56 | NC(0.1): 1.0 activate_num: 65546 total_num: 65546
57 | NC(0.3): 1.0 activate_num: 65546 total_num: 65546
58 | NC(0.5): 0.939218258932658 activate_num: 61562 total_num: 65546
59 | NC(0.7): 0.1860830561742898 activate_num: 12197 total_num: 65546
60 | NC(0.9): 0.002990266377811003 activate_num: 196 total_num: 65546
61 | TKNC: 0.05971378878955238 pattern_num: 3914 total_num: 65546
62 | TKNP: 8569
63 | KMNC: 0.6788728526530986 covered_num: 444974 total_num: 655460
64 | NBC: 0.07404723400360053 l_covered_num: 7127 u_covered_num: 2580
65 | SNAC: 0.03936166966710402
66 |
67 | ------------------------------------------------------------------------------
68 | the result of cifar adv_vgg16 PGD is:
69 | NC(0.1): 1.0 activate_num: 65546 total_num: 65546
70 | NC(0.3): 1.0 activate_num: 65546 total_num: 65546
71 | NC(0.5): 1.0 activate_num: 65546 total_num: 65546
72 | NC(0.7): 0.1690110761907668 activate_num: 11078 total_num: 65546
73 | NC(0.9): 0.01411222652793458 activate_num: 925 total_num: 65546
74 | TKNC: 0.059423916028438044 pattern_num: 3895 total_num: 65546
75 | TKNP: 9600
76 | KMNC: 0.9645195740396058 covered_num: 632204 total_num: 655460
77 | NBC: 0.23031153693589235 l_covered_num: 15233 u_covered_num: 14959
78 | SNAC: 0.22822140176364691
79 |
80 | ------------------------------------------------------------------------------
81 | the result of cifar adv_resnet20 CW is:
82 | NC(0.1): 1.0 activate_num: 16394 total_num: 16394
83 | NC(0.3): 1.0 activate_num: 16394 total_num: 16394
84 | NC(0.5): 0.9461388312797365 activate_num: 15511 total_num: 16394
85 | NC(0.7): 0.42796144931072344 activate_num: 7016 total_num: 16394
86 | NC(0.9): 0.026351104062461876 activate_num: 432 total_num: 16394
87 | TKNC: 0.13761132121507869 pattern_num: 2256 total_num: 16394
88 | TKNP: 9449
89 | KMNC: 0.6502317921190679 covered_num: 106599 total_num: 163940
90 | NBC: 0.07618640966207149 l_covered_num: 1085 u_covered_num: 1413
91 | SNAC: 0.08619006953763572
92 |
93 | ------------------------------------------------------------------------------
94 | the result of cifar adv_resnet20 PGD is:
95 | NC(0.1): 1.0 activate_num: 16394 total_num: 16394
96 | NC(0.3): 1.0 activate_num: 16394 total_num: 16394
97 | NC(0.5): 1.0 activate_num: 16394 total_num: 16394
98 | NC(0.7): 0.4824935952177626 activate_num: 7910 total_num: 16394
99 | NC(0.9): 0.03348786141271197 activate_num: 549 total_num: 16394
100 | TKNC: 0.2126387702818104 pattern_num: 3486 total_num: 16394
101 | TKNP: 9230
102 | KMNC: 0.957368549469318 covered_num: 156951 total_num: 163940
103 | NBC: 0.19976820788093205 l_covered_num: 3097 u_covered_num: 3453
104 | SNAC: 0.21062583872148347
105 |
--------------------------------------------------------------------------------
/Correlation/test_example.sh:
--------------------------------------------------------------------------------
1 | : '
2 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar'])
3 | parser.add_argument('-model', help="target model to attack", choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5'])
4 | parser.add_argument('-attack', help="attack model", choices=['CW', 'PGD'])
5 | parser.add_argument('-batch_size', help="attack batch size", type=int, default=32)
6 | '
7 |
8 | #: 'model train'
9 | #python models.py -d mnist -e 50 -b 128
10 |
11 | #python attack.py -dataset mnist -model model_9 -attack PGD -batch_size 128
12 | #python attack_evaluate.py -dataset mnist -model model_9 -attack PGD
13 |
14 | #: 'attack'
15 | #python attack.py -dataset mnist -model lenet1 -attack CW -batch_size 128
16 | #python attack.py -dataset mnist -model lenet1 -attack PGD -batch_size 128
17 | #
18 | #python attack.py -dataset mnist -model lenet4 -attack CW -batch_size 128
19 | #python attack.py -dataset mnist -model lenet4 -attack PGD -batch_size 128
20 | #
21 | #python attack.py -dataset mnist -model lenet5 -attack CW -batch_size 128
22 | #python attack.py -dataset mnist -model lenet5 -attack PGD -batch_size 128
23 |
24 | #python attack.py -dataset cifar -model vgg16 -attack CW -batch_size 128
25 | #python attack.py -dataset cifar -model vgg16 -attack PGD -batch_size 128
26 | #
27 | #python attack.py -dataset cifar -model resnet20 -attack CW -batch_size 128
28 | #python attack.py -dataset cifar -model resnet20 -attack PGD -batch_size 128
29 |
30 | #python attack.py -dataset svhn -model svhn_model -attack CW -batch_size 128
31 | #python attack.py -dataset svhn -model svhn_model -attack PGD -batch_size 128
32 | #
33 | #python attack.py -dataset svhn -model svhn_first -attack CW -batch_size 128
34 | #python attack.py -dataset svhn -model svhn_first -attack PGD -batch_size 128
35 | #
36 | #python attack.py -dataset svhn -model svhn_second -attack CW -batch_size 128
37 | #python attack.py -dataset svhn -model svhn_second -attack PGD -batch_size 128
38 |
39 | #
40 | #: 'AttackEvaluate'
41 | #python attack_evaluate.py -dataset mnist -model lenet1 -attack CW
42 | #python attack_evaluate.py -dataset mnist -model lenet1 -attack PGD
43 |
44 | #python attack_evaluate.py -dataset mnist -model lenet4 -attack CW
45 | #python attack_evaluate.py -dataset mnist -model lenet4 -attack PGD
46 | #
47 | #python attack_evaluate.py -dataset mnist -model lenet5 -attack CW
48 | #python attack_evaluate.py -dataset mnist -model lenet5 -attack PGD
49 |
50 | #python attack_evaluate_cifar.py -dataset cifar -model vgg16 -attack CW
51 | #python attack_evaluate_cifar.py -dataset cifar -model vgg16 -attack PGD
52 | ###
53 | #python attack_evaluate_cifar.py -dataset cifar -model resnet20 -attack CW
54 | #python attack_evaluate_cifar.py -dataset cifar -model resnet20 -attack PGD
55 |
56 | #python attack_evaluate.py -dataset svhn -model svhn_model -attack CW
57 | #python attack_evaluate.py -dataset svhn -model svhn_model -attack PGD
58 |
59 | #python attack_evaluate.py -dataset svhn -model svhn_first -attack CW
60 | #python attack_evaluate.py -dataset svhn -model svhn_first -attack PGD
61 | #
62 | #python attack_evaluate.py -dataset svhn -model svhn_second -attack CW
63 | #python attack_evaluate.py -dataset svhn -model svhn_second -attack PGD
64 |
65 |
66 | #: 'coverage'
67 | #python coverage.py -dataset mnist -model lenet1 -attack CW -layer 8
68 | #python coverage.py -dataset mnist -model lenet1 -attack PGD -layer 8
69 | #
70 | #python coverage.py -dataset mnist -model lenet4 -attack CW -layer 9
71 | #python coverage.py -dataset mnist -model lenet4 -attack PGD -layer 9
72 | #
73 | #python coverage.py -dataset mnist -model lenet5 -attack CW -layer 10
74 | #python coverage.py -dataset mnist -model lenet5 -attack PGD -layer 10
75 | #
76 | #python coverage_cifar.py -dataset cifar -model vgg16 -attack CW -layer 55 -start_layer 0
77 | #python coverage_cifar.py -dataset cifar -model vgg16 -attack PGD -layer 55 -start_layer 0
78 | #
79 | #python coverage_cifar.py -dataset cifar -model resnet20 -attack CW -layer 70 -start_layer 1
80 | #python coverage_cifar.py -dataset cifar -model resnet20 -attack PGD -layer 70 -start_layer 1
81 | #
82 | #python coverage.py -dataset svhn -model svhn_model -attack CW -layer 18
83 | #python coverage.py -dataset svhn -model svhn_model -attack PGD -layer 18
84 | #
85 | #python coverage.py -dataset svhn -model svhn_first -attack CW -layer 14
86 | #python coverage.py -dataset svhn -model svhn_first -attack PGD -layer 14
87 | #
88 | #python coverage.py -dataset svhn -model svhn_second -attack CW -layer 32
89 | #python coverage.py -dataset svhn -model svhn_second -attack PGD -layer 32
90 |
91 |
92 |
93 | #: 'attack of adv_models'
94 | #python attack.py -dataset mnist -model adv_lenet1 -attack CW -batch_size 128
95 | #python attack.py -dataset mnist -model adv_lenet1 -attack PGD -batch_size 128
96 | #
97 | #python attack.py -dataset mnist -model adv_lenet4 -attack CW -batch_size 128
98 | #python attack.py -dataset mnist -model adv_lenet4 -attack PGD -batch_size 128
99 | #
100 | #python attack.py -dataset mnist -model adv_lenet5 -attack CW -batch_size 128
101 | #python attack.py -dataset mnist -model adv_lenet5 -attack PGD -batch_size 128
102 |
103 | #python attack.py -dataset cifar -model adv_vgg16 -attack CW -batch_size 128
104 | #python attack.py -dataset cifar -model adv_vgg16 -attack PGD -batch_size 128
105 | ##
106 | #python attack.py -dataset cifar -model adv_resnet20 -attack CW -batch_size 128
107 | #python attack.py -dataset cifar -model adv_resnet20 -attack PGD -batch_size 128
108 |
109 | #python attack.py -dataset svhn -model adv_svhn_model -attack CW -batch_size 128
110 | #python attack.py -dataset svhn -model adv_svhn_model -attack PGD -batch_size 128
111 | #
112 | #python attack.py -dataset svhn -model adv_svhn_first -attack CW -batch_size 128
113 | #python attack.py -dataset svhn -model adv_svhn_first -attack PGD -batch_size 128
114 | #
115 | #python attack.py -dataset svhn -model adv_svhn_second -attack CW -batch_size 128
116 | #python attack.py -dataset svhn -model adv_svhn_second -attack PGD -batch_size 128
117 |
118 |
119 | #: 'AttackEvaluate of adv_models'
120 | #python attack_evaluate.py -dataset mnist -model adv_lenet1 -attack CW
121 | #python attack_evaluate.py -dataset mnist -model adv_lenet1 -attack PGD
122 | #
123 | #python attack_evaluate.py -dataset mnist -model adv_lenet4 -attack CW
124 | #python attack_evaluate.py -dataset mnist -model adv_lenet4 -attack PGD
125 | #
126 | #python attack_evaluate.py -dataset mnist -model adv_lenet5 -attack CW
127 | #python attack_evaluate.py -dataset mnist -model adv_lenet5 -attack PGD
128 |
129 | python attack_evaluate_cifar.py -dataset cifar -model adv_vgg16 -attack CW
130 | python attack_evaluate_cifar.py -dataset cifar -model adv_vgg16 -attack PGD
131 | #
132 | python attack_evaluate_cifar.py -dataset cifar -model adv_resnet20 -attack CW
133 | python attack_evaluate_cifar.py -dataset cifar -model adv_resnet20 -attack PGD
134 |
135 | #python attack_evaluate.py -dataset svhn -model adv_svhn_model -attack CW
136 | #python attack_evaluate.py -dataset svhn -model adv_svhn_model -attack PGD
137 | #
138 | #python attack_evaluate.py -dataset svhn -model adv_svhn_first -attack CW
139 | #python attack_evaluate.py -dataset svhn -model adv_svhn_first -attack PGD
140 | #
141 | #python attack_evaluate.py -dataset svhn -model adv_svhn_second -attack CW
142 | #python attack_evaluate.py -dataset svhn -model adv_svhn_second -attack PGD
143 |
144 | #: 'coverage of adv_models'
145 | #python coverage.py -dataset mnist -model adv_lenet1 -attack CW -layer 8
146 | #python coverage.py -dataset mnist -model adv_lenet1 -attack PGD -layer 8
147 | #
148 | #python coverage.py -dataset mnist -model adv_lenet4 -attack CW -layer 9
149 | #python coverage.py -dataset mnist -model adv_lenet4 -attack PGD -layer 9
150 | #
151 | #python coverage.py -dataset mnist -model adv_lenet5 -attack CW -layer 10
152 | #python coverage.py -dataset mnist -model adv_lenet5 -attack PGD -layer 10
153 |
154 | #python coverage_cifar.py -dataset cifar -model adv_vgg16 -attack CW -layer 55 -start_layer 0
155 | #python coverage_cifar.py -dataset cifar -model adv_vgg16 -attack PGD -layer 55 -start_layer 0
156 | #
157 | #python coverage_cifar.py -dataset cifar -model adv_resnet20 -attack CW -layer 70 -start_layer 1
158 | #python coverage_cifar.py -dataset cifar -model adv_resnet20 -attack PGD -layer 70 -start_layer 1
159 |
160 | #python coverage.py -dataset svhn -model adv_svhn_model -attack CW -layer 18
161 | #python coverage.py -dataset svhn -model adv_svhn_model -attack PGD -layer 18
162 | #
163 | #python coverage.py -dataset svhn -model adv_svhn_first -attack CW -layer 14
164 | #python coverage.py -dataset svhn -model adv_svhn_first -attack PGD -layer 14
165 | #
166 | #python coverage.py -dataset svhn -model adv_svhn_second -attack CW -layer 32
167 | #python coverage.py -dataset svhn -model adv_svhn_second -attack PGD -layer 32
168 |
169 | echo 'Finish!'
170 |
171 |
--------------------------------------------------------------------------------
/Correlation/tmp/image/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_kmnc.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_kmnc.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_kmncl.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_kmncl.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_nbc.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_nbc.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_nc1.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_nc1.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_nc2.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_nc2.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_snac.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_snac.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_tknc.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_tknc.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/cov_tknp.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/cov_tknp.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/tknp_all.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/tknp_all.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/Q2_original/xlabel.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/Q2_original/xlabel.npy
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/README.md:
--------------------------------------------------------------------------------
1 | # Coverage VS. # Adv Examples (Figure 6 and figure 7)
2 |
3 | ---
4 | ## General Steps:
5 |
6 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
7 |
8 | 2. Get the results of coverage metrics change with numbers of adversarial examples (figure 6):
9 |
10 | ```$ python coverage_curve.py ```
11 |
12 | All results will be stored in 'coverage_result.txt'. It will also generate several '.npy' files and store them in 'Q2_original' folder for post-process. The excel file we use to generate figure 6 is 'figure 6.xlsx'. It includes the results and the figure 6 we got.
13 |
14 | 3. Get the change of TKNP with numbers of inputs (blue line in figure 7):
15 |
16 | ```$ python tknp_testing.py ```
17 |
18 | The results will be stored in 'testing_coverage_result.txt'. It will also generate a 'tknp_all.npy' file in 'Q2_original' folder for post-process. To generate figure 7, we need the results from this step and "TKNP VS. # adversarial examples" related data from step 2 ('cov_tknp.npy' in 'Q2_original' folder, the red line in figure 7). The excel file we use to generate figure 7 is 'figure 7.xlsx'. It includes the data we use and the figure 7 we got.
19 |
20 |
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/figure 6.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/figure 6.xlsx
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/figure 7.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage VS. # Adv Examples/figure 7.xlsx
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/testing_coverage_result.txt:
--------------------------------------------------------------------------------
1 |
2 | ------------------------------------------------------------------------------
3 | x: 1
4 | TKNP: 0
5 |
6 | ------------------------------------------------------------------------------
7 | x: 201
8 | TKNP: 199
9 |
10 | ------------------------------------------------------------------------------
11 | x: 401
12 | TKNP: 394
13 |
14 | ------------------------------------------------------------------------------
15 | x: 601
16 | TKNP: 585
17 |
18 | ------------------------------------------------------------------------------
19 | x: 801
20 | TKNP: 772
21 |
22 | ------------------------------------------------------------------------------
23 | x: 1001
24 | TKNP: 958
25 |
26 | ------------------------------------------------------------------------------
27 | x: 1201
28 | TKNP: 1138
29 |
30 | ------------------------------------------------------------------------------
31 | x: 1401
32 | TKNP: 1313
33 |
34 | ------------------------------------------------------------------------------
35 | x: 1601
36 | TKNP: 1498
37 |
38 | ------------------------------------------------------------------------------
39 | x: 1801
40 | TKNP: 1672
41 |
42 | ------------------------------------------------------------------------------
43 | x: 2001
44 | TKNP: 1841
45 |
46 | ------------------------------------------------------------------------------
47 | x: 2201
48 | TKNP: 2019
49 |
50 | ------------------------------------------------------------------------------
51 | x: 2401
52 | TKNP: 2196
53 |
54 | ------------------------------------------------------------------------------
55 | x: 2601
56 | TKNP: 2373
57 |
58 | ------------------------------------------------------------------------------
59 | x: 2801
60 | TKNP: 2545
61 |
62 | ------------------------------------------------------------------------------
63 | x: 3001
64 | TKNP: 2715
65 |
66 | ------------------------------------------------------------------------------
67 | x: 3201
68 | TKNP: 2886
69 |
70 | ------------------------------------------------------------------------------
71 | x: 3401
72 | TKNP: 3055
73 |
74 | ------------------------------------------------------------------------------
75 | x: 3601
76 | TKNP: 3230
77 |
78 | ------------------------------------------------------------------------------
79 | x: 3801
80 | TKNP: 3389
81 |
82 | ------------------------------------------------------------------------------
83 | x: 4001
84 | TKNP: 3558
85 |
86 | ------------------------------------------------------------------------------
87 | x: 4201
88 | TKNP: 3726
89 |
90 | ------------------------------------------------------------------------------
91 | x: 4401
92 | TKNP: 3893
93 |
94 | ------------------------------------------------------------------------------
95 | x: 4601
96 | TKNP: 4059
97 |
98 | ------------------------------------------------------------------------------
99 | x: 4801
100 | TKNP: 4222
101 |
102 | ------------------------------------------------------------------------------
103 | x: 5001
104 | TKNP: 4379
105 |
106 | ------------------------------------------------------------------------------
107 | x: 5201
108 | TKNP: 4550
109 |
110 | ------------------------------------------------------------------------------
111 | x: 5401
112 | TKNP: 4715
113 |
114 | ------------------------------------------------------------------------------
115 | x: 5601
116 | TKNP: 4883
117 |
118 | ------------------------------------------------------------------------------
119 | x: 5801
120 | TKNP: 5044
121 |
122 | ------------------------------------------------------------------------------
123 | x: 6001
124 | TKNP: 5196
125 |
126 | ------------------------------------------------------------------------------
127 | x: 6201
128 | TKNP: 5346
129 |
130 | ------------------------------------------------------------------------------
131 | x: 6401
132 | TKNP: 5504
133 |
134 | ------------------------------------------------------------------------------
135 | x: 6601
136 | TKNP: 5676
137 |
138 | ------------------------------------------------------------------------------
139 | x: 6801
140 | TKNP: 5848
141 |
142 | ------------------------------------------------------------------------------
143 | x: 7001
144 | TKNP: 5994
145 |
146 | ------------------------------------------------------------------------------
147 | x: 7201
148 | TKNP: 6141
149 |
150 | ------------------------------------------------------------------------------
151 | x: 7401
152 | TKNP: 6287
153 |
154 | ------------------------------------------------------------------------------
155 | x: 7601
156 | TKNP: 6447
157 |
158 | ------------------------------------------------------------------------------
159 | x: 7801
160 | TKNP: 6583
161 |
162 | ------------------------------------------------------------------------------
163 | x: 8001
164 | TKNP: 6718
165 |
166 | ------------------------------------------------------------------------------
167 | x: 8201
168 | TKNP: 6866
169 |
170 | ------------------------------------------------------------------------------
171 | x: 8401
172 | TKNP: 7017
173 |
174 | ------------------------------------------------------------------------------
175 | x: 8601
176 | TKNP: 7139
177 |
178 | ------------------------------------------------------------------------------
179 | x: 8801
180 | TKNP: 7273
181 |
182 | ------------------------------------------------------------------------------
183 | x: 9001
184 | TKNP: 7424
185 |
186 | ------------------------------------------------------------------------------
187 | x: 9201
188 | TKNP: 7566
189 |
190 | ------------------------------------------------------------------------------
191 | x: 9401
192 | TKNP: 7713
193 |
194 | ------------------------------------------------------------------------------
195 | x: 9601
196 | TKNP: 7870
197 |
198 | ------------------------------------------------------------------------------
199 | x: 9801
200 | TKNP: 8043
201 |
--------------------------------------------------------------------------------
/Coverage VS. # Adv Examples/tknp_testing.py:
--------------------------------------------------------------------------------
1 | import argparse
2 | import os
3 | import random
4 | import shutil
5 | import warnings
6 | import sys
7 |
8 | warnings.filterwarnings("ignore")
9 |
10 | from keras import backend as K
11 | import numpy as np
12 | from PIL import Image, ImageFilter
13 | from skimage.measure import compare_ssim as SSIM
14 | import keras
15 |
16 | import tensorflow as tf
17 | import os
18 |
19 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
20 |
21 | ####for solving some specific problems, don't care
22 | config = tf.ConfigProto()
23 | config.gpu_options.allow_growth = True
24 | sess = tf.Session(config=config)
25 |
26 |
27 | # helper function
28 | def get_layer_i_output(model, i, data):
29 | layer_model = K.function([model.layers[0].input], [model.layers[i].output])
30 | ret = layer_model([data])[0]
31 | num = data.shape[0]
32 | ret = np.reshape(ret, (num, -1))
33 | return ret
34 |
35 |
36 | # the data is in range(-.5, .5)
37 | def load_data(name):
38 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
39 | name = name.lower()
40 | x_train = np.load('../data/' + name + '_data/' + name + '_x_train.npy')
41 | y_train = np.load('../data/' + name + '_data/' + name + '_y_train.npy')
42 | x_test = np.load('../data/' + name + '_data/' + name + '_x_test.npy')
43 | y_test = np.load('../data/' + name + '_data/' + name + '_y_test.npy')
44 | return x_train, y_train, x_test, y_test
45 |
46 |
47 | class Coverage:
48 | def __init__(self, model, x_train, y_train, x_test, y_test, x_adv):
49 | self.model = model
50 | self.x_train = x_train
51 | self.y_train = y_train
52 | self.x_test = x_test
53 | self.y_test = y_test
54 | self.x_adv = x_adv
55 |
56 | # find scale factors and min num
57 | def scale(self, layers, batch=1024):
58 | data_num = self.x_adv.shape[0]
59 | factors = dict()
60 | for i in layers:
