982
Kaggle首席技术官发布——(Kaggle)NIPS 2017对抗学习挑战赛起步指南
首发地址:https://yq.aliyun.com/articles/126898
NIPS,是关于机器学习领域的顶级会议,也是令众多学者振奋的学术盛会。12 年底举办的NIPS将新增一个议程,NIPS 2017Competition Track,从23个候选提案中选择了五个数据驱动的比赛项目。近日谷歌大脑研究员Ian Goodfellow在社媒平台中强烈推荐了由他组织的Adversarial Attacks and Defences(对抗攻击防御)比赛。为什么组织这样一个比赛呢,这是因为当前图像分类器非常容易被精心设计的对抗图像所欺骗,这些图像给原始图像及正确分类图像添加了微小变化,这些图像几乎不容易被人眼察觉,但会导致图像分类器错误地对错误的分类充满自信。
这项比赛是在kaggle
下面具体来说下这三个相关比赛的侧重点:
- 1、Non Targeted Adversarial Attack,竞赛者所提交的系统需要对任何类别的图像进行处理,使得某个通用机器学习分类器无法识别。
- 2Targeted Adversarial Attack,竞赛者所提交的系统需要对给定的图像进行处理,使得某个通用机器学习分类器无法识别。
- 3、Defense Against Adversarial Attack,竞赛者需要构建一个机器学习分类器,拥有足够的鲁棒性使之能正确鉴别对抗性的图像。
根据前两个挑战的对抗性攻击,防御挑战的得分取决于分类器的好坏,另外前两个挑战的得分是基于在第三个挑战中对抗性攻击的伎俩有多好。
下面,我们将通过一些代码示例来生成非目标和目标的对抗图像,然后看看Inception V3googleNet Inception V3
注:下面许多的代码是基于Alextensorflow
/
import os
from cleverhans.attacks import FastGradientMethod
from io import BytesIO
import IPython.display
import numpy as np
import pandas as pd
from PIL import Image
from scipy.misc import imread
from scipy.misc import imsave
import tensorflow as tf
from tensorflow.contrib.slim.nets import inception
slim = tf.contrib.slim
tensorflow_master = ""
checkpoint_path = "../input/inception-v3/inception_v3.ckpt"
input_dir = "../input/nips-2017-adversarial-learning-development-set/images/"
max_epsilon = 16.0
image_width = 299
image_height = 299
batch_size = 16
eps = 2.0 * max_epsilon / 255.0
batch_shape = [batch_size, image_height, image_width, 3]
num_classes = 1001
def load_images(input_dir, batch_shape):
images = np.zeros(batch_shape)
filenames = []
idx = 0
batch_size = batch_shape[0]
for filepath in sorted(tf.gfile.Glob(os.path.join(input_dir, '*.png'))):
with tf.gfile.Open(filepath, "rb") as f:
images[idx, :, :, :] = imread(f, mode='RGB').astype(np.float)*2.0/255.0 - 1.0
filenames.append(os.path.basename(filepath))
idx += 1
if idx == batch_size:
yield filenames, images
filenames = []
images = np.zeros(batch_shape)
idx = 0
if idx > 0:
yield filenames, images
def show_image(a, fmt='png'):
a = np.uint8((a+1.0)/2.0*255.0)
f = BytesIO()
Image.fromarray(a).save(f, fmt)
IPython.display.display(IPython.display.Image(data=f.getvalue()))
class InceptionModel(object):
def __init__(self, num_classes):
self.num_classes = num_classes
self.built = False
def __call__(self, x_input):
"""Constructs model and return probabilities for given input."""
reuse = True if self.built else None
with slim.arg_scope(inception.inception_v3_arg_scope()):
_, end_points = inception.inception_v3(
x_input, num_classes=self.num_classes, is_training=False,
reuse=reuse)
self.built = True
output = end_points['Predictions']
probs = output.op.inputs[0]
return probs
接下来,我们将在元数据中加载一批图像。
categories = pd.read_csv("../input/nips-2017-adversarial-learning-development-set/categories.csv")
image_classes = pd.read_csv("../input/nips-2017-adversarial-learning-development-set/images.csv")
image_iterator = load_images(input_dir, batch_shape)
# get first batch of images
filenames, images = next(image_iterator)
image_metadata = pd.DataFrame({"ImageId": [f[:-4] for f in filenames]}).merge(image_classes,
on="ImageId")
true_classes = image_metadata["TrueLabel"].tolist()
target_classes = true_labels = image_metadata["TargetClass"].tolist()
true_classes_names = (pd.DataFrame({"CategoryId": true_classes})
.merge(categories, on="CategoryId")["CategoryName"].tolist())
target_classes_names = (pd.DataFrame({"CategoryId": target_classes})
.merge(categories, on="CategoryId")["CategoryName"].tolist())
print("Here's an example of one of the images in the development set")
show_image(images[0])
下面是开发集中的一个图像示例,是不是很可爱?
