# 用100元的支票骗到100万：看看对抗性攻击是怎么为非作歹的

Inception v3 分类器

“真”和“假”之间的边界几乎是线性的。我们可以从中得到两个有趣的结论。首先，如果你沿着梯度的方向进行计算, 一旦碰到了预测的类别改变的区域， 就可以确认攻击成功了。另一方面，它表明了，决策函数的结构远比大多数研究者想象的容易。

```mport torch
from torch import nn
import torchvision.transforms as T
from torchvision.models.inception import inception_v3
from PIL import Image
import matplotlib.pyplot as plt
import numpy as np```

```classes = eval(open('classes.txt').read())
trans = T.Compose([T.ToTensor(), T.Lambda(lambda t: t.unsqueeze(0))])
reverse_trans = lambda x: np.asarray(T.ToPILImage()(x))```

```eps = 2 * 8 / 225.
steps = 40
norm = float('inf')
step_alpha = 0.0001
model = inception_v3(pretrained=True, transform_input=True).cuda()
loss = nn.CrossEntropyLoss()
model.eval();```

```def load_image(img_path):
img = trans(Image.open(img_path).convert('RGB'))
return img```

```def get_class(img):
x = Variable(img, volatile=True).cuda()
cls = model(x).data.max(1)[1].cpu().numpy()[0]
return classes[cls]```

```def draw_result(img, noise, adv_img):
fig, ax = plt.subplots(1, 3, figsize=(15, 10))
ax[0].imshow(reverse_trans(img[0]))
ax[0].set_title('Original image: {}'.format(orig_class.split(',')[0]))
ax[1].imshow(noise[0].cpu().numpy().transpose(1, 2, 0))
ax[1].set_title('Attacking noise')
for i in range(3):
ax[i].set_axis_off()
plt.tight_layout()
plt.show()```

```def non_targeted_attack(img):
img = img.cuda()
label = torch.zeros(1, 1).cuda()
x, y = Variable(img, requires_grad=True), Variable(label)
for step in range(steps):
out = model(x)
y.data = out.data.max(1)[1]
_loss = loss(out, y)
_loss.backward()
result = torch.clamp(result, 0.0, 1.0)
x.data = result

```img = load_image('input.png')

```def targeted_attack(img, label):

img = img.cuda()

label = torch.Tensor([label]).long().cuda()

Variable(label)

for step in range(steps):

out = model(x)

_loss = loss(out, y)

_loss.backward()

result = torch.clamp(result, 0.0, 1.0)

x.data = result

`step_adv = x.data - normed_grad`

0 条评论

## 相关文章

### SQL中GROUP BY用法示例

GROUP BY我们可以先从字面上来理解，GROUP表示分组，BY后面写字段名，就表示根据哪个字段进行分组，如果有用Excel比较多的话，GROUP BY比较类...

5.2K20

16020

34530

30340

22340

13750

18230

12110

44730

51420