61 | begin, end = 0, batch
62 | max_num, min_num = np.NINF, np.inf
63 | while begin < data_num:
64 | layer_output = get_layer_i_output(self.model, i, self.x_adv[begin:end])
65 | tmp = layer_output.max()
66 | max_num = tmp if tmp > max_num else max_num
67 | tmp = layer_output.min()
68 | min_num = tmp if tmp < min_num else min_num
69 | begin += batch
70 | end += batch
71 | factors[i] = (max_num - min_num, min_num)
72 | return factors
73 |
74 | # 1 Neuron Coverage
75 | def NC(self, layers, threshold=0., batch=1024):
76 | factors = self.scale(layers, batch=batch)
77 | neuron_num = 0
78 | for i in layers:
79 | out_shape = self.model.layers[i].output.shape
80 | neuron_num += np.prod(out_shape[1:])
81 | neuron_num = int(neuron_num)
82 |
83 | activate_num = 0
84 | data_num = self.x_adv.shape[0]
85 | for i in layers:
86 | neurons = np.prod(self.model.layers[i].output.shape[1:])
87 | buckets = np.zeros(neurons).astype('bool')
88 | begin, end = 0, batch
89 | while begin < data_num:
90 | layer_output = get_layer_i_output(self.model, i, self.x_adv[begin:end])
91 | # scale the layer output to (0, 1)
92 | layer_output -= factors[i][1]
93 | layer_output /= factors[i][0]
94 | col_max = np.max(layer_output, axis=0)
95 | begin += batch
96 | end += batch
97 | buckets[col_max > threshold] = True
98 | activate_num += np.sum(buckets)
99 | # print('NC:\t{:.3f} activate_num:\t{} neuron_num:\t{}'.format(activate_num / neuron_num, activate_num, neuron_num))
100 | return activate_num / neuron_num, activate_num, neuron_num
101 |
102 | # 2 k-multisection neuron coverage, neuron boundary coverage and strong activation neuron coverage
103 | def KMNC(self, layers, k=10, batch=1024):
104 | neuron_num = 0
105 | for i in layers:
106 | out_shape = self.model.layers[i].output.shape
107 | neuron_num += np.prod(out_shape[1:])
108 | neuron_num = int(neuron_num)
109 |
110 | covered_num = 0
111 | l_covered_num = 0
112 | u_covered_num = 0
113 | for i in layers:
114 | neurons = np.prod(self.model.layers[i].output.shape[1:])
115 | print(neurons)
116 | begin, end = 0, batch
117 | data_num = self.x_train.shape[0]
118 |
119 | neuron_max = np.full(neurons, np.NINF).astype('float')
120 | neuron_min = np.full(neurons, np.inf).astype('float')
121 | while begin < data_num:
122 | layer_output_train = get_layer_i_output(self.model, i, self.x_train[begin:end])
123 | batch_neuron_max = np.max(layer_output_train, axis=0)
124 | batch_neuron_min = np.min(layer_output_train, axis=0)
125 | neuron_max = np.maximum(batch_neuron_max, neuron_max)
126 | neuron_min = np.minimum(batch_neuron_min, neuron_min)
127 | begin += batch
128 | end += batch
129 | buckets = np.zeros((neurons, k + 2)).astype('bool')
130 | interval = (neuron_max - neuron_min) / k
131 | # print(interval[8], neuron_max[8], neuron_min[8])
132 | begin, end = 0, batch
133 | data_num = self.x_adv.shape[0]
134 | while begin < data_num:
135 | layer_output_adv = get_layer_i_output(model, i, self.x_adv[begin: end])
136 | layer_output_adv -= neuron_min
137 | layer_output_adv /= (interval + 10 ** (-100))
138 | layer_output_adv[layer_output_adv < 0.] = -1
139 | layer_output_adv[layer_output_adv >= k / 1.0] = k
140 | layer_output_adv = layer_output_adv.astype('int')
141 | # index 0 for lower, 1 to k for between, k + 1 for upper
142 | layer_output_adv = layer_output_adv + 1
143 | for j in range(neurons):
144 | uniq = np.unique(layer_output_adv[:, j])
145 | # print(layer_output_adv[:, j])
146 | buckets[j, uniq] = True
147 | begin += batch
148 | end += batch
149 | covered_num += np.sum(buckets[:, 1:-1])
150 | u_covered_num += np.sum(buckets[:, -1])
151 | l_covered_num += np.sum(buckets[:, 0])
152 | print('KMNC:\t{:.3f} covered_num:\t{}'.format(covered_num / (neuron_num * k), covered_num))
153 | print(
154 | 'NBC:\t{:.3f} l_covered_num:\t{}'.format((l_covered_num + u_covered_num) / (neuron_num * 2), l_covered_num))
155 | print('SNAC:\t{:.3f} u_covered_num:\t{}'.format(u_covered_num / neuron_num, u_covered_num))
156 | return covered_num / (neuron_num * k), (l_covered_num + u_covered_num) / (
157 | neuron_num * 2), u_covered_num / neuron_num, covered_num, l_covered_num, u_covered_num, neuron_num * k
158 |
159 | # 3 top-k neuron coverage
160 | def TKNC(self, layers, k=2, batch=1024):
161 | def top_k(x, k):
162 | ind = np.argpartition(x, -k)[-k:]
163 | return ind[np.argsort((-x)[ind])]
164 |
165 | neuron_num = 0
166 | for i in layers:
167 | out_shape = self.model.layers[i].output.shape
168 | neuron_num += np.prod(out_shape[1:])
169 | neuron_num = int(neuron_num)
170 |
171 | pattern_num = 0
172 | data_num = self.x_adv.shape[0]
173 | for i in layers:
174 | pattern_set = set()
175 | begin, end = 0, batch
176 | while begin < data_num:
177 | layer_output = get_layer_i_output(self.model, i, self.x_adv[begin:end])
178 | topk = np.argpartition(layer_output, -k, axis=1)[:, -k:]
179 | topk = np.sort(topk, axis=1)
180 | # or in order
181 | # topk = np.apply_along_axis[lambda x: top_k(layer_output, k), 1, layer_output]
182 | for j in range(topk.shape[0]):
183 | pattern_set.add(tuple(topk[j]))
184 | begin += batch
185 | end += batch
186 | pattern_num += len(pattern_set)
187 | print(
188 | 'TKNC:\t{:.3f} pattern_num:\t{} neuron_num:\t{}'.format(pattern_num / neuron_num, pattern_num, neuron_num))
189 | return pattern_num / neuron_num, pattern_num, neuron_num
190 |
191 | # 4 top-k neuron patterns
192 | def TKNP(self, layers, k=2, batch=1024):
193 | def top_k(x, k):
194 | ind = np.argpartition(x, -k)[-k:]
195 | return ind[np.argsort((-x)[ind])]
196 |
197 | def to_tuple(x):
198 | l = list()
199 | for row in x:
200 | l.append(tuple(row))
201 | return tuple(l)
202 |
203 | pattern_set = set()
204 | layer_num = len(layers)
205 | data_num = self.x_adv.shape[0]
206 | patterns = np.zeros((data_num, layer_num, k))
207 | layer_cnt = 0
208 | for i in layers:
209 | neurons = np.prod(self.model.layers[i].output.shape[1:])
210 | begin, end = 0, batch
211 | while begin < data_num:
212 | layer_output = get_layer_i_output(self.model, i, self.x_adv[begin:end])
213 | topk = np.argpartition(layer_output, -k, axis=1)[:, -k:]
214 | topk = np.sort(topk, axis=1)
215 | # or in order
216 | # topk = np.apply_along_axis[lambda x: top_k(layer_output, k), 1, layer_output]
217 | patterns[begin:end, layer_cnt, :] = topk
218 | begin += batch
219 | end += batch
220 | layer_cnt += 1
221 |
222 | for i in range(patterns.shape[0]):
223 | pattern_set.add(to_tuple(patterns[i]))
224 | pattern_num = len(pattern_set)
225 | print('TKNP:\t{:.3f}'.format(pattern_num))
226 | return pattern_num
227 |
228 | def all(self, layers, batch=100):
229 | self.NC(layers, batch=batch)
230 | self.KMNC(layers, batch=batch)
231 | self.TKNC(layers, batch=batch)
232 | self.TKNP(layers, batch=batch)
233 |
234 | if __name__ == '__main__':
235 | dataset = 'mnist'
236 | model_name = 'lenet1'
237 | l = [0, 8]
238 |
239 | x_train, y_train, x_test, y_test = load_data(dataset)
240 |
241 | # ## load mine trained model
242 | from keras.models import load_model
243 |
244 | model = load_model('../data/' + dataset + '_data/model/' + model_name + '.h5')
245 | model.summary()
246 |
247 | tknp_all = np.array([])
248 |
249 | for num in range(0, 50):
250 | coverage = Coverage(model, x_train, y_train, x_test, y_test, x_test[0: 200*num])
251 | tknp = coverage.TKNP(l)
252 | tknp_all = np.append(tknp_all, tknp)
253 |
254 | with open("testing_coverage_result.txt", "a") as f:
255 | f.write("\n------------------------------------------------------------------------------\n")
256 | f.write('x: {} \n'.format(num*200+1))
257 | f.write('TKNP: {} \n'.format(tknp))
258 |
259 | np.save('Q2_original/tknp_all.npy', tknp_all)
260 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/.idea/new_criteria.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/Figure 2 and figure 3.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/Figure 2 and figure 3.xlsx
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/README.md:
--------------------------------------------------------------------------------
1 | # Coverage and Robustness VS. Training Datasets (Figure 2 and figure 3)
2 |
3 | ## Quick Start Based on Our Data:
4 |
5 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository. The fuzzing data we use to generate figure 2 and figure 3 are stored in 'fuzzing' folder. The retrained model we use to generate figure 3 are stored in 'new_model' folder.
6 |
7 | 2. Generate the data used to get figure 2:
8 |
9 | ```$ python compare_coverage.py```
10 |
11 | You can change the value of [T](https://github.com/DNNTesting/CovTesting/blob/3c73af15df594657dbc67034496b46736c7fcf13/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/compare_coverage.py#L253) (select from 1-10) to get the coverage values for T1-T10. All of the results are stored in 'coverage_result.txt'. We have put all results in 'Figure 2 and figure 3.xlsx' and use them to draw figure 2.
12 |
13 | 3. Generate the data used to get figure 3:
14 |
15 | ```$ python robustness.py```
16 |
17 | You can change the value of [T](https://github.com/DNNTesting/CovTesting/blob/3c73af15df594657dbc67034496b46736c7fcf13/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/robustness.py#L381) (select from 1-10) to get the coverage values for T1-T10. All of the results are stored in 'attack_evaluate_result.txt'. We also put all results from this step in 'Figure 2 and figure 3.xlsx' and use them to draw figure 3.
18 |
19 |
20 |
21 | ## Experiment on Your Own Data:
22 |
23 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
24 |
25 | 2. Generate new training data to be added to the original training dataset:
26 |
27 | ```$ python fuzzing.py```
28 |
29 | To generate T1-T10, please modify the [order_number](https://github.com/DNNTesting/CovTesting/blob/fd2a5c649fb73b24826c80ee060e5a0250527e61/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/fuzzing.py#L336) from 0 to 9 in sequence. All results will be stored at 'fuzzing/nc_index_{}.npy'.format(order_number).
30 |
31 | 3. Test the coverage for T1-T10:
32 |
33 | ```$ python compare_coverage.py```
34 |
35 | You can change the value of [T](https://github.com/DNNTesting/CovTesting/blob/fd2a5c649fb73b24826c80ee060e5a0250527e61/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/compare_coverage.py#L253) (select from 1-10) to get the coverage values for T1-T10, respectively. All of the results are stored in 'coverage_result.txt' and can be used to draw figure 2. (refer to 'Figure 2 and figure 3.xlsx')
36 |
37 | 4. Generate the testing dataset:
38 |
39 | ```$ python fuzzing_testset.py```
40 |
41 | ```$ python exchange_testing_dataset.py```
42 |
43 | When running 'fuzzing_testset.py', please modify the [order_number](https://github.com/DNNTesting/CovTesting/blob/fd2a5c649fb73b24826c80ee060e5a0250527e61/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/fuzzing_testset.py#L336) from 0 to 1 in sequence. The results will be stored as 'fuzzing/nc_index_test_0.npy' and 'fuzzing/nc_index_test_1.npy'. After running 'exchange_testing_dataset.py', the new testing dataset will be generated and stored as 'x_test_new.npy' at the main folder.
44 |
45 | 5. Use the new training datasets T1-T10 to retrain the model:
46 |
47 | ```$ python retrain_robustness.py```
48 |
49 | You can change the value of [T](https://github.com/DNNTesting/CovTesting/blob/fd2a5c649fb73b24826c80ee060e5a0250527e61/Coverage%20and%20Robustness%20VS.%20Training%20Datasets/retrain_robustness.py#L381) (select from 1-10) to get the models retrained by T1-T10, respectively. The retrained models are saved at ('new_model/' + dataset +'/model_{}.h5'.format(0-9)). After every retraining, this file will also measure the robustness of the corresponding retrained model and results are stored in 'attack_evaluate_result.txt', which can be used to generate figure 3. (refer to 'Figure 2 and figure 3.xlsx')
50 |
51 |
52 |
53 |
54 |
55 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/attack_evaluate_result.txt:
--------------------------------------------------------------------------------
1 | ------------------------------------------------------------------------------
2 | the result of mnist lenet1 is: original
3 | MR: 0.0293
4 | ACAC: 0.19519486766524688
5 | ACTC: 0.09909315961619693
6 | ALP_L0: 0.170822595249704
7 | ALP_L2: 5.295270156534865
8 | ALP_Li: 0.5845278733419477
9 | ASS: 0.5554944030403521
10 | PSD: 58.16996254489566
11 | NTE: 0.09096486627445285
12 | RGB: 0.9112627986348123
13 | RIC: 0.8395904436860068
14 |
15 | ------------------------------------------------------------------------------
16 | the result of mnist lenet1 is:
17 | MR: 0.023
18 | ACAC: 0.19855114879167599
19 | ACTC: 0.09745793141748595
20 | ALP_L0: 0.15186335403726708
21 | ALP_L2: 4.6578815824311715
22 | ALP_Li: 0.5115430526111437
23 | ASS: 0.6082121054436033
24 | PSD: 51.31054585312118
25 | NTE: 0.09693562433771465
26 | RGB: 0.9521739130434783
27 | RIC: 0.7913043478260869
28 |
29 | ------------------------------------------------------------------------------
30 | the result of mnist lenet1 is:
31 | MR: 0.0232
32 | ACAC: 0.19137332415015534
33 | ACTC: 0.10176250833118784
34 | ALP_L0: 0.14262623152709364
35 | ALP_L2: 4.355665459843545
36 | ALP_Li: 0.485632184507518
37 | ASS: 0.63259836123173
38 | PSD: 47.84588412451406
39 | NTE: 0.08553093822737193
40 | RGB: 0.8879310344827587
41 | RIC: 0.7370689655172413
42 |
43 | ------------------------------------------------------------------------------
44 | the result of mnist lenet1 is:
45 | MR: 0.022
46 | ACAC: 0.18973086452619595
47 | ACTC: 0.10227233855561776
48 | ALP_L0: 0.1388566790352505
49 | ALP_L2: 4.239047843895175
50 | ALP_Li: 0.47071301313963804
51 | ASS: 0.6419747999820354
52 | PSD: 46.67138023196679
53 | NTE: 0.08381578207693317
54 | RGB: 0.8727272727272727
55 | RIC: 0.6909090909090909
56 |
57 | ------------------------------------------------------------------------------
58 | the result of mnist lenet1 is:
59 | MR: 0.0216
60 | ACAC: 0.1898833983750255
61 | ACTC: 0.10216132385863198
62 | ALP_L0: 0.14132771164021168
63 | ALP_L2: 4.279591901572766
64 | ALP_Li: 0.4781953529627235
65 | ASS: 0.6369785365137149
66 | PSD: 46.984618053774405
67 | NTE: 0.08435715548694134
68 | RGB: 0.9166666666666666
69 | RIC: 0.7175925925925926
70 |
71 | ------------------------------------------------------------------------------
72 | the result of mnist lenet1 is:
73 | MR: 0.0206
74 | ACAC: 0.18899382896793698
75 | ACTC: 0.103329544796527
76 | ALP_L0: 0.13000916385971867
77 | ALP_L2: 3.9625757760503917
78 | ALP_Li: 0.4426613369034332
79 | ASS: 0.6670695211166798
80 | PSD: 43.32170096650716
81 | NTE: 0.08247436452837824
82 | RGB: 0.9077669902912622
83 | RIC: 0.6893203883495146
84 |
85 | ------------------------------------------------------------------------------
86 | the result of mnist lenet1 is:
87 | MR: 0.0204
88 | ACAC: 0.1884720841897469
89 | ACTC: 0.10374271683394909
90 | ALP_L0: 0.11969162665066033
91 | ALP_L2: 3.5730092433445595
92 | ALP_Li: 0.4017108810298583
93 | ASS: 0.6979162197710883
94 | PSD: 39.017656669490805
95 | NTE: 0.08140983841582841
96 | RGB: 0.9019607843137255
97 | RIC: 0.6764705882352942
98 |
99 | ------------------------------------------------------------------------------
100 | the result of mnist lenet1 is:
101 | MR: 0.0209
102 | ACAC: 0.18578556461625123
103 | ACTC: 0.10510888125337482
104 | ALP_L0: 0.11222048628063669
105 | ALP_L2: 3.3879735836286864
106 | ALP_Li: 0.378309410439724
107 | ASS: 0.7156088873695066
108 | PSD: 37.05617881537278
109 | NTE: 0.07762022933178542
110 | RGB: 0.9138755980861244
111 | RIC: 0.6507177033492823
112 |
113 | ------------------------------------------------------------------------------
114 | the result of mnist lenet1 is:
115 | MR: 0.0199
116 | ACAC: 0.18489264633188296
117 | ACTC: 0.10489158092731207
118 | ALP_L0: 0.1147446415752231
119 | ALP_L2: 3.4632978464790325
120 | ALP_Li: 0.3922553952015824
121 | ASS: 0.7069161940090295
122 | PSD: 37.75091487860645
123 | NTE: 0.07639547987798949
124 | RGB: 0.8844221105527639
125 | RIC: 0.6633165829145728
126 |
127 | ------------------------------------------------------------------------------
128 | the result of mnist lenet1 is:
129 | MR: 0.0193
130 | ACAC: 0.1847205438839339
131 | ACTC: 0.1054098402280264
132 | ALP_L0: 0.11227794226498895
133 | ALP_L2: 3.4038771954533966
134 | ALP_Li: 0.38439500208345717
135 | ASS: 0.7137518301791721
136 | PSD: 37.11329371754981
137 | NTE: 0.07593455798730948
138 | RGB: 0.8963730569948186
139 | RIC: 0.689119170984456
140 |
141 | ------------------------------------------------------------------------------
142 | the result of mnist lenet1 is:
143 | MR: 0.0188
144 | ACAC: 0.18647739937172292
145 | ACTC: 0.10441117293815663
146 | ALP_L0: 0.10674256404689539
147 | ALP_L2: 3.249317355771014
148 | ALP_Li: 0.36293283326828735
149 | ASS: 0.7267643434600063
150 | PSD: 35.42919943827472
151 | NTE: 0.07886774366364833
152 | RGB: 0.8723404255319149
153 | RIC: 0.6861702127659575
154 |
155 |
156 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/coverage_result.txt:
--------------------------------------------------------------------------------
1 | the result of mnist lenet1is: original
2 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
3 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
4 | NC(0.5): 0.993085566119274 activate_num: 2298 total_num: 2314
5 | NC(0.7): 0.6949006050129646 activate_num: 1608 total_num: 2314
6 | NC(0.9): 0.47968885047536736 activate_num: 1110 total_num: 2314
7 | TKNC: 0.5086430423509075 pattern_num: 1177 total_num: 2314
8 | TKNP: 37157
9 | KMNC: 0.9951166810717372 covered_num: 23027 total_num: 23140
10 | NBC: 0.45484010371650824 l_covered_num: 0 u_covered_num: 2105
11 | SNAC: 0.9096802074330165
12 |
13 | ------------------------------------------------------------------------------
14 | the result of mnist lenet1is:
15 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
16 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
17 | NC(0.5): 0.9939498703543648 activate_num: 2300 total_num: 2314
18 | NC(0.7): 0.7078651685393258 activate_num: 1638 total_num: 2314
19 | NC(0.9): 0.48055315471045806 activate_num: 1112 total_num: 2314
20 | TKNC: 0.5220397579948142 pattern_num: 1208 total_num: 2314
21 | TKNP: 37316
22 | KMNC: 0.9968885047536733 covered_num: 23068 total_num: 23140
23 | NBC: 0.4872515125324114 l_covered_num: 141 u_covered_num: 2114
24 | SNAC: 0.9135695764909249
25 |
26 | ------------------------------------------------------------------------------
27 | the result of mnist lenet1is:
28 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
29 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
30 | NC(0.5): 0.9948141745894555 activate_num: 2302 total_num: 2314
31 | NC(0.7): 0.7117545375972342 activate_num: 1647 total_num: 2314
32 | NC(0.9): 0.4822817631806396 activate_num: 1116 total_num: 2314
33 | TKNC: 0.5324114088159032 pattern_num: 1232 total_num: 2314
34 | TKNP: 37492
35 | KMNC: 0.9970181503889369 covered_num: 23071 total_num: 23140
36 | NBC: 0.4978392394122731 l_covered_num: 189 u_covered_num: 2115
37 | SNAC: 0.9140017286084702
38 |
39 | ------------------------------------------------------------------------------
40 | the result of mnist lenet1is:
41 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
42 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
43 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
44 | NC(0.7): 0.7139152981849611 activate_num: 1652 total_num: 2314
45 | NC(0.9): 0.48357821953327573 activate_num: 1119 total_num: 2314
46 | TKNC: 0.5419187554019015 pattern_num: 1254 total_num: 2314
47 | TKNP: 37637
48 | KMNC: 0.9973206568712186 covered_num: 23078 total_num: 23140
49 | NBC: 0.5058340535868626 l_covered_num: 224 u_covered_num: 2117
50 | SNAC: 0.9148660328435609
51 |
52 | ------------------------------------------------------------------------------
53 | the result of mnist lenet1is:
54 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
55 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
56 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
57 | NC(0.7): 0.7152117545375972 activate_num: 1655 total_num: 2314
58 | NC(0.9): 0.4853068280034572 activate_num: 1123 total_num: 2314
59 | TKNC: 0.5501296456352636 pattern_num: 1273 total_num: 2314
60 | TKNP: 37807
61 | KMNC: 0.9975367329299913 covered_num: 23083 total_num: 23140
62 | NBC: 0.5151253241140882 l_covered_num: 266 u_covered_num: 2118
63 | SNAC: 0.9152981849611063
64 |
65 | ------------------------------------------------------------------------------
66 | the result of mnist lenet1is:
67 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
68 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
69 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
70 | NC(0.7): 0.7156439066551427 activate_num: 1656 total_num: 2314
71 | NC(0.9): 0.4870354364736387 activate_num: 1127 total_num: 2314
72 | TKNC: 0.5561797752808989 pattern_num: 1287 total_num: 2314
73 | TKNP: 37971
74 | KMNC: 0.9976231633535004 covered_num: 23085 total_num: 23140
75 | NBC: 0.5209593777009507 l_covered_num: 292 u_covered_num: 2119
76 | SNAC: 0.9157303370786517
77 |
78 | ------------------------------------------------------------------------------
79 | the result of mnist lenet1is:
80 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
81 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
82 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
83 | NC(0.7): 0.7156439066551427 activate_num: 1656 total_num: 2314
84 | NC(0.9): 0.4878997407087295 activate_num: 1129 total_num: 2314
85 | TKNC: 0.5622299049265341 pattern_num: 1301 total_num: 2314
86 | TKNP: 38120
87 | KMNC: 0.9976231633535004 covered_num: 23085 total_num: 23140
88 | NBC: 0.5246326707000865 l_covered_num: 308 u_covered_num: 2120
89 | SNAC: 0.916162489196197
90 |
91 | ------------------------------------------------------------------------------
92 | the result of mnist lenet1is:
93 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
94 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
95 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
96 | NC(0.7): 0.7165082108902333 activate_num: 1658 total_num: 2314
97 | NC(0.9): 0.48962834917891096 activate_num: 1133 total_num: 2314
98 | TKNC: 0.5691443388072601 pattern_num: 1317 total_num: 2314
99 | TKNP: 38295
100 | KMNC: 0.9977528089887641 covered_num: 23088 total_num: 23140
101 | NBC: 0.5272255834053586 l_covered_num: 320 u_covered_num: 2120
102 | SNAC: 0.916162489196197
103 |
104 | ------------------------------------------------------------------------------
105 | the result of mnist lenet1is:
106 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
107 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
108 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
109 | NC(0.7): 0.7186689714779603 activate_num: 1663 total_num: 2314
110 | NC(0.9): 0.4913569576490925 activate_num: 1137 total_num: 2314
111 | TKNC: 0.5734658599827139 pattern_num: 1327 total_num: 2314
112 | TKNP: 38443
113 | KMNC: 0.9978824546240277 covered_num: 23091 total_num: 23140
114 | NBC: 0.5308988764044944 l_covered_num: 337 u_covered_num: 2120
115 | SNAC: 0.916162489196197
116 |
117 | ------------------------------------------------------------------------------
118 | the result of mnist lenet1is:
119 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
120 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
121 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
122 | NC(0.7): 0.7186689714779603 activate_num: 1663 total_num: 2314
123 | NC(0.9): 0.49265341400172863 activate_num: 1140 total_num: 2314
124 | TKNC: 0.5777873811581676 pattern_num: 1337 total_num: 2314
125 | TKNP: 38631
126 | KMNC: 0.9981849611063094 covered_num: 23098 total_num: 23140
127 | NBC: 0.5360847018150389 l_covered_num: 359 u_covered_num: 2122
128 | SNAC: 0.9170267934312878
129 |
130 | ------------------------------------------------------------------------------
131 | the result of mnist lenet1is:
132 | NC(0.1): 1.0 activate_num: 2314 total_num: 2314
133 | NC(0.3): 1.0 activate_num: 2314 total_num: 2314
134 | NC(0.5): 0.9952463267070009 activate_num: 2303 total_num: 2314
135 | NC(0.7): 0.7186689714779603 activate_num: 1663 total_num: 2314
136 | NC(0.9): 0.49351771823681934 activate_num: 1142 total_num: 2314
