I am using the latest version of foolbox (3.3.1), and my code simply load a RESNET-50 CNN, adds some layers for a transferred learning application, and loads the weights as follows. Now I would like to attack it using the foolbox 3.3.1 Carlini and Wagner attack, here is the way I load the model for foolbox My dataset is split

Cannot run Carlini and Wagner Attack using foolbox on a tensorflow Model

I am using the latest version of foolbox (3.3.1), and my code simply load a RESNET-50 CNN, adds some layers for a transferred learning application, and loads the weights as follows.

from numpy.core.records import array
import tensorflow as tf
from keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
import cv2
import os
import numpy as np
import foolbox as FB
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from PIL import Image
import foolbox as FB
import math
from foolbox.criteria import Misclassification

#load model
num_classes = 12

#Load model and prepare it for testing
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
model.load_weights("RESNET-50/weights/train1-test1.h5")

print("Step 2: prepare testing data")
#features is a set of (1200,10,224,224,3) images
features=np.load("features.npy")
labels=np.load("labels.npy")

JavaScript
​x
 
from numpy.core.records import array
import tensorflow as tf
from keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
import cv2
import os
import numpy as np
import foolbox as FB
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from PIL import Image
import foolbox as FB
import math
from foolbox.criteria import Misclassification
​
#load model
num_classes = 12
​
#Load model and prepare it for testing
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
model.load_weights("RESNET-50/weights/train1-test1.h5")
​
print("Step 2: prepare testing data")
#features is a set of (1200,10,224,224,3) images
features=np.load("features.npy")
labels=np.load("labels.npy")
​

Now I would like to attack it using the foolbox 3.3.1 Carlini and Wagner attack, here is the way I load the model for foolbox

#Lets test the foolbox model
bounds = (0, 1)
fmodel = fb.TensorFlowModel(model, bounds=bounds)

JavaScript
 
#Lets test the foolbox model
bounds = (0, 1)
fmodel = fb.TensorFlowModel(model, bounds=bounds)
​

My dataset is split into 10 images per document, I will attack these 10 images using a batch size of 10 for foolbox using Carlini and Wagner attack

#for each i, I have 10 images
for i in range(0, features.shape[0]):

    print("document "+str(i))

    #Receive current values
    #This is a batch of (10,224,224,3) images
    features_to_test=features[i,:]
    #Get their labels
    labels_to_test=labels[i,:]

    ######################ATTACK IN THE NORMALIZED DOMAIN###########################  
    #lets do the attack
    #We use an interval of epsilons

    epsilons = np.linspace(0.01, 1, num=2)
    attack = fb.attacks.L2CarliniWagnerAttack(fmodel)
    adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)

JavaScript
 
#for each i, I have 10 images
for i in range(0, features.shape[0]):
​
    print("document "+str(i))
​
    #Receive current values
    #This is a batch of (10,224,224,3) images
    features_to_test=features[i,:]
    #Get their labels
    labels_to_test=labels[i,:]
​
    ######################ATTACK IN THE NORMALIZED DOMAIN###########################  
    #lets do the attack
    #We use an interval of epsilons
​
    epsilons = np.linspace(0.01, 1, num=2)
    attack = fb.attacks.L2CarliniWagnerAttack(fmodel)
    adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
​

However, whenever I run the code, here is the error that is returned to me

Traceback (most recent call last):
File "test_carlini_wagner.py", line 161, in <module>
adversarials = attack(features_to_test, labels_to_test, 
criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/base.py", line 410, in 
__call__
xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/carlini_wagner.py", line 100, in run
bounds = model.bounds
AttributeError: 'tensorflow.python.framework.ops.EagerTensor' object has no attribute 
'bounds'

JavaScript
 
Traceback (most recent call last):
File "test_carlini_wagner.py", line 161, in <module>
adversarials = attack(features_to_test, labels_to_test, 
criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/base.py", line 410, in 
__call__
xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/carlini_wagner.py", line 100, in run
bounds = model.bounds
AttributeError: 'tensorflow.python.framework.ops.EagerTensor' object has no attribute 
'bounds'
​

What is supposed to be the error? am I loading my model wrongly? should I add new parameters for the attack called? as previously stated, I am on foolbox 3.3.1.

Answer

I think you might have mixed up the parameters of the L2CarliniWagnerAttack. Here is a simplified working example with dummy data:

import tensorflow as tf
import numpy as np

from tensorflow.keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from foolbox import TensorFlowModel
from foolbox.criteria import Misclassification
from foolbox.attacks import L2CarliniWagnerAttack

num_classes = 12

print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)

bounds = (0, 1)
fmodel = TensorFlowModel(model, bounds=bounds)
images, labels = tf.random.normal((64, 10, 224, 224, 3)), tf.random.uniform((64, 10,), maxval=13, dtype=tf.int32)

for i in range(0, images.shape[0]):

    print("document "+str(i))
    features_to_test=images[i,:]
    labels_to_test=labels[i,:]

    epsilons = np.linspace(0.01, 1, num=2)
    attack = L2CarliniWagnerAttack()
    adversarials = attack(fmodel, features_to_test, criterion=Misclassification(labels_to_test), epsilons=epsilons)

JavaScript
 
import tensorflow as tf
import numpy as np
​
from tensorflow.keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from foolbox import TensorFlowModel
from foolbox.criteria import Misclassification
from foolbox.attacks import L2CarliniWagnerAttack
​
num_classes = 12
​
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
​
bounds = (0, 1)
fmodel = TensorFlowModel(model, bounds=bounds)
images, labels = tf.random.normal((64, 10, 224, 224, 3)), tf.random.uniform((64, 10,), maxval=13, dtype=tf.int32)
​
for i in range(0, images.shape[0]):
​
    print("document "+str(i))
    features_to_test=images[i,:]
    labels_to_test=labels[i,:]
​
    epsilons = np.linspace(0.01, 1, num=2)
    attack = L2CarliniWagnerAttack()
    adversarials = attack(fmodel, features_to_test, criterion=Misclassification(labels_to_test), epsilons=epsilons)
​

Step 1: Load model and weights
document 0
document 1
document 2
document 3
document 4
document 5
document 6
...

JavaScript
 
Step 1: Load model and weights
document 0
document 1
document 2
document 3
document 4
document 5
document 6
...
​

Advertisement

Answer