我正在尝试使用在cleverhans.attacks中实现的附件攻击一个简单的前馈神经网络。该网络是在tensorflow中实现的非常基本的网络,它实现了抽象类cleverhans.model.Model:
import tensorflow as tf
import numpy as np
from cleverhans.model import Model
class TFModel(Model):
# A basic 2 layer NN.
def __init__(self):
self.x = tf.placeholder(tf.float32, shape=(None, 3), name='x')
self.y = tf.placeholder(tf.float32, shape=(None, 2), name='y')
self.w1 = tf.Variable(initial_value=[[1., 2.], [1., 2.], [1., 2.]], name='w1')
self.b1 = tf.Variable(initial_value=[1., 2.], name='b1')
self.dense1 = tf.add(tf.matmul(self.x, self.w1), self.b1, name='dense1')
self.out1 = tf.nn.softmax(self.dense1, name='out1')
self.w2 = tf.Variable(initial_value=[[1., 2.], [1., 2.]], name='w2')
self.b2 = tf.Variable(initial_value=[1., 2.], name='b2')
self.dense2 = tf.add(tf.matmul(self.out1, self.w2), self.b2, name='dense2') # should be called 'logits'
self.out2 = tf.nn.softmax(self.dense2, name='out2')
self.outputs = {'layer1': self.out1,
'logits': self.dense2,
'softmax': self.out2}
def get_layer_names(self):
"""
:return: a list of names for the layers that can be exposed by this
model abstraction.
"""
return list(self.outputs.keys())
def fprop(self, x):
"""
Exposes all the layers of the model returned by get_layer_names.
:param x: A symbolic representation (Tensor) of the network input
:return: A dictionary mapping layer names to the symbolic
representation of their output.
"""
return self.outputsFastGradientMethod实现的攻击效果很好,如下所示:
model = TFModel()
sess = tf.Session()
from cleverhans.attacks import FastGradientMethod
fgsm_params = {'eps': 0.3,
'clip_min': 0.,
'clip_max': 1.}
fgsm = FastGradientMethod(model, sess=sess)
adv_x = fgsm.generate(model.x, **fgsm_params)
但是用BasicIterativeMethod进行的攻击无效:
from cleverhans.attacks import BasicIterativeMethod
bim_params = {'eps_iter': 0.01,
'nb_iter': 100,
'clip_min': 0.,
'clip_max': 1.}
bim = BasicIterativeMethod(model, sess=sess)
adv_x = bim.generate(model.x, **bim_params)
这是完整的错误消息:
rror Traceback (most recent call last)~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\op_def_library.py in _apply_op_helper(self, op_type_name, name, **keywords)
509 as_ref=input_arg.is_ref,
--> 510 preferred_dtype=default_dtype)
511 except TypeError as err:
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\ops.py in internal_convert_to_tensor(value, dtype, name, as_ref, preferred_dtype, ctx)
1103 if ret is None:
-> 1104 ret = conversion_func(value, dtype=dtype, name=name, as_ref=as_ref)
1105
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\constant_op.py in _constant_tensor_conversion_function(v, dtype, name, as_ref)
234 _ = as_ref
--> 235 return constant(v, dtype=dtype, name=name)
236
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\constant_op.py in constant(value, dtype, shape, name, verify_shape)
213 tensor_util.make_tensor_proto(
--> 214 value, dtype=dtype, shape=shape, verify_shape=verify_shape))
215 dtype_value = attr_value_pb2.AttrValue(type=tensor_value.tensor.dtype)
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\tensor_util.py in make_tensor_proto(values, dtype, shape, verify_shape)
419 if values is None:
--> 420 raise ValueError("None values not supported.")
421 # if dtype is provided, forces numpy array to be the type
ValueError: None values not supported.