137 | TKNC: 0.5825410544511668 pattern_num: 1348 total_num: 2314
138 | TKNP: 38807
139 | KMNC: 0.9982281763180639 covered_num: 23099 total_num: 23140
140 | NBC: 0.5384615384615384 l_covered_num: 370 u_covered_num: 2122
141 | SNAC: 0.9170267934312878
142 |
143 |
144 |
145 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/exchange_testing_dataset.py:
--------------------------------------------------------------------------------
1 | import numpy as np
2 |
3 | # the data is in range(-.5, .5)
4 | def load_data(name):
5 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
6 | name = name.lower()
7 | x_train = np.load('../data/' + name + '_data/' + name + '_x_train.npy')
8 | y_train = np.load('../data/' + name + '_data/' + name + '_y_train.npy')
9 | x_test = np.load('../data/' + name + '_data/' + name + '_x_test.npy')
10 | y_test = np.load('../data/' + name + '_data/' + name + '_y_test.npy')
11 | return x_train, y_train, x_test, y_test
12 |
13 | if __name__ == '__main__':
14 | dataset = 'mnist'
15 | model_name = 'lenet1'
16 | l = [0, 8]
17 |
18 | x_train, y_train, x_test, y_test = load_data(dataset)
19 |
20 | # ## load mine trained model
21 | from keras.models import load_model
22 |
23 | model = load_model('../data/' + dataset + '_data/model/' + model_name + '.h5')
24 | model.summary()
25 |
26 | index = np.load('fuzzing/nc_index_test_{}.npy'.format(0), allow_pickle=True).item()
27 | for y, x in index.items():
28 | print(y)
29 | x_test[y] = x
30 |
31 | index = np.load('fuzzing/nc_index_test_{}.npy'.format(1), allow_pickle=True).item()
32 | for y, x in index.items():
33 | print(y)
34 | x_test[y] = x
35 |
36 | np.save('x_test_new.npy', x_test)
37 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/index.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/index.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_0.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_0.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_1.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_1.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_2.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_2.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_3.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_3.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_4.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_4.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_5.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_5.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_6.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_6.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_7.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_7.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_8.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_8.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_9.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_9.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_test_0.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_test_0.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_test_1.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/fuzzing/nc_index_test_1.npy
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/mutators.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function
2 | from importlib import reload
3 | import sys
4 | import cv2
5 | import numpy as np
6 | import random
7 | import time
8 | import copy
9 | reload(sys)
10 | # sys.setdefaultencoding('utf8')
11 |
12 |
13 |
14 | # keras 1.2.2 tf:1.2.0
15 | class Mutators():
16 | def image_translation(img, params):
17 |
18 | rows, cols, ch = img.shape
19 | # rows, cols = img.shape
20 |
21 | # M = np.float32([[1, 0, params[0]], [0, 1, params[1]]])
22 | M = np.float32([[1, 0, params], [0, 1, params]])
23 | dst = cv2.warpAffine(img, M, (cols, rows))
24 | return dst
25 |
26 | def image_scale(img, params):
27 |
28 | # res = cv2.resize(img, None, fx=params[0], fy=params[1], interpolation=cv2.INTER_CUBIC)
29 | rows, cols, ch = img.shape
30 | res = cv2.resize(img, None, fx=params, fy=params, interpolation=cv2.INTER_CUBIC)
31 | res = res.reshape((res.shape[0],res.shape[1],ch))
32 | y, x, z = res.shape
33 | if params > 1: # need to crop
34 | startx = x // 2 - cols // 2
35 | starty = y // 2 - rows // 2
36 | return res[starty:starty + rows, startx:startx + cols]
37 | elif params < 1: # need to pad
38 | sty = (rows - y) // 2
39 | stx = (cols - x) // 2
40 | return np.pad(res, [(sty, rows - y - sty), (stx, cols - x - stx), (0, 0)], mode='constant', constant_values=0)
41 | return res
42 |
43 | def image_shear(img, params):
44 | rows, cols, ch = img.shape
45 | # rows, cols = img.shape
46 | factor = params * (-1.0)
47 | M = np.float32([[1, factor, 0], [0, 1, 0]])
48 | dst = cv2.warpAffine(img, M, (cols, rows))
49 | return dst
50 |
51 | def image_rotation(img, params):
52 | rows, cols, ch = img.shape
53 | # rows, cols = img.shape
54 | M = cv2.getRotationMatrix2D((cols / 2, rows / 2), params, 1)
55 | dst = cv2.warpAffine(img, M, (cols, rows), flags=cv2.INTER_AREA)
56 | return dst
57 |
58 | def image_contrast(img, params):
59 | alpha = params
60 | new_img = cv2.multiply(img, np.array([alpha])) # mul_img = img*alpha
61 | # new_img = cv2.add(mul_img, beta) # new_img = img*alpha + beta
62 |
63 | return new_img
64 |
65 | def image_brightness(img, params):
66 | beta = params
67 | new_img = cv2.add(img, beta) # new_img = img*alpha + beta
68 | return new_img
69 |
70 | def image_blur(img, params):
71 |
72 | # print("blur")
73 | blur = []
74 | if params == 1:
75 | blur = cv2.blur(img, (3, 3))
76 | if params == 2:
77 | blur = cv2.blur(img, (4, 4))
78 | if params == 3:
79 | blur = cv2.blur(img, (5, 5))
80 | if params == 4:
81 | blur = cv2.GaussianBlur(img, (3, 3), 0)
82 | if params == 5:
83 | blur = cv2.GaussianBlur(img, (5, 5), 0)
84 | if params == 6:
85 | blur = cv2.GaussianBlur(img, (7, 7), 0)
86 | if params == 7:
87 | blur = cv2.medianBlur(img, 3)
88 | if params == 8:
89 | blur = cv2.medianBlur(img, 5)
90 | # if params == 9:
91 | # blur = cv2.blur(img, (6, 6))
92 | if params == 9:
93 | blur = cv2.bilateralFilter(img, 6, 50, 50)
94 | # blur = cv2.bilateralFilter(img, 9, 75, 75)
95 | return blur
96 |
97 | def image_pixel_change(img, params):
98 | # random change 1 - 5 pixels from 0 -255
99 | img_shape = img.shape
100 | img1d = np.ravel(img)
101 | arr = np.random.randint(0, len(img1d), params)
102 | for i in arr:
103 | img1d[i] = np.random.randint(0, 256)
104 | new_img = img1d.reshape(img_shape)
105 | return new_img
106 |
107 | def image_noise(img, params):
108 | if params == 1: # Gaussian-distributed additive noise.
109 | row, col, ch = img.shape
110 | mean = 0
111 | var = 0.1
112 | sigma = var ** 0.5
113 | gauss = np.random.normal(mean, sigma, (row, col, ch))
114 | gauss = gauss.reshape(row, col, ch)
115 | noisy = img + gauss
116 | return noisy.astype(np.uint8)
117 | elif params == 2: # Replaces random pixels with 0 or 1.
118 | s_vs_p = 0.5
119 | amount = 0.004
120 | out = np.copy(img)
121 | # Salt mode
122 | num_salt = np.ceil(amount * img.size * s_vs_p)
123 | coords = [np.random.randint(0, i, int(num_salt))
124 | for i in img.shape]
125 | out[tuple(coords)] = 1
126 |
127 | # Pepper mode
128 | num_pepper = np.ceil(amount * img.size * (1. - s_vs_p))
129 | coords = [np.random.randint(0, i, int(num_pepper))
130 | for i in img.shape]
131 | out[tuple(coords)] = 0
132 | return out
133 | elif params == 3: # Multiplicative noise using out = image + n*image,where n is uniform noise with specified mean & variance.
134 | row, col, ch = img.shape
135 | gauss = np.random.randn(row, col, ch)
136 | gauss = gauss.reshape(row, col, ch)
137 | noisy = img + img * gauss
138 | return noisy.astype(np.uint8)
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 | # transformations = [image_translation, image_scale, image_shear, image_rotation,
155 | # image_contrast, image_brightness, image_blur, image_pixel_change, image_noise]
156 | #
157 | # # these parameters need to be carefullly considered in the experiment
158 | # # to consider the feedbacks
159 | # params = []
160 | # params.append(list(range(-3, 3))) # image_translation
161 | # params.append(list(map(lambda x: x * 0.1, list(range(7, 12))))) # image_scale
162 | # params.append(list(map(lambda x: x * 0.1, list(range(-6, 6))))) # image_shear
163 | # params.append(list(range(-50, 50))) # image_rotation
164 | # params.append(list(map(lambda x: x * 0.1, list(range(5, 13))))) # image_contrast
165 | # params.append(list(range(-20, 20))) # image_brightness
166 | # params.append(list(range(1, 10))) # image_blur
167 | # params.append(list(range(1, 10))) # image_pixel_change
168 | # params.append(list(range(1, 4))) # image_noise
169 | #
170 | # classA = [7, 8] # pixel value transformation
171 | # classB = [0, 1, 2, 3, 4, 5, 6] # Affine transformation
172 | # @staticmethod
173 | # def mutate_one(ref_img, img, cl, l0_ref, linf_ref, try_num=50):
174 | #
175 | # # ref_img is the reference image, img is the seed
176 | #
177 | # # cl means the current state of transformation
178 | # # 0 means it can select both of Affine and Pixel transformations
179 | # # 1 means it only select pixel transformation because an Affine transformation has been used before
180 | #
181 | # # l0_ref, linf_ref: if the current seed is mutated from affine transformation, we will record the l0, l_inf
182 | # # between initial image and the reference image. i.e., L0(s_0,s_{j-1}) L_inf(s_0,s_{j-1}) in Equation 2 of the paper
183 | #
184 | # # tyr_num is the maximum number of trials in Algorithm 2
185 | #
186 | #
187 | # x, y, z = img.shape
188 | #
189 | # # a, b is the alpha and beta in Equation 1 in the paper
190 | # a = 0.02
191 | # b = 0.20
192 | #
193 | # # l0: alpha * size(s), l_infinity: beta * 255 in Equation 1
194 | # l0 = int(a * x * y * z)
195 | # l_infinity = int(b * 255)
196 | #
197 | # ori_shape = ref_img.shape
198 | # for ii in range(try_num):
199 | # random.seed(time.time())
200 | # if cl == 0: # 0: can choose class A and B
201 | # tid = random.sample(Mutators.classA + Mutators.classB, 1)[0]
202 | # # Randomly select one transformation Line-7 in Algorithm2
203 | # transformation = Mutators.transformations[tid]
204 | # params = Mutators.params[tid]
205 | # # Randomly select one parameter Line 10 in Algo2
206 | # param = random.sample(params, 1)[0]
207 | #
208 | # # Perform the transformation Line 11 in Algo2
209 | # img_new = transformation(copy.deepcopy(img), param)
210 | # img_new = img_new.reshape(ori_shape)
211 | #
212 | # if tid in Mutators.classA:
213 | # sub = ref_img - img_new
214 | # # check whether it is a valid mutation. i.e., Equation 1 and Line 12 in Algo2
215 | # l0_ref = np.sum(sub != 0)
216 | # linf_ref = np.max(abs(sub))
217 | # if l0_ref < l0 or linf_ref < l_infinity:
218 | # return ref_img, img_new, 0, 1, l0_ref, linf_ref
219 | # else: # B, C
220 | # # If the current transformation is an Affine trans, we will update the reference image and
221 | # # the transformation state of the seed.
222 | # ref_img = transformation(copy.deepcopy(ref_img), param)
223 | # ref_img = ref_img.reshape(ori_shape)
224 | # return ref_img, img_new, 1, 1, l0_ref, linf_ref
225 | # if cl == 1: # 0: can choose class A
226 | # tid = random.sample(Mutators.classA, 1)[0]
227 | # transformation = Mutators.transformations[tid]
228 | # params = Mutators.params[tid]
229 | # param = random.sample(params, 1)[0]
230 | # img_new = transformation(copy.deepcopy(img), param)
231 | # sub = ref_img - img_new
232 | #
233 | # # To compute the value in Equation 2 in the paper.
234 | # l0_new = l0_ref + np.sum(sub != 0)
235 | # linf_new = max(linf_ref , np.max(abs(sub)))
236 | #
237 | # if l0_new < l0 or linf_new < l_infinity:
238 | # return ref_img, img_new, 1, 1, l0_ref, linf_ref
239 | # # Otherwise the mutation is failed. Line 20 in Algo 2
240 | # return ref_img, img, cl, 0, l0_ref, linf_ref
241 | #
242 | # @staticmethod
243 | # def mutate_without_limitation(ref_img):
244 | #
245 | # tid = random.sample(Mutators.classA + Mutators.classB, 1)[0]
246 | # transformation = Mutators.transformations[tid]
247 | # ori_shape = ref_img.shape
248 | # params = Mutators.params[tid]
249 | # param = random.sample(params, 1)[0]
250 | # img_new = transformation(ref_img, param)
251 | # img_new = img_new.reshape(ori_shape)
252 | # return img_new
253 | # @staticmethod
254 | # #Algorithm 2
255 | # def image_random_mutate(seed, batch_num):
256 | #
257 | # test = np.load(seed.fname)
258 | # ref_img = test[0]
259 | # img = test[1]
260 | # cl = seed.clss
261 | # ref_batches = []
262 | # batches = []
263 | # cl_batches = []
264 | # l0_ref_batches = []
265 | # linf_ref_batches = []
266 | # for i in range(batch_num):
267 | # ref_out, img_out, cl_out, changed, l0_ref, linf_ref = Mutators.mutate_one(ref_img, img, cl, seed.l0_ref, seed.linf_ref)
268 | # if changed:
269 | # ref_batches.append(ref_out)
270 | # batches.append(img_out)
271 | # cl_batches.append(cl_out)
272 | # l0_ref_batches.append(l0_ref)
273 | # linf_ref_batches.append(linf_ref)
274 | #
275 | # return np.asarray(ref_batches), np.asarray(batches), cl_batches, l0_ref_batches, linf_ref_batches
276 | #
277 | #
278 | # if __name__ == '__main__':
279 | # print("main Test.")
280 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_0.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_0.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_1.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_1.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_2.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_2.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_3.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_3.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_4.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_4.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_5.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_5.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_6.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_6.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_7.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_7.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_8.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_8.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_9.h5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/new_model/mnist/model_9.h5
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/tmp/image/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Coverage and Robustness VS. Training Datasets/x_test_new.npy:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RU-System-Software-and-Security/CovTesting/e81fba1859a38a85a434a4819b043b63e7b3336d/Coverage and Robustness VS. Training Datasets/x_test_new.npy
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 DNNTesting
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/.idea/inspectionProfiles/profiles_settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/.idea/new_criteria.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/README.md:
--------------------------------------------------------------------------------
1 | # Model Accuracy under Different Scenarios (Table 3)
2 |
3 | ---
4 | ## Quick Start Based on Our Data:
5 |
6 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
7 |
8 | 2. We have put [commands](https://github.com/DNNTesting/CovTesting/blob/59c3005040dae76c5531a224ce2ce45696b385d3/Model%20Accuracy%20under%20Different%20Scenarios/test_example.sh#L7-L16) in 'test_example.sh' script for reference. To get the results of model accuracy under different scenarios for CIFAR VGG16 model and SVHN SADL-1 model, please run the following commands:
9 |
10 | ```
11 | python all.py -dataset cifar -model vgg16
12 | python all.py -dataset svhn -model svhn_model
13 | ```
14 |
15 | The results will be stored in 'result.txt'.
16 |
17 | *(We only keep the original models and datasets we used to get the results of CIFAR VGG16 and SVHN SADL-1. But users can generate their own models and datasets to get the similar results according to the steps in the following '**Experiment on Your Own Data**' section. We will take the steps to generate the results of MNIST LeNet-1 as an example.)*
18 |
19 | To understand the meaning of the numbers in 'result.txt', we can take 'the result of cifar vgg16' as an example. The numbers after 'Benign-dh' is the numbers at the 8th row and the 3rd column in Table 3. The numbers after 'DH-dh' is the numbers at the 8th row and the 4th column. The numbers after 'PGD-dh' is the numbers at the 8th row and the 5th column. The numbers after 'DH-pgd' is the numbers at the 10th row and the 4th column. As for the numbers at the 10th row and the 3rd column and the numbers at the 10th row and the 5th column in Table 3, they can be gotten from the data used to generate Figure 4.
20 |
21 |
22 |
23 |
24 | ## Experiment on Your Own Data (Use LeNet1 model as example):
25 |
26 | 1. Before the experiment, please be sure that the data is well prepared according to the tutorial in the main page of the repository.
27 |
28 | 2. Generate new training data to be added to the original training dataset using Deephunter:
29 |
30 | ```$ python fuzzing.py ```
31 |
32 | Please select the [order_number](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/fuzzing.py#L336) from 0 to 9 and repeat this step if you want to generate more new training data. All results will be stored at 'fuzzing/nc_index_{}.npy'.format(order_number). This file only shows how to fuzz LeNet1 model. If you want to do this for other models, please modify the [dataset, model_name and model_layer](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/fuzzing.py#L319-L321).
33 |
34 | 3. Use the new training datasets to retrain the model:
35 |
36 | ```$ python retrain_robustness.py ```
37 |
38 | You can modify the [codes here](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/retrain_robustness.py#L381-L394) to get the models retrained by the training dataset gotten from step 2. Please modify the number behind 'format' to use the corresponding training dataset. Here, if you want to use more training dataset, please keep all the codes, because the new training datasets are concatenated to the original datasets one by one. The retrained model is saved at (''new_model/dp_{}.h5'.format(model_name)'). (We have put one well retrained LeNet1 model at that position. It's ok if you want to retrain your own model). This file only shows how to retrain LeNet1 model. If you want to do this for other models, please modify the [dataset and model_name](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/retrain_robustness.py#L368-L369).
39 |
40 | 4. Generate new testing dataset attacked by PGD attack:
41 |
42 | ```$ python pgd_attack.py ```
43 |
44 | The results will be stored at './data/' + dataset + '\_data/model/' + model_name + '_' + attack + '.npy'. This file only shows PGD attack to LeNet1 model. If you want to do this for other models, please modify the [dataset and model_name](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/pgd_attack.py#L266-L267).
45 |
46 | 5. Generate the new testing dataset generated by Deephunter:
47 |
48 | ```$ python deephunter_attack.py ```
49 |
50 | The results will be stored at './data/' + dataset + '\_data/model/' + 'deephunter_adv_test_{}.npy'.format(model_name)'. This file only shows Deephunter to LeNet1 model. If you want to do this for other models, please modify the [dataset and model_name](https://github.com/DNNTesting/CovTesting/blob/b4f006e28cf8d49c0d95ca71d4e52416d1466623/Table%203/deephunter_attack.py#L304-L305).
51 |
52 | 6. Get the results of model accuracy under different scenarios for MNIST LeNet1 model:
53 |
54 | ```$ python all.py -dataset mnist -model lenet1```
55 |
56 | The results will be stored in 'result.txt'.
57 |
58 | (The final results depend on the training parameters, the size of new training datasets, the attack parameters and some other hyper-parameters. If the new results are consistent with our conclusion, then the new results are acceptable.)
59 |
60 |
61 |
62 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/all.py:
--------------------------------------------------------------------------------
1 | import argparse
2 | import os
3 | import random
4 | import shutil
5 | import warnings
6 | import sys
7 |
8 | warnings.filterwarnings("ignore")
9 |
10 | from keras import backend as K
11 | import numpy as np
12 | from PIL import Image, ImageFilter
13 | from skimage.measure import compare_ssim as SSIM
14 | import keras
15 | from util import get_model
16 |
17 | import tensorflow as tf
18 | import os
19 |
20 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
21 |
22 | ####for solving some specific problems, don't care
23 | config = tf.ConfigProto()
24 | config.gpu_options.allow_growth = True
25 | sess = tf.Session(config=config)
26 |
27 | # the data is in range(-.5, .5)
28 | def load_data(name):
29 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
30 | name = name.lower()
31 | x_train = np.load('./data/' + name + '_data/' + name + '_x_train.npy')
32 | y_train = np.load('./data/' + name + '_data/' + name + '_y_train.npy')
33 | x_test = np.load('./data/' + name + '_data/' + name + '_x_test.npy')
34 | y_test = np.load('./data/' + name + '_data/' + name + '_y_test.npy')
35 | return x_train, y_train, x_test, y_test
36 |
37 | class AttackEvaluate:
38 | # model does not have softmax layer
39 | def __init__(self, model, ori_x, ori_y, adv_x):
40 | self.model = model
41 | # get the raw data
42 | self.nature_samples = ori_x
43 | self.labels_samples = ori_y
44 | # get the adversarial examples
45 | self.adv_samples = adv_x
46 | # self.adv_labels = np.load('{}{}_AdvLabels.npy'.format(self.AdvExamplesDir, self.AttackName))
47 |
48 | predictions = model.predict(self.adv_samples)
49 |
50 | def soft_max(x):
51 | return np.exp(x) / np.sum(np.exp(x), axis=0)
52 |
53 | tmp_soft_max = []
54 | for i in range(len(predictions)):
55 | tmp_soft_max.append(soft_max(predictions[i]))
56 |
57 | self.softmax_prediction = np.array(tmp_soft_max)
58 |
59 | # help function
60 | def successful(self, adv_softmax_preds, nature_true_preds):
61 | if np.argmax(adv_softmax_preds) != np.argmax(nature_true_preds):
62 | return True
63 | else:
64 | return False
65 |
66 | # 1 MR:Misclassification Rate
67 | def misclassification_rate(self):
68 |
69 | cnt = 0
70 | for i in range(len(self.adv_samples)):
71 | if self.successful(adv_softmax_preds=self.softmax_prediction[i], nature_true_preds=self.labels_samples[i]):
72 | cnt += 1
73 | mr = cnt / len(self.adv_samples)
74 | print('MR:\t\t{:.1f}%'.format(mr * 100))
75 | return mr
76 |
77 |
78 |
79 | if __name__ == '__main__':
80 | parser = argparse.ArgumentParser(description='MR and Linf')
81 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar', 'svhn'])
82 | parser.add_argument('-model', help="target model to attack",
83 | choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'svhn_model',
84 | 'svhn_first', 'svhn_second'])
85 | args = parser.parse_args()
86 |
87 | dataset = args.dataset
88 | model_name = args.model
89 | attack = 'PGD'
90 |
91 | ### benign dataset
92 | x_train, y_train, x_test, y_test = load_data(dataset)
93 |
94 | ### deephunter dataset
95 | x_adv_dp = np.load('./data/' + dataset + '_data/model/' + 'deephunter_adv_test_{}.npy'.format(model_name))
96 |
97 | ### pgd dataset
98 | x_adv_pgd = np.load('./data/' + dataset + '_data/model/' + model_name + '_' + attack + '.npy')
99 |
100 |
101 |
102 | # ## load benign model
103 | from keras.models import load_model
104 |
105 | model_benign = load_model('./data/' + dataset + '_data/model/' + model_name + '.h5')
106 | model_benign.summary()
107 |
108 | # ## load deephunter model
109 | from keras.models import load_model
110 |
111 | model_dp = load_model('new_model/dp_{}.h5'.format(model_name))
112 | model_dp.summary()
113 |
114 | ##### load pgd trained model
115 | model_pgd = load_model('./data/' + dataset + '_data/model/adv_' + model_name + '.h5')
116 | model_pgd.summary()
117 |
118 |
119 | ##############################Q1########################
120 | criteria1_1 = AttackEvaluate(model_benign, x_test, y_test, x_test)
121 | MR1_1 = 1 - criteria1_1.misclassification_rate()
122 |
123 | criteria1_2 = AttackEvaluate(model_dp, x_test, y_test, x_test)
124 | MR1_2 = 1 - criteria1_2.misclassification_rate()
125 |
126 |
127 | ##############################Q2#########################
128 | criteria2_1 = AttackEvaluate(model_benign, x_test, y_test, x_adv_dp)
129 | MR2_1 = 1 - criteria2_1.misclassification_rate()
130 |
131 | criteria2_2 = AttackEvaluate(model_dp, x_test, y_test, x_adv_dp)
132 | MR2_2 = 1 - criteria2_2.misclassification_rate()
133 |
134 |
135 | #############################Q3##########################
136 | criteria3 = AttackEvaluate(model_dp, x_test, y_test, x_adv_pgd)
137 | MR3 = 1 - criteria3.misclassification_rate()
138 |
139 |
140 | #############################Q4##########################
141 | criteria4 = AttackEvaluate(model_pgd, x_test, y_test, x_adv_dp)
142 | MR4 = 1 - criteria4.misclassification_rate()
143 |
144 | print(MR1_1, MR1_2)
145 | print(MR2_1, MR2_2)
146 | print(MR3)
147 | print(MR4)
148 |
149 | with open("result.txt", "a") as f:
150 | f.write("\n------------------------------------------------------------------------------\n")
151 | f.write('the result of {} {} is: \n'.format(args.dataset, args.model))
152 | f.write('Benign-dh is {} and ({})\n'.format(MR1_2, MR1_2-MR1_1))
153 | f.write('DH-dh is {} and ({})\n'.format(MR2_2, MR2_2-MR2_1))
154 | f.write('PGD-dh is {} \n'.format(MR3))
155 | f.write('DH-pgd is {} and ({})\n'.format(MR4, MR4-MR2_1))
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/data/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/fuzzing/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/mutators.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function
2 | from importlib import reload
3 | import sys
4 | import cv2
5 | import numpy as np
6 | import random
7 | import time
8 | import copy
9 | reload(sys)
10 | # sys.setdefaultencoding('utf8')
11 |
12 |
13 |
14 | # keras 1.2.2 tf:1.2.0
15 | class Mutators():
16 | def image_translation(img, params):
17 |
18 | rows, cols, ch = img.shape
19 | # rows, cols = img.shape
20 |
21 | # M = np.float32([[1, 0, params[0]], [0, 1, params[1]]])
22 | M = np.float32([[1, 0, params], [0, 1, params]])
23 | dst = cv2.warpAffine(img, M, (cols, rows))
24 | return dst
25 |
26 | def image_scale(img, params):
27 |
28 | # res = cv2.resize(img, None, fx=params[0], fy=params[1], interpolation=cv2.INTER_CUBIC)
29 | rows, cols, ch = img.shape
30 | res = cv2.resize(img, None, fx=params, fy=params, interpolation=cv2.INTER_CUBIC)
31 | res = res.reshape((res.shape[0],res.shape[1],ch))
32 | y, x, z = res.shape
33 | if params > 1: # need to crop
34 | startx = x // 2 - cols // 2
35 | starty = y // 2 - rows // 2
36 | return res[starty:starty + rows, startx:startx + cols]
37 | elif params < 1: # need to pad
38 | sty = (rows - y) // 2
39 | stx = (cols - x) // 2
40 | return np.pad(res, [(sty, rows - y - sty), (stx, cols - x - stx), (0, 0)], mode='constant', constant_values=0)
41 | return res
42 |
43 | def image_shear(img, params):
44 | rows, cols, ch = img.shape
45 | # rows, cols = img.shape
46 | factor = params * (-1.0)
47 | M = np.float32([[1, factor, 0], [0, 1, 0]])
48 | dst = cv2.warpAffine(img, M, (cols, rows))
49 | return dst
50 |
51 | def image_rotation(img, params):
52 | rows, cols, ch = img.shape
53 | # rows, cols = img.shape
54 | M = cv2.getRotationMatrix2D((cols / 2, rows / 2), params, 1)
55 | dst = cv2.warpAffine(img, M, (cols, rows), flags=cv2.INTER_AREA)
56 | return dst
57 |
58 | def image_contrast(img, params):
59 | alpha = params
60 | new_img = cv2.multiply(img, np.array([alpha])) # mul_img = img*alpha
61 | # new_img = cv2.add(mul_img, beta) # new_img = img*alpha + beta
62 |
63 | return new_img
64 |
65 | def image_brightness(img, params):
66 | beta = params
67 | new_img = cv2.add(img, beta) # new_img = img*alpha + beta
68 | return new_img
69 |
70 | def image_blur(img, params):
71 |
72 | # print("blur")
73 | blur = []
74 | if params == 1:
75 | blur = cv2.blur(img, (3, 3))
76 | if params == 2:
77 | blur = cv2.blur(img, (4, 4))
78 | if params == 3:
79 | blur = cv2.blur(img, (5, 5))
80 | if params == 4:
81 | blur = cv2.GaussianBlur(img, (3, 3), 0)
82 | if params == 5:
83 | blur = cv2.GaussianBlur(img, (5, 5), 0)
84 | if params == 6:
85 | blur = cv2.GaussianBlur(img, (7, 7), 0)
86 | if params == 7:
87 | blur = cv2.medianBlur(img, 3)
88 | if params == 8:
89 | blur = cv2.medianBlur(img, 5)
90 | # if params == 9:
91 | # blur = cv2.blur(img, (6, 6))
92 | if params == 9:
93 | blur = cv2.bilateralFilter(img, 6, 50, 50)
94 | # blur = cv2.bilateralFilter(img, 9, 75, 75)
95 | return blur
96 |
97 | def image_pixel_change(img, params):
98 | # random change 1 - 5 pixels from 0 -255
99 | img_shape = img.shape
100 | img1d = np.ravel(img)
101 | arr = np.random.randint(0, len(img1d), params)
102 | for i in arr:
103 | img1d[i] = np.random.randint(0, 256)
104 | new_img = img1d.reshape(img_shape)
105 | return new_img
106 |
107 | def image_noise(img, params):
108 | if params == 1: # Gaussian-distributed additive noise.
109 | row, col, ch = img.shape
110 | mean = 0
111 | var = 0.1
112 | sigma = var ** 0.5
113 | gauss = np.random.normal(mean, sigma, (row, col, ch))
114 | gauss = gauss.reshape(row, col, ch)
115 | noisy = img + gauss
116 | return noisy.astype(np.uint8)
117 | elif params == 2: # Replaces random pixels with 0 or 1.
118 | s_vs_p = 0.5
119 | amount = 0.004
120 | out = np.copy(img)
121 | # Salt mode
122 | num_salt = np.ceil(amount * img.size * s_vs_p)
123 | coords = [np.random.randint(0, i, int(num_salt))
124 | for i in img.shape]
125 | out[tuple(coords)] = 1
126 |
127 | # Pepper mode
128 | num_pepper = np.ceil(amount * img.size * (1. - s_vs_p))
129 | coords = [np.random.randint(0, i, int(num_pepper))
130 | for i in img.shape]
131 | out[tuple(coords)] = 0
132 | return out
133 | elif params == 3: # Multiplicative noise using out = image + n*image,where n is uniform noise with specified mean & variance.
134 | row, col, ch = img.shape
135 | gauss = np.random.randn(row, col, ch)
136 | gauss = gauss.reshape(row, col, ch)
137 | noisy = img + img * gauss
138 | return noisy.astype(np.uint8)
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 | # if __name__ == '__main__':
156 | # print("main Test.")
157 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/new_model/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/pgd_attack.py:
--------------------------------------------------------------------------------
1 | from __future__ import absolute_import
2 | from __future__ import division
3 | from __future__ import print_function
4 | from __future__ import unicode_literals
5 |
6 | from cleverhans.utils_keras import KerasModelWrapper
7 | from cleverhans.attacks import CarliniWagnerL2
8 | from cleverhans.attacks import SaliencyMapMethod
9 | from cleverhans.attacks import FastGradientMethod
10 | from cleverhans.attacks import BasicIterativeMethod
11 | from cleverhans.attacks import ProjectedGradientDescent
12 |
13 | import tensorflow as tf
14 | import os
15 |
16 | os.environ["CUDA_VISIBLE_DEVICES"] = "0"
17 |
18 | ####for solving some specific problems, don't care
19 | config = tf.ConfigProto()
20 | config.gpu_options.allow_growth = True
21 | sess = tf.Session(config=config)
22 |
23 | import keras
24 | from keras import backend as K
25 | import numpy as np
26 | import time
27 | from util import get_model
28 | import sys
29 | import argparse
30 |
31 |
32 | # def JSMA(model, x, y):
33 | # sess = K.get_session()
34 | # model_wrap = KerasModelWrapper(model)
35 | # jsma = SaliencyMapMethod(model_wrap, sess=sess)
36 | # jsma_params = {'theta':1., 'gamma': 0.1, 'clip_min':0., 'clip_max':1.}
37 | # adv = jsma.generate_np(x, **jsma_params)
38 | # return adv
39 | #
40 | #
41 | # def FGSM(model, x, y):
42 | # sess = K.get_session()
43 | # model_wrap = KerasModelWrapper(model)
44 | # fgsm = FastGradientMethod(model_wrap, sess=sess)
45 | # fgsm_params={'y':y, 'eps':0.2, 'clip_min':0., 'clip_max': 1.}
46 | # adv = fgsm.generate_np(x, **fgsm_params)
47 | # return adv
48 | #
49 | #
50 | # def BIM(model, x, y):
51 | # sess = K.get_session()
52 | # model_wrap = KerasModelWrapper(model)
53 | # bim = BasicIterativeMethod(model_wrap, sess=sess)
54 | # bim_params={'eps_iter': 0.03, 'nb_iter': 10, 'y':y, 'clip_min': 0., 'clip_max': 1.}
55 | # adv = bim.generate_np(x, **bim_params)
56 | # return adv
57 |
58 | # # invoke the method for many times leads to multiple symbolic graph and may cause OOM
59 | # def CW(model, x, y, batch):
60 | # sess = K.get_session()
61 | # model_wrap = KerasModelWrapper(model)
62 | # cw = CarliniWagnerL2(model_wrap, sess=sess)
63 | # cw_params = {'binary_search_steps': 1,
64 | # 'y': y,
65 | # 'learning_rate': .1,
66 | # 'max_iterations': 50,
67 | # 'initial_const': 10,
68 | # 'batch_size': batch,
69 | # 'clip_min': -0.5,
70 | # 'clip_max': 0.5}
71 | # adv = cw.generate_np(x, **cw_params)# invoke the method for many times leads to multiple symbolic graph and may cause OOM
72 | # # def CW(model, x, y, batch):
73 | # # sess = K.get_session()
74 | # # model_wrap = KerasModelWrapper(model)
75 | # # cw = CarliniWagnerL2(model_wrap, sess=sess)
76 | # # cw_params = {'binary_search_steps': 1,
77 | # # 'y': y,
78 | # # 'learning_rate': .1,
79 | # # 'max_iterations': 50,
80 | # # 'initial_const': 10,
81 | # # 'batch_size': batch,
82 | # # 'clip_min': -0.5,
83 | # # 'clip_max': 0.5}
84 | # # adv = cw.generate_np(x, **cw_params)
85 | # # return adv
86 | # #
87 | # #
88 | # # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
89 | # # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
90 | # # def PGD(model, x, y, batch):
91 | # # sess = K.get_session()
92 | # # model_wrap = KerasModelWrapper(model)
93 | # # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
94 | # # pgd_params = {'eps': 8. / 255.,
95 | # # 'eps_iter': .01,
96 | # # 'nb_iter': 30.,
97 | # # 'clip_min': -0.5,
98 | # # 'clip_max': 0.5,
99 | # # 'y': y}
100 | # # adv = pgd.generate_np(x, **pgd_params)
101 | # # return adv
102 | # return adv
103 | #
104 | #
105 | # # for mnist, eps=.3, eps_iter=.03, nb_iter=10
106 | # # for cifar and svhn, eps=8/255, eps_iter=.01, nb_iter=30
107 | # def PGD(model, x, y, batch):
108 | # sess = K.get_session()
109 | # model_wrap = KerasModelWrapper(model)
110 | # pgd = ProjectedGradientDescent(model_wrap, sess=sess)
111 | # pgd_params = {'eps': 8. / 255.,
112 | # 'eps_iter': .01,
113 | # 'nb_iter': 30.,
114 | # 'clip_min': -0.5,
115 | # 'clip_max': 0.5,
116 | # 'y': y}
117 | # adv = pgd.generate_np(x, **pgd_params)
118 | # return adv
119 |
120 |
121 | # integrate all attack method in one function and only construct graph once
122 | def gen_adv_data(model, x, y, method, dataset, batch=2048):
123 | sess = K.get_session()
124 | model_wrap = KerasModelWrapper(model)
125 | if method.upper() == 'CW':
126 | params = {'binary_search_steps': 1,
127 | 'y': y,
128 | 'learning_rate': .1,
129 | 'max_iterations': 50,
130 | 'initial_const': 10,
131 | 'batch_size': batch,
132 | # 'clip_min': -0.5,
133 | # 'clip_max': 0.5
134 | }
135 | attack = CarliniWagnerL2(model_wrap, sess=sess)
136 |
137 | data_num = x.shape[0]
138 | begin, end = 0, batch
139 | adv_x_all = np.zeros_like(x)
140 | # every time process batch_size
141 | while end < data_num:
142 | start_time = time.time()
143 | params['y'] = y[begin:end]
144 | adv_x = attack.generate_np(x[begin:end], **params)
145 | adv_x_all[begin: end] = adv_x
146 | print(begin, end, "done")
147 | begin += batch
148 | end += batch
149 | end_time = time.time()
150 | print("time: ", end_time - start_time)
151 |
152 | # process the remaining
153 | if begin < data_num:
154 | start_time = time.time()
155 | params['y'] = y[begin:]
156 | params['batch_size'] = data_num - begin
157 | adv_x = attack.generate_np(x[begin:], **params)
158 | adv_x_all[begin:] = adv_x
159 | print(begin, data_num, "done")
160 | end_time = time.time()
161 | print("time: ", end_time - start_time)
162 |
163 | elif method.upper() == 'PGD':
164 | if dataset == 'cifar':
165 | params = {'eps': 16. / 255.,
166 | 'eps_iter': 2. / 255.,
167 | 'nb_iter': 30.,
168 | # 'clip_min': -0.5,
169 | # 'clip_max': 0.5,
170 | 'y': y}
171 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
172 | elif dataset == 'mnist':
173 | params = {'eps': .3,
174 | 'eps_iter': .03,
175 | 'nb_iter': 20.,
176 | 'clip_min': -0.5,
177 | 'clip_max': 0.5,
178 | 'y': y}
179 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
180 | elif dataset == 'svhn':
181 | params = {'eps': 8. / 255.,
182 | 'eps_iter': 0.01,
183 | 'nb_iter': 30.,
184 | 'clip_min': -0.5,
185 | 'clip_max': 0.5,
186 | 'y': y}
187 | attack = ProjectedGradientDescent(model_wrap, sess=sess)
188 |
189 | data_num = x.shape[0]
190 | begin, end = 0, batch
191 | adv_x_all = np.zeros_like(x)
192 | # every time process batch_size
193 | while end < data_num:
194 | start_time = time.time()
195 | params['y'] = y[begin:end]
196 | adv_x = attack.generate_np(x[begin:end], **params)
197 | adv_x_all[begin: end] = adv_x
198 | print(begin, end, "done")
199 | begin += batch
200 | end += batch
201 | end_time = time.time()
202 | print("time: ", end_time - start_time)
203 |
204 | # process the remaining
205 | if begin < data_num:
206 | start_time = time.time()
207 | params['y'] = y[begin:]
208 | adv_x = attack.generate_np(x[begin:], **params)
209 | adv_x_all[begin:] = adv_x
210 | print(begin, data_num, "done")
211 | end_time = time.time()
212 | print("time: ", end_time - start_time)
213 |
214 | else:
215 | print('Unsupported attack')
216 | sys.exit(1)
217 |
218 | return adv_x_all
219 |
220 |
221 | # def gen_adv_data(model, x, y, method, batch=4000):
222 | # data_num = x.shape[0]
223 | # begin, end = 0, batch
224 | # adv_x_all = np.zeros_like(x)
225 | # while begin < data_num:
226 | # start_time = time.time()
227 | # adv_x = method(model, x[begin:end], y[begin:end], end-begin)
228 | # adv_x_all[begin: end] = adv_x
229 | # print(begin, end, "done")
230 | # begin += batch
231 | # end += batch
232 | # if end >= data_num:
233 | # end = data_num
234 | # end_time = time.time()
235 | # print("time: ", end_time - start_time)
236 | # return adv_x_all
237 |
238 |
239 | # the data is in range(-.5, .5)
240 | def load_data(name):
241 | assert (name.upper() in ['MNIST', 'CIFAR', 'SVHN'])
242 | name = name.lower()
243 | x_train = np.load('./data/' + name + '_data/' + name + '_x_train.npy')
244 | y_train = np.load('./data/' + name + '_data/' + name + '_y_train.npy')
245 | x_test = np.load('./data/' + name + '_data/' + name + '_x_test.npy')
246 | y_test = np.load('./data/' + name + '_data/' + name + '_y_test.npy')
247 | return x_train, y_train, x_test, y_test
