Cain:提前写一下AI部分的WP
明后天统计队内师傅的WP,更新全部赛题
WriteUP
羊城杯AI
Cain:提前写一下AI部分的WP
明后天统计队内师傅的WP,更新全部赛题
AI-NLP_Model_Attack
关于bert的llm对抗,使用清华的openattack就行,使用了基于贪婪算法进行word词替换的PWWS攻击
import OpenAttack as oa
import numpy as np
import torch
import datasets
import transformers
from transformers import DistilBertTokenizer, DistilBertForSequenceClassification
import csv
from collections import defaultdict
with open('original_text.csv', mode='r', encoding='utf-8') as file:
# 创建CSV阅读器
reader = csv.DictReader(file)
# 创建一个字典来存储转换后的数据
data_dict = {
"x": [
],
"y": [
]
}
# 遍历CSV文件中的每一行
for row in reader:
# 将'text'列的值添加到data_dict的'x'键下
data_dict['x'].append(row['text'])
# 将'original_label'列的值添加到data_dict的'y'键下
data_dict['y'].append(int(row['original_label'])) # 假设original_label是整数
tokenizer = DistilBertTokenizer.from_pretrained('Sentiment_classification_model')
model = DistilBertForSequenceClassification.from_pretrained('Sentiment_classification_model').to('cuda')
victim = oa.classifiers.TransformersClassifier(model, tokenizer, model.distilbert.embeddings.word_embeddings, 'cuda')
attacker = oa.attackers.PWWSAttacker()
dataset = datasets.Dataset.from_dict(data_dict)
attack_eval = oa.AttackEval(attacker, victim, metrics = [oa.metric.EditDistance(), oa.metric.ModificationRate()])
attack_eval.eval(dataset, visualize=True)
AI-Targeted_Image_adv_attacks
题目要求进行有目标的对抗样本攻击,并且检验方式为SIMM
因此对损失函数使用SIMM进行约束,在SIMM条件下的进行约束优化,采用了梯度优化FGSM
考虑到模型敏感度使用softmax后进行交叉熵的效果并不好,观察模型输出后,直接预设期望的target计算MSE均方误差
from torch import nn
import torch.nn.functional as func
import numpy as np
import torch
from PIL import Image
import base64
import random
from torchvision import models, transforms
import pytorch_ssim
from torch.autograd import Variable
label = {
0: 'cat',
1: 'dog',
2: 'fox'
}
target = [torch.tensor([[-10, 10, -10]]).to('cuda').float(),
torch.tensor([[-10, -10, 10]]).to('cuda').float(),
torch.tensor([[10, -10, -10]]).to('cuda').float()]
model = models.densenet121(weights=None)
num_ftrs = model.classifier.in_features
model.classifier = nn.Sequential(
nn.Linear(num_ftrs, 500),
nn.Linear(500, 3)
)
model.load_state_dict(torch.load('ckpt_densenet121_catdogfox_classify.pth', map_location='cuda'))
model = model.to('cuda')
model.eval()
loss_ssim = pytorch_ssim.SSIM()
loss_l2 = nn.MSELoss()
delta = 0.01
cnt = 0
for idx in range(3):
for num in range(50):
print(f'--------{label[idx]}_{num:03d} Start Adv Attack!---------')
img = transforms.ToTensor()(Image.open(f'.\adv_image\{label[idx]}\{label[idx]}_{num:03d}.jpg')).to('cuda').unsqueeze(0)
src_img = transforms.ToTensor()(Image.open(f'.\adv_image\{label[idx]}\{label[idx]}_{num:03d}.jpg')).to('cuda').unsqueeze(0)
src = src_img.view(-1).detach().cpu().numpy()
img.requires_grad = True
for i in range(100000):
pred = model(img)
print(f"Epoch {i}: target pred: {pred[0].argmax().item()}",end=' ')
adv = transforms.ToPILImage()(img[0].detach().cpu())
adv.save(f'.\update\{label[idx]}\{label[idx]}_{num:03d}.jpg')
adv_img = transforms.ToTensor()(Image.open(f'.\update\{label[idx]}\{label[idx]}_{num:03d}.jpg')).to('cuda').unsqueeze(0)
if pytorch_ssim.ssim(adv_img, src_img) < 0.95:
print(f'-------- {label[idx]}_{num:03d} SSIM < 0.95---------')
cnt += 1
break
if model(adv_img)[0].argmax().item() == (idx+1)%3 and pytorch_ssim.ssim(adv_img, src_img) > 0.95:
print('--------Find Adv Image!---------')
print(pytorch_ssim.ssim(img, src_img), pred[0].argmax().item())
break
ssiml = loss_ssim(img, src_img)
l2l = loss_l2(pred, target[idx])
loss = l2l + ssiml
loss.backward()
img.requires_grad = False
img = img - img.grad * delta
img = img.clamp(0, 1)
img.requires_grad = True
print(f"SIMM loss: {ssiml.item()} MSE norm: {l2l.item()}")
print(f'-------- Total:{cnt} SSIM < 0.95---------')
原文始发于微信公众号(N0wayBack):羊城杯2024 AI部分 WP
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论