During handling of the above exception, another exception occurred:
ValueError Traceback (most recent call last)~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\op_def_library.py in _apply_op_helper(self, op_type_name, name, **keywords)
523 observed = ops.internal_convert_to_tensor(
--> 524 values, as_ref=input_arg.is_ref).dtype.name
525 except ValueError as err:
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\ops.py in internal_convert_to_tensor(value, dtype, name, as_ref, preferred_dtype, ctx)
1103 if ret is None:
-> 1104 ret = conversion_func(value, dtype=dtype, name=name, as_ref=as_ref)
1105
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\constant_op.py in _constant_tensor_conversion_function(v, dtype, name, as_ref)
234 _ = as_ref
--> 235 return constant(v, dtype=dtype, name=name)
236
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\constant_op.py in constant(value, dtype, shape, name, verify_shape)
213 tensor_util.make_tensor_proto(
--> 214 value, dtype=dtype, shape=shape, verify_shape=verify_shape))
215 dtype_value = attr_value_pb2.AttrValue(type=tensor_value.tensor.dtype)
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\tensor_util.py in make_tensor_proto(values, dtype, shape, verify_shape)
419 if values is None:
--> 420 raise ValueError("None values not supported.")
421 # if dtype is provided, forces numpy array to be the type
ValueError: None values not supported.
During handling of the above exception, another exception occurred:
ValueError Traceback (most recent call last)<ipython-input-7-8ab4a61acce1> in <module>()
8 print('hello')
9
---> 10 adv_x = bim.generate(model.x, **bim_params)
c:\users\mjafarnia\src\cleverhans\cleverhans\attacks.py in generate(self, x, **kwargs)
400 sess=self.sess)
401 # Compute this step's perturbation
--> 402 adv_x = FGM.generate(x + eta, **fgm_params)
403
404 # Clipping perturbation according to clip_min and clip_max
c:\users\mjafarnia\src\cleverhans\cleverhans\attacks.py in generate(self, x, **kwargs)
284 ord=self.ord, clip_min=self.clip_min,
285 clip_max=self.clip_max,
--> 286 targeted=(self.y_target is not None))
287
288 def parse_params(self, eps=0.3, ord=np.inf, y=None, y_target=None,
c:\users\mjafarnia\src\cleverhans\cleverhans\attacks_tf.py in fgm(x, preds, y, eps, ord, clip_min, clip_max, targeted)
65 if ord == np.inf:
66 # Take sign of gradient
---> 67 normalized_grad = tf.sign(grad)
68 # The following line should not change the numerical results.
69 # It applies only because `normalized_grad` is the output of
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\ops\math_ops.py in sign(x, name)
451 indices=x.indices, values=x_sign, dense_shape=x.dense_shape)
452 else:
--> 453 return gen_math_ops.sign(x, name=name)
454
455
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\ops\gen_math_ops.py in sign(x, name)
6874 if _ctx is None or not _ctx._eager_context.is_eager:
6875 _, _, _op = _op_def_lib._apply_op_helper(
-> 6876 "Sign", x=x, name=name)
6877 _result = _op.outputs[:]
6878 _inputs_flat = _op.inputs
~\AppData\Local\Continuum\anaconda3\lib\site-packages\tensorflow\python\framework\op_def_library.py in _apply_op_helper(self, op_type_name, name, **keywords)
526 raise ValueError(
527 "Tried to convert '%s' to a tensor and failed. Error: %s" %
--> 528 (input_name, err))
529 prefix = ("Input '%s' of '%s' Op has type %s that does not match" %
530 (input_name, op_type_name, observed))
ValueError: Tried to convert 'x' to a tensor and failed. Error: None values not supported.
答案 0 :(得分:1)
基本迭代方法(BIM)多次应用快速梯度符号方法(FGSM)(使用您指定的参数进行100次)。 BIM的每个步骤都将FGSM应用于BIM上一步的结果。因此,您的模型对象需要具有方法self.x,该方法将为作为参数传递的任何输入张量返回模型的输出。您实现的当前类始终在同一占位符fprop上返回模型的输出。您将必须使用范围来定义一个x方法,该方法可以采用任意张量ModelBasicCNN并在该输入上返回模型的输出。您可以在tutorials文件夹中找到一个简单的模型实现{{1}}的示例:https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/tutorial_models.py