248 |
249 |
250 | def softmax(x):
251 | exp_x = np.exp(x)
252 | return exp_x / np.sum(exp_x)
253 |
254 |
255 | def accuracy(model, x, labels):
256 | assert (x.shape[0] == labels.shape[0])
257 | num = x.shape[0]
258 | y = model.predict(x)
259 | y = y.argmax(axis=-1)
260 | labels = labels.argmax(axis=-1)
261 | idx = (labels == y)
262 | print(np.sum(idx) / num)
263 |
264 |
265 | if __name__ == '__main__':
266 | dataset = 'mnist'
267 | model_name = 'lenet1'
268 | attack = 'PGD'
269 |
270 | # ## get MNIST or SVHN
271 | x_train, y_train, x_test, y_test = load_data(dataset)
272 |
273 |
274 | # ## load deephunter model
275 | from keras.models import load_model
276 | model = load_model('new_model/dp_{}.h5'.format(model_name))
277 | model.summary()
278 |
279 | accuracy(model, x_test, y_test)
280 |
281 | adv = gen_adv_data(model, x_test, y_test, attack, dataset, 256)
282 |
283 | # accuracy(model, adv, y_test)
284 | # np.save('./data/cifar_data/model/test_adv_PGD', adv)
285 | np.save('./data/' + dataset + '_data/model/' + model_name + '_' + attack + '.npy', adv)
286 |
287 | # y_res = model.predict(x_train)
288 | # y_res = softmax(y_res)
289 | # y_res = y_res.argmax(axis=-1)
290 | # y = y_train.argmax(axis=-1)
291 | # idx = (y_res == y)
292 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/result.txt:
--------------------------------------------------------------------------------
1 | ------------------------------------------------------------------------------
2 | the result of cifar vgg16 is:
3 | Benign-dh is 0.09999999999999998 and (-0.8280000000000001)
4 | DH-dh is 0.09899999999999998 and (-0.4743333333333333)
5 | PGD-dh is 0.09999999999999998
6 | DH-pgd is 0.5589999999999999 and (-0.014333333333333309)
7 |
8 | ------------------------------------------------------------------------------
9 | the result of svhn svhn_model is:
10 | Benign-dh is 0.9397280270436386 and (0.04275507068223716)
11 | DH-dh is 0.8295 and (0.06900000000000006)
12 | PGD-dh is 0.0
13 | DH-pgd is 0.7125 and (-0.04799999999999993)
14 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/test_example.sh:
--------------------------------------------------------------------------------
1 | : '
2 | parser.add_argument('-dataset', help="dataset to use", choices=['mnist', 'cifar'])
3 | parser.add_argument('-model', help="target model to attack", choices=['vgg16', 'resnet20', 'lenet1', 'lenet4', 'lenet5', 'svhn_model', 'svhn_first', 'svhn_second'])
4 |
5 | '
6 |
7 | #python all.py -dataset mnist -model lenet1
8 | #python all.py -dataset mnist -model lenet4
9 | #python all.py -dataset mnist -model lenet5
10 | #
11 | python all.py -dataset cifar -model vgg16
12 | #python all.py -dataset cifar -model resnet20
13 | #
14 | python all.py -dataset svhn -model svhn_model
15 | #python all.py -dataset svhn -model svhn_first
16 | #python all.py -dataset svhn -model svhn_second
17 |
18 |
19 |
20 | echo 'Finish!'
21 |
22 |
--------------------------------------------------------------------------------
/Model Accuracy under Different Scenarios/tmp/image/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality
2 |
3 | 
4 |
5 | Codes for paper: Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality
6 |
7 | ## Dependencies:
8 |
9 | Code has been tested on:
10 |
11 | * Python 3.6, 3.7
12 | * OS: Ubuntu 18.04
13 |
14 | ### Docker
15 |
16 | We have prepared a docker which contains all deps:
17 |
18 | ```python
19 | # Get the environment (OS) to run the code
20 | $ docker pull hao359510974/covtesting2:latest
21 | $ docker run -it --mount type=bind,src=SRC_PATH,dst=DEST_PATH hao359510974/covtesting2:latest # Where SRC_PATH and DEST_PATH must be absolute paths; SRC_PATH is the path on your host machine, and DEST_PATH is the file path for where you want it to be stored in the Docker, such as '/data'.
22 |
23 | # Experiments (take Comparison of Attack Images (Table 2) as an example, for other experiments just use other folders.)
24 | $ cd /data/Comparison\ of\ Attack\ Images/
25 |
26 | # Then run commands according to 'README' file to get corresponding results.
27 | ```
28 |
29 | ### Pip
30 |
31 | We also provide [requirements.txt](https://github.com/DNNTesting/CovTesting/blob/master/requirements.txt) file for users who want to establish the environment on their own machine:
32 |
33 | ```$ pip install -r requirements.txt```
34 |
35 | ## Repo Structure:
36 |
37 | ```
38 | - code/ # Source code for Covtesting
39 | - Comparison of Attack Images/ # Codes folder for comparison of attack images (Table 2)
40 | - Correlation # Codes folder for calculation of correlation (Figure 4 and figure 8)
41 | - Coverage VS. # Adv Examples # Codes folder for coverage VS. # adv examples (Figure 6 and figure 7)
42 | - Coverage and Robustness VS. Training Datasets # Codes folder for coverage and robustness VS. training datasets (Figure 2 and figure 3)
43 | - Model Accuracy under Different Scenarios # Codes folder for model accuracy under different scenarios (Table 3)
44 | - data # Reserved data folder for 'Correlation', 'Coverage VS. # Adv Examples' and 'Coverage and Robustness VS. Training Datasets'
45 | - CONTACT # Contact information of authors
46 | - LICENSE # Our code is released under the MIT license
47 | - README # The README.md file
48 | - esecfse2020-paper53.pdfA # A copy of our accepted paper
49 | - index # The DOI of codes and data
50 | - requirements.txt # Required dependencies
51 | ```
52 |
53 | ## Quick start
54 |
55 | ### Data Source
56 |
57 | * Download data and codes through the DOI link:
58 | * Google Drive mirror: https://drive.google.com/drive/folders/16w93LPkaF0AP9QxIty9Y6ipU-N4cbPUd?usp=sharing
59 |
60 | You will get two zip files: 'all-data.zip' (12.2 G, the data file) and 'DNNTesting/CovTesting-v1.1.zip' (5.2 M, the codes file). Please unzip the codes and data files to get the codes and data for experiments. After unzipping 'all-data.zip', you will get three zip files named 'data.zip' (4.1 G), 'Table 2 data.zip' (3.5 G) and 'Table 3 data.zip' (4.6 G).
61 |
62 | ### Data Usage
63 |
64 | * Unzip 'data.zip' and get three folders: 'cifar_data', 'mnist_data' and 'svhn_data'. Please put these three folders under the ['data' folder](https://github.com/DNNTesting/CovTesting/tree/master/data) in the main folder.
65 | * Unzip 'Table 2 data.zip' and get three folders: 'cifar_data', 'mnist_data' and 'svhn_data'. Please put these three folders under the ['data' folder](https://github.com/DNNTesting/CovTesting/tree/master/Comparison%20of%20Attack%20Images/data) under the ['Comparison of Attack Images' folder](https://github.com/DNNTesting/CovTesting/tree/master/Comparison%20of%20Attack%20Images).
66 | * Unzip 'Table 3 data.zip' and get two folders: 'data' and 'new_model'. Please merge these two folders into the ['data' folder](https://github.com/DNNTesting/CovTesting/tree/master/Model%20Accuracy%20under%20Different%20Scenarios/data) and the ['new_model' folder](https://github.com/DNNTesting/CovTesting/tree/master/Model%20Accuracy%20under%20Different%20Scenarios/new_model) under the ['Model Accuracy under Different Scenarios' folder](https://github.com/DNNTesting/CovTesting/tree/master/Model%20Accuracy%20under%20Different%20Scenarios), respectively.
67 |
68 | ### Experiments
69 |
70 | Details of how to run each experiment are written as README files in each folder. Users can customize the scripts to run their own data based on provided instructions.
71 |
72 | Results of using provided data can reproduce experimental results in the paper.
73 |
74 | ## Contact
75 |
76 | Please fill an issue here if you have questions regarding the code.
77 |
78 | * Shenao Yan (sy558 AT rutgers DOT edu)
79 | * Shiqing Ma (shiqing.ma AT rutgers DOT edu)
80 |
--------------------------------------------------------------------------------
/data/use_to_upload_empty_floder.txt:
--------------------------------------------------------------------------------
1 | .
2 |
--------------------------------------------------------------------------------
/index.md:
--------------------------------------------------------------------------------
1 | DOI:
2 |
3 | ```
4 | [](https://doi.org/10.5281/zenodo.3908793)
5 | ```
6 |
7 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | absl-py==0.8.1
2 | adversarial-robustness-toolbox==1.1.0
3 | astor==0.8.0
4 | certifi==2020.4.5.1
5 | cleverhans==3.0.1
6 | Click==7.0
7 | cloudpickle==1.2.2
8 | cycler==0.10.0
9 | cytoolz==0.10.1
10 | dask==2.9.2
11 | decorator==4.4.1
12 | future==0.18.2
13 | gast==0.3.2
14 | google-pasta==0.1.8
15 | grpcio==1.16.1
16 | h5py==2.9.0
17 | imageio==2.6.1
18 | joblib==0.14.1
19 | Keras==2.3.1
20 | Keras-Applications==1.0.8
21 | Keras-Preprocessing==1.1.0
22 | kiwisolver==1.1.0
23 | Markdown==3.1.1
24 | matplotlib==3.1.2
25 | mnist==0.2.2
26 | networkx==2.4
27 | nose==1.3.7
28 | numpy==1.18.2
29 | olefile==0.46
30 | opencv-python==4.2.0.32
31 | pandas==1.0.4
32 | Pillow==7.0.0
33 | protobuf==3.11.2
34 | pycodestyle==2.5.0
35 | pyflann==1.6.14
36 | pyparsing==2.4.6
37 | python-dateutil==2.8.1
38 | pytz==2019.3
39 | PyWavelets==1.1.1
40 | PyYAML==5.2
41 | scikit-image==0.16.2
42 | scikit-learn==0.22.1
43 | scipy==1.3.2
44 | seaborn==0.8.1
45 | six==1.13.0
46 | tensorboard==1.14.0
47 | tensorflow==1.14.0
48 | tensorflow-estimator==1.14.0
49 | tensorflow-probability==0.9.0
50 | termcolor==1.1.0
51 | tinydb==3.15.2
52 | toolz==0.10.0
53 | tornado==6.0.3
54 | tqdm==4.41.1
55 | Werkzeug==0.16.0
56 | wrapt==1.11.2
57 | xlrd==1.2.0
58 | xxhash==1.4.3
59 |
--------------------------------------------------------------------------------