tensorflow的类别。
tf.logging.set_verbosity(tf.logging.INFO)
with tf.Graph().as_default():
x_input = tf.placeholder(tf.float32, shape=batch_shape)
model = InceptionModel(num_classes)
fgsm = FastGradientMethod(model)
x_adv = fgsm.generate(x_input, eps=eps, clip_min=-1., clip_max=1.)
saver = tf.train.Saver(slim.get_model_variables())
session_creator = tf.train.ChiefSessionCreator(
scaffold=tf.train.Scaffold(saver=saver),
checkpoint_filename_with_path=checkpoint_path,
master=tensorflow_master)
with tf.train.MonitoredSession(session_creator=session_creator) as sess:
nontargeted_images = sess.run(x_adv, feed_dict={x_input: images})
print("The original image is on the left, and the nontargeted adversarial image is on the right. They look very similar, don't they? It's very clear both are gondolas")
show_image(np.concatenate([images[1], nontargeted_images[1]], axis=1))
INFO:tensorflow:Restoring parameters from ../input/inception-v3/inception_v3.ckpt
左边是原始图像,右边是非目标对抗图像。它们看起来很相似,很明显都是小船。
tensorflow
注意:目前不工作,只是产生对抗图像而没有正确的目标。
all_images_target_class = {image_metadata["ImageId"][i]+".png": image_metadata["TargetClass"][i]
for i in image_metadata.index}
with tf.Graph().as_default():
x_input = tf.placeholder(tf.float32, shape=batch_shape)
with slim.arg_scope(inception.inception_v3_arg_scope()):
logits, end_points = inception.inception_v3(
x_input, num_classes=num_classes, is_training=False)
target_class_input = tf.placeholder(tf.int32, shape=[batch_size])
one_hot_target_class = tf.one_hot(target_class_input, num_classes)
cross_entropy = tf.losses.softmax_cross_entropy(one_hot_target_class,
logits,
label_smoothing=0.1,
weights=1.0)
cross_entropy += tf.losses.softmax_cross_entropy(one_hot_target_class,
end_points['AuxLogits'],
label_smoothing=0.1,
weights=0.4)
x_adv = x_input - eps * tf.sign(tf.gradients(cross_entropy, x_input)[0])
x_adv = tf.clip_by_value(x_adv, -1.0, 1.0)
saver = tf.train.Saver(slim.get_model_variables())
session_creator = tf.train.ChiefSessionCreator(
scaffold=tf.train.Scaffold(saver=saver),
checkpoint_filename_with_path=checkpoint_path,
master=tensorflow_master)
with tf.train.MonitoredSession(session_creator=session_creator) as sess:
target_class_for_batch = ([all_images_target_class[n] for n in filenames]
+ [0] * (batch_size - len(filenames)))
targeted_images = sess.run(x_adv,
feed_dict={x_input: images,
target_class_input: target_class_for_batch})
print("The original image is on the left, and the targeted adversarial image is on the right. Again, they look very similar, don't they? It's very clear both are butterflies")
show_image(np.concatenate([images[2], targeted_images[2]], axis=1))
INFO:tensorflow:Restoring parameters from ../input/inception-v3/inception_v3.ckpt
左边是原始图像,右边是目标对抗图像。同样可以发现它们看起来很相似,很明显都是蝴蝶。
接下来,我们将看到,当把这些生成的对抗图像送入原始分类器运行时会发生什么。
with tf.Graph().as_default():
x_input = tf.placeholder(tf.float32, shape=batch_shape)
with slim.arg_scope(inception.inception_v3_arg_scope()):
_, end_points = inception.inception_v3(x_input, num_classes=num_classes, is_training=False)
predicted_labels = tf.argmax(end_points['Predictions'], 1)
