黑盒攻击graphpipe下的基于onnx的squeezenet模型

bybylove · Oct 15, 2018 · 14abf32 · 14abf32
1 parent 3caf6f2
commit 14abf32
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -122,7 +122,8 @@ AdvBox是一款由百度安全实验室研发，在百度大范围使用的支
  - [示例7：白盒攻击PyTorch下基于MNIST数据集的CNN模型](tutorials/README.md)
  - [示例8：白盒攻击PyTorch下基于IMAGENET数据集的AlexNet模型](tutorials/README.md)
  - [示例9：白盒攻击MxNet下基于IMAGENET数据集的AlexNet模型](tutorials/README.md)
- - [示例10:黑盒攻击graphpipe下的基于tensorflow的squeezenet模型](tutorials/README.md)
+ - [示例10：黑盒攻击graphpipe下的基于tensorflow的squeezenet模型](tutorials/README.md)
+ - [示例11：黑盒攻击graphpipe下的基于onnx的squeezenet模型](tutorials/README.md)
 
 ## 典型应用
 

diff --git a/advbox/models/graphpipeBlackBox.py b/advbox/models/graphpipeBlackBox.py
@@ -143,9 +143,9 @@ def predict(self, data):
 
         predict = remote.execute(self._remote_url, scaled_data)
 
-        print(predict.shape)
+        predict = predict.reshape([1,np.max(predict.shape)])
+
         predict = np.squeeze(predict, axis=0)
-        print(predict.shape)
 
         return predict
 

diff --git a/applications/graphpipe/graphpipe_onnx_tool.py b/applications/graphpipe/graphpipe_onnx_tool.py
@@ -65,9 +65,13 @@ def main(image_path):
 
     print(pred.shape)
 
-    pred=np.squeeze(pred,axis=(2,))
+    dims=pred.shape
+    dim=np.max(dims)
+    print(dim)
+
+    pred=pred.reshape([1,dim])
     #pred = np.squeeze(pred)
-    print(pred)
+    #print(pred)
     print(pred.shape)
 
     print("{}".format(np.argmax(pred, axis=1)))

diff --git a/tutorials/README.md b/tutorials/README.md
@@ -16,6 +16,7 @@
  - 示例8:白盒攻击PyTorch下基于IMAGENET数据集的AlexNet模型
  - 示例9:白盒攻击MxNet下基于IMAGENET数据集的AlexNet模型
  - 示例10:黑盒攻击graphpipe下的基于tensorflow的squeezenet模型
+ - 示例11:黑盒攻击graphpipe下的基于onnx的squeezenet模型
 
 
 ## 示例1:白盒攻击基于MNIST数据集的CNN模型
@@ -214,8 +215,39 @@ caffe的模型文件通常有两个组成，假设保存到models.caffe/lenet/
 
 在applications/graphpipe下运行攻击代码，攻击成功，label由504变成659。
 
-	applications/graphpipe/graphpipe_demo.py
+	python graphpipe_localsearch.py
 	localsearch.py[line:293] INFO try 10 times  selected pixel indices:[ 0 16 15 14 13]
 	localsearch.py[line:308] INFO adv_label=659 adv_label_pro=0.00122496963013
 	attack success, original_label=504, adversarial_label=659
-	graphpipe_localsearch.py[line:100] INFO LocalSearchAttack attack done
+	graphpipe_localsearch.py[line:100] INFO LocalSearchAttack attack done
+
+运行验证工具，生成的对抗样本确实识别为659.
+
+	python graphpipe_tool.py
+	image_path:adversary_image.jpg
+	[659]
+
+## 示例11:黑盒攻击graphpipe下的基于onnx的squeezenet模型
+建议在docker环境下运行graphpipe，启动graphpipe下的基于onnx的squeezenet模型。
+
+	docker run -it --rm \
+	    -e https_proxy=${https_proxy} \
+	    -p 9000:9000 \
+	    sleepsonthefloor/graphpipe-onnx:cpu \
+	    --model=https://oracle.github.io/graphpipe/models/squeezenet. onnx \
+	    --listen=0.0.0.0:9000
+	    	
+在applications/graphpipe下运行攻击代码，攻击成功，label由504变成659。
+
+	python graphpipe_onnx_localsearch.py
+	localsearch.py[line:293] INFO try 10 times  selected pixel indices:[ 0 16 15 14 13]
+	localsearch.py[line:308] INFO adv_label=659 adv_label_pro=0.00122496963013
+	attack success, original_label=504, adversarial_label=659
+	graphpipe_onnx_localsearch.py[line:100] INFO LocalSearchAttack attack done
+
+运行验证工具，生成的对抗样本确实识别为659.
+
+	python graphpipe_onnx_tool.py
+	image_path:adversary_image.jpg
+	[659]
+