I am using the latest version of foolbox (3.3.1), and my code simply load a RESNET-50 CNN, adds some layers for a transferred learning application, and loads the weights as follows.
from numpy.core.records import array
import tensorflow as tf
from keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
import cv2
import os
import numpy as np
import foolbox as FB
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from PIL import Image
import foolbox as FB
import math
from foolbox.criteria import Misclassification
#load model
num_classes = 12
#Load model and prepare it for testing
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
model.load_weights("RESNET-50/weights/train1-test1.h5")
print("Step 2: prepare testing data")
#features is a set of (1200,10,224,224,3) images
features=np.load("features.npy")
labels=np.load("labels.npy")
Now I would like to attack it using the foolbox 3.3.1 Carlini and Wagner attack, here is the way I load the model for foolbox
#Lets test the foolbox model bounds = (0, 1) fmodel = fb.TensorFlowModel(model, bounds=bounds)
My dataset is split into 10 images per document, I will attack these 10 images using a batch size of 10 for foolbox using Carlini and Wagner attack
#for each i, I have 10 images
for i in range(0, features.shape[0]):
print("document "+str(i))
#Receive current values
#This is a batch of (10,224,224,3) images
features_to_test=features[i,:]
#Get their labels
labels_to_test=labels[i,:]
######################ATTACK IN THE NORMALIZED DOMAIN###########################
#lets do the attack
#We use an interval of epsilons
epsilons = np.linspace(0.01, 1, num=2)
attack = fb.attacks.L2CarliniWagnerAttack(fmodel)
adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons)
However, whenever I run the code, here is the error that is returned to me
Traceback (most recent call last): File "test_carlini_wagner.py", line 161, in <module> adversarials = attack(features_to_test, labels_to_test, criterion=Misclassification(labels=labels_to_test), epsilons=epsilons) File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/base.py", line 410, in __call__ xp = self.run(model, x, criterion, early_stop=early_stop, **kwargs) File "/usr/local/lib/python3.8/dist-packages/foolbox/attacks/carlini_wagner.py", line 100, in run bounds = model.bounds AttributeError: 'tensorflow.python.framework.ops.EagerTensor' object has no attribute 'bounds'
What is supposed to be the error? am I loading my model wrongly? should I add new parameters for the attack called? as previously stated, I am on foolbox 3.3.1.
Advertisement
Answer
I think you might have mixed up the parameters of the L2CarliniWagnerAttack. Here is a simplified working example with dummy data:
import tensorflow as tf
import numpy as np
from tensorflow.keras.applications.resnet50 import ResNet50, preprocess_input
from tensorflow.keras.layers import Dense, Dropout, Flatten
from tensorflow.keras.models import Model
from tensorflow.keras.layers import Input
from sklearn.metrics import accuracy_score
from scipy.spatial.distance import cityblock
from sklearn.metrics import plot_confusion_matrix
from sklearn.metrics import confusion_matrix
from foolbox import TensorFlowModel
from foolbox.criteria import Misclassification
from foolbox.attacks import L2CarliniWagnerAttack
num_classes = 12
print("Step 1: Load model and weights")
baseModel = ResNet50(weights=None, include_top=False, input_tensor=Input(shape=(224, 224, 3)))
headModel = baseModel.output
headModel = Flatten(name="flatten")(headModel)
headModel = Dense(512, activation="relu")(headModel)
headModel = Dropout(0.5)(headModel)
headModel = Dense(num_classes, activation="softmax")(headModel)
model = Model(inputs=baseModel.input, outputs=headModel)
bounds = (0, 1)
fmodel = TensorFlowModel(model, bounds=bounds)
images, labels = tf.random.normal((64, 10, 224, 224, 3)), tf.random.uniform((64, 10,), maxval=13, dtype=tf.int32)
for i in range(0, images.shape[0]):
print("document "+str(i))
features_to_test=images[i,:]
labels_to_test=labels[i,:]
epsilons = np.linspace(0.01, 1, num=2)
attack = L2CarliniWagnerAttack()
adversarials = attack(fmodel, features_to_test, criterion=Misclassification(labels_to_test), epsilons=epsilons)
Step 1: Load model and weights document 0 document 1 document 2 document 3 document 4 document 5 document 6 ...