saver = tf.train.Saver(slim.get_model_variables())
session_creator = tf.train.ChiefSessionCreator(
scaffold=tf.train.Scaffold(saver=saver),
checkpoint_filename_with_path=checkpoint_path,
master=tensorflow_master)
with tf.train.MonitoredSession(session_creator=session_creator) as sess:
predicted_classes = sess.run(predicted_labels, feed_dict={x_input: images})
predicted_nontargeted_classes = sess.run(predicted_labels, feed_dict={x_input: nontargeted_images})
predicted_targeted_classes = sess.run(predicted_labels, feed_dict={x_input: targeted_images})
predicted_classes_names = (pd.DataFrame({"CategoryId": predicted_classes})
.merge(categories, on="CategoryId")["CategoryName"].tolist())
predicted_nontargeted_classes_names = (pd.DataFrame({"CategoryId": predicted_nontargeted_classes})
.merge(categories, on="CategoryId")["CategoryName"].tolist())
predicted_targeted_classes_names = (pd.DataFrame({"CategoryId": predicted_targeted_classes})
.merge(categories, on="CategoryId")["CategoryName"].tolist())
INFO:tensorflow:Restoring parameters from ../input/inception-v3/inception_v3.ckpt
下面我们将展示这个批次中的所有图像以及它们的分类的类别。每个集合中的左图是原始图像,中间图是非目标对抗形象,右图是目标对抗图像。
for i in range(len(images)):
print("UNMODIFIED IMAGE (left)",
"\n\tPredicted class:", predicted_classes_names[i],
"\n\tTrue class: ", true_classes_names[i])
print("NONTARGETED ADVERSARIAL IMAGE (center)",
"\n\tPredicted class:", predicted_nontargeted_classes_names[i])
print("TARGETED ADVERSARIAL IMAGE (right)",
"\n\tPredicted class:", predicted_targeted_classes_names[i],
"\n\tTarget class: ", target_classes_names[i])
show_image(np.concatenate([images[i], nontargeted_images[i], targeted_images[i]], axis=1))
原图(左图)
预测类别:大熊猫
真实类别:大熊猫
非目标对抗图片(中间图)
预测类别:萨摩耶犬类
目标对抗图片(右图)
预测类别:土狗
真实类别:肉饼
原图(左图)
预测类别:
真实类别:
非目标对抗图片(中间图)
预测类别:堤坝
目标对抗图片(右图)
预测类别:堤坝
真实类别:
原图(左图)
预测类别:灰蝶
真实类别:灰蝶
非目标对抗图片(中间图)
预测类别:小环蝴蝶
目标对抗图片(右图)
预测类别:小环蝴蝶
真实类别:西班牙可卡犬
原图(左图)
预测类别:灰蝶
真实类别:灰蝶
非目标对抗图片(中间图)
预测类别:
目标对抗图片(右图)
预测类别:
真实类别:
原图(左图)
预测类别:美洲黑鸭
真实类别:美洲黑鸭
非目标对抗图片(中间图)
预测类别:短尾鹦鹉
目标对抗图片(右图)
预测类别:短尾鹦鹉
真实类别:泉水
原图(左图)
预测类别:短尾鹦鹉
真实类别:短尾鹦鹉
非目标对抗图片(中间图)
预测类别:篮球
目标对抗图片(右图)
预测类别:篮球
真实类别:单峰骆驼
原图(左图)
预测类别:球员
真实类别:球员
非目标对抗图片(中间图)
预测类别:鸵鸟
目标对抗图片(右图)
预测类别:鸵鸟
真实类别:金库
原图(左图)
预测类别:鸵鸟
真实类别:鸵鸟
非目标对抗图片(中间图)
预测类别:日晷
目标对抗图片(右图)
预测类别:日晷
真实类别:海上钻井平台
原图(左图)
预测类别:加农炮
真实类别:加农炮
非目标对抗图片(中间图)
预测类别:虎甲虫
目标对抗图片(右图)
预测类别:虎甲虫
真实类别:特浓咖啡机
原图(左图)
预测类别:长角天牛
真实类别:长角天牛
非目标对抗图片(中间图)
预测类别:特浓咖啡
目标对抗图片(右图)
预测类别:特浓咖啡
真实类别:髓内钉
原图(左图)
预测类别:特浓咖啡
真实类别:特浓咖啡
非目标对抗图片(中间图)
预测类别:淋浴帽
目标对抗图片(右图)
预测类别:淋浴帽
真实类别:
原图(左图)
预测类别:雪橇
真实类别:雪橇
非目标对抗图片(中间图)
预测类别:玫瑰果
目标对抗图片(右图)
预测类别:蜜蜂
真实类别:
原图(左图)
预测类别:大钢琴
真实类别:大钢琴
非目标对抗图片(中间图)
预测类别:书桌
目标对抗图片(右图)
预测类别:餐桌
真实类别:
原图(左图)
预测类别:间歇喷泉
真实类别:间歇喷泉
非目标对抗图片(中间图)
预测类别:沉船
目标对抗图片(右图)
预测类别:海狸
真实类别:
原图(左图)
预测类别:图书馆
真实类别:图书馆
非目标对抗图片(中间图)
预测类别:书店
目标对抗图片(右图)
预测类别:书店
真实类别:安全别针
原图(左图)
预测类别:松鸭
真实类别:松鸭
非目标对抗图片(中间图)
预测类别:松鸭
目标对抗图片(右图)
预测类别:黄雀
真实类别:针鼹
Ben Hamner:Kaggle。
Linkedinhttps://www.linkedin.com/in/ben-hamner-98759712/
Github: https://github.com/benhamner
Getting Started with the NIPS 2017 Adversarial Learning ChallengesBen Hamner
最后更新:2017-07-27 09:03:40