• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• blackbox-attacks-master
  • fgs.py
  • carlini_li_ens.py
  • baseline_attacks.py
  • mnist.py
  • carlini_l2.py
  • query_based_attack.py
  • cifar10_attacks
    • resnet_model_reusable_wide.py
    • cifar10_reusable.py
    • cifar10_input_nostd.py
    • models.py
    • attack_utils.py
    • tf_utils.py
    • madry_thin_model.py
    • baseline_cifar10.py
    • resnet_model_reusable.py
    • __init__.py
    • cifar10_query_based.py
    • bash_scripts
      • rand_cifar10.sh
      • query_thin_cifar10.sh
      • query_tutorial_cifar10.sh
      • pca_run.sh
      • fd_targeted.sh
      • pca_cifar10_iter_run.sh
      • pgd_train_all.sh
      • fd_adv_iter_run.sh
      • fd_iter_run.sh
      • query_wide_cifar10.sh
      • baseline_cifar10.sh
  • LICENSE
  • particle_swarm_attack.py
  • transfer_attack_w_ensemble.py
  • attack_utils.py
  • tf_utils.py
  • train.py
  • __init__.py
  • README.md
  • train_adv.py
  • carlini_li.py
  • .gitignore
  • docs
    • _config.yml
    • Gemfile
    • _includes
      • gallery.html
    • index.md
    • _layouts
      • home.html
    • _drafts
      • 2017-10-10-welcome-to-jekyll.markdown
    • Gemfile.lock
    • about.md
    • 404.html
    • .gitignore
    • assets
    • _posts
      • 2017-11-26-image-gallery.markdown
      • 2017-10-12-fooling-nsfw.markdown
      • 2017-10-12-fooling-the-content-moderation-API.markdown
  • clarifai
    • Resizing_clarifai.ipynb
    • clarifai_images
      • gore_3.txt
      • drugs_small.txt
    • attack_clarifai.py
  • bash_scripts
    • iterative_run_A.sh
    • iterative_run_D.sh
    • ensemble_run.sh
    • iterative_run_C.sh
    • targeted_run.sh
    • iterative_run_B.sh
    • adv_run.sh
    • targeted_run_iter.sh
    • pca_iter_run.sh
    • group_run.sh

import keras.backend as K
from attack_utils import gen_grad
import tensorflow as tf

def symbolic_fgs(x, grad, eps=0.3, clipping=True):
    """
    FGSM attack.
    """

    # signed gradient
    normed_grad = K.sign(grad)

    # Multiply by constant epsilon
    scaled_grad = eps * normed_grad

    # Add perturbation to original example to obtain adversarial example
    adv_x = K.stop_gradient(x + scaled_grad)

    if clipping:
        adv_x = K.clip(adv_x, 0, 1)
    return adv_x

def symbolic_fg(x, grad, eps=0.3, clipping=True):
    """
    FG attack
    """
    # Unit vector in direction of gradient
    reduc_ind = list(xrange(1, len(x.get_shape())))
    normed_grad = grad / tf.sqrt(tf.reduce_sum(tf.square(grad),
                                                   reduction_indices=reduc_ind,
                                                   keep_dims=True))
    # Multiply by constant epsilon
    scaled_grad = eps * normed_grad

    # Add perturbation to original example to obtain adversarial example
    adv_x = K.stop_gradient(x + scaled_grad)

    if clipping:
        adv_x = K.clip(adv_x, 0, 1)

    return adv_x


def iter_fgs(model, x, y, steps, alpha, eps, clipping=True):
    """
    I-FGSM attack.
    """

    adv_x = x
    # iteratively apply the FGSM with small step size
    for i in range(steps):
        logits = model(adv_x)
        grad = gen_grad(adv_x, logits, y)

        adv_x = symbolic_fgs(adv_x, grad, alpha, True)
        r = adv_x - x
        r = K.clip(r, -eps, eps)
        adv_x = x+r

    if clipping:
        adv_x = K.clip(adv_x, 0, 1)


    return adv_x