獲取必要的梯度值，打破圖像

Question

我一直在嘗試與對抗的圖像和我的fast gradient sign method從以下鏈接閱讀https://arxiv.org/pdf/1412.6572.pdf起來......

的說明解釋必要的梯度可以用backpropagation計算...

我已經成功地產生對抗性的圖像，但我在試圖提取失敗創建對抗圖像所必需的梯度。我將證明我的意思。

讓我們假設我已經使用logistic regression來訓練我的算法。我在restore模型中提取了我希望變成敵對圖像的數字。在這種情況下，它是數字2 ...

# construct model 
logits = tf.matmul(x, W) + b 
pred = tf.nn.softmax(logits) 
... 
... 
# assign the images of number 2 to the variable 
sess.run(tf.assign(x, labels_of_2)) 
# setup softmax 
sess.run(pred) 

# placeholder for target label 
fake_label = tf.placeholder(tf.int32, shape=[1]) 
# setup the fake loss 
fake_loss = tf.nn.sparse_softmax_cross_entropy_with_logits(logits=logits,labels=fake_label) 

# minimize fake loss using gradient descent, 
# calculating the derivatives of the weight of the fake image will give the direction of weights necessary to change the prediction 
adversarial_step = tf.train.GradientDescentOptimizer(learning_rate=FLAGS.learning_rate).minimize(fake_loss, var_list=[x]) 

# continue calculating the derivative until the prediction changes for all 10 images 
for i in range(FLAGS.training_epochs): 
    # fake label tells the training algorithm to use the weights calculated for number 6 
    sess.run(adversarial_step, feed_dict={fake_label:np.array([6])}) 
    sess.run(pred) 

這是我的方法，它完美的作品。這需要數2的我的形象，並改變它只有輕微，以至於當我運行以下...

x_in = np.expand_dims(x[0], axis=0) 
classification = sess.run(tf.argmax(pred, 1)) 
print(classification) 

將預測數2作爲6號

的問題是，我需要提取必要的梯度來欺騙神經網絡進入思維數字2爲6.我需要使用這個梯度來創建上面提到的nematode。

我不知道如何提取梯度值。我試着看tf.gradients，但我無法弄清楚如何使用這個功能產生敵對圖像。我實現上述fake_loss變量後，下面...

tf.gradients(fake_loss, x) 

for i in range(FLAGS.training_epochs): 
    # calculate gradient with weight of number 6 
    gradient_value = sess.run(gradients, feed_dict={fake_label:np.array([6])}) 
    # update the image of number 2 
    gradient_update = x+0.007*gradient_value[0] 
    sess.run(tf.assign(x, gradient_update)) 
    sess.run(pred) 

不幸的是，預測並沒有我想要的方式發生變化，而且這種邏輯導致了一個相當模糊的圖像。

我希望能解釋一下爲了計算和提取能夠欺騙神經網絡的梯度，我需要做的事情，以便如果我將這個梯度作爲nematode應用到我的圖像上，會導致不同的預測。

Answer 1

爲什麼不讓Tensorflow優化器將漸變添加到圖像中？您仍然可以評估線蟲以獲取添加的結果梯度。

我創建了一個比特的樣本代碼與熊貓圖像來演示此。它使用VGG16神經網絡將您自己的熊貓圖像轉換成「金魚」圖像。每100次迭代它將圖像保存爲PDF，因此您可以無損打印圖像以檢查圖像是否仍然是金魚。

import tensorflow as tf 
import numpy as np 
import matplotlib.pyplot as plt 
import IPython.display as ipyd 
from libs import vgg16 # Download here! https://github.com/pkmital/CADL/tree/master/session-4/libs 

pandaimage = plt.imread('panda.jpg') 
pandaimage = vgg16.preprocess(pandaimage) 
plt.imshow(pandaimage) 

img_4d = np.array([pandaimage]) 

g = tf.get_default_graph() 
input_placeholder = tf.Variable(img_4d,trainable=False) 
to_add_image = tf.Variable(tf.random_normal([224,224,3], mean=0.0, stddev=0.1, dtype=tf.float32)) 
combined_images_not_clamped = input_placeholder+to_add_image 

filledmax = tf.fill(tf.shape(combined_images_not_clamped), 1.0) 
filledmin = tf.fill(tf.shape(combined_images_not_clamped), 0.0) 
greater_than_one = tf.greater(combined_images_not_clamped, filledmax) 

combined_images_with_max = tf.where(greater_than_one, filledmax, combined_images_not_clamped) 
lower_than_zero =tf.less(combined_images_with_max, filledmin) 
combined_images = tf.where(lower_than_zero, filledmin, combined_images_with_max) 

net = vgg16.get_vgg_model() 
tf.import_graph_def(net['graph_def'], name='vgg') 
names = [op.name for op in g.get_operations()] 

style_layer = 'prob:0' 
the_prediction = tf.import_graph_def(
    net['graph_def'], 
    name='vgg', 
    input_map={'images:0': combined_images},return_elements=[style_layer]) 

goldfish_expected_np = np.zeros(1000) 
goldfish_expected_np[1]=1.0 
goldfish_expected_tf = tf.Variable(goldfish_expected_np,dtype=tf.float32,trainable=False) 
loss = tf.reduce_sum(tf.square(the_prediction[0]-goldfish_expected_tf)) 
optimizer = tf.train.AdamOptimizer().minimize(loss) 


sess = tf.InteractiveSession() 
sess.run(tf.global_variables_initializer()) 


def show_many_images(*images): 
    fig = plt.figure() 
    for i in range(len(images)): 
     print(images[i].shape) 
     subplot_number = 100+10*len(images)+(i+1) 
     plt.subplot(subplot_number) 
     plt.imshow(images[i]) 
    plt.show() 



for i in range(1000): 
    _, loss_val = sess.run([optimizer,loss]) 

    if i%100==1: 
     print("Loss at iteration %d: %f" % (i,loss_val)) 
     _, loss_val,adversarial_image,pred,nematode = sess.run([optimizer,loss,combined_images,the_prediction,to_add_image]) 
     res = np.squeeze(pred) 
     average = np.mean(res, 0) 
     res = res/np.sum(average) 
     plt.imshow(adversarial_image[0]) 
     plt.show() 
     print([(res[idx], net['labels'][idx]) for idx in res.argsort()[-5:][::-1]]) 
     show_many_images(img_4d[0],nematode,adversarial_image[0]) 
     plt.imsave('adversarial_goldfish.pdf',adversarial_image[0],format='pdf') # save for printing 

讓我知道這是否對您有幫助！