Correct config parser for python2.7; update unit tests

Author: Irina Nicolae

README.md

@@ -1,4 +1,6 @@
-# Nemesis (v1.0.0)
+# Nemesis (v0.1)
+[![Build Status](https://travis.ibm.com/Maria-Irina-Nicolae/nemesis.svg?token=gRzs7KGtxQXDzQo1SRTx&branch=dev)](https://travis.ibm.com/Maria-Irina-Nicolae/nemesis)
+
 This is a library dedicated to **adversarial machine learning**. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. Nemesis provides an implementation for many state-of-the-art methods for attacking and defending classifiers.
 
 The library is still under development. Feedback, bug reports and extension requests are highly appreciated.
@@ -62,7 +64,7 @@ The library contains three main scripts for:
 * testing model accuracy on different test sets using (`test_accuracies.py`)
 
 Detailed instructions for each script are available by typing
-```python
+```bash
 python3 <script_name> -h
 ```
 

config/__init__.py

@@ -3,12 +3,17 @@
 from os.path import abspath, dirname, expanduser, join
 import sys
 
-import configparser
+# Ensure compatibility with Python 2 and 3 when using ConfigParser
+if sys.version_info >= (3, 0):
+    import configparser as cp
+else:
+    import ConfigParser as cp
+
 
 __all__ = ['config_dict', 'MNIST_PATH', 'CIFAR10_PATH', 'IMAGENET_PATH', 'STL10_PATH', 'DATA_PATH']
 
 config_file = join(dirname(__file__), 'config.ini')
-parser = configparser.ConfigParser()
+parser = cp.ConfigParser()
 with open(config_file, mode='rt') as f:
     parser.read_file(f)
 

src/attacks/deepfool.py

@@ -38,6 +38,8 @@ def generate(self, x_val, **kwargs):
         :return: A Numpy array holding the adversarial examples.
         """
         assert self.set_params(**kwargs)
+        k.set_learning_phase(0)
+
         dims = list(x_val.shape)
         nb_instances = dims[0]
         dims[0] = None
@@ -54,9 +56,8 @@ def generate(self, x_val, **kwargs):
         for j, x in enumerate(x_adv):
             xi = x[None, ...]
 
-            f = self.sess.run(self.model(xi_op), feed_dict={xi_op: xi, k.learning_phase(): 0})[0]
-            grd = self.sess.run(grads, feed_dict={xi_op: xi, k.learning_phase(): 0})
-            grd = [g[0] for g in grd]
+            f, grd = self.sess.run([self.model(xi_op), grads], {xi_op: xi})
+            f, grd = f[0], [g[0] for g in grd]
             fk_hat = np.argmax(f)
             fk_i_hat = fk_hat
             nb_iter = 0
@@ -79,9 +80,9 @@ def generate(self, x_val, **kwargs):
                     xi = np.clip(xi, self.clip_min, self.clip_max)
 
                 # Recompute prediction for new xi
-                f = self.sess.run(self.model(xi_op), feed_dict={xi_op: xi, k.learning_phase(): 0})[0]
-                grd = self.sess.run(grads, feed_dict={xi_op: xi, k.learning_phase(): 0})
-                grd = [g[0] for g in grd]
+
+                f, grd = self.sess.run([self.model(xi_op), grads], {xi_op: xi})
+                f, grd = f[0], [g[0] for g in grd]
                 fk_i_hat = np.argmax(f)
 
                 nb_iter += 1

src/attacks/fast_gradient.py

@@ -89,6 +89,7 @@ def minimal_perturbations(self, x, x_val, eps_step=0.1, eps_max=1., **kwargs):
         :param kwargs: Other parameters to send to generate_graph
         :return: A Numpy array holding the adversarial examples.
         """
+        k.set_learning_phase(0)
         y = np.argmax(self.model.predict(x_val), 1)
         adv_x = x_val.copy()
 
@@ -100,8 +101,7 @@ def minimal_perturbations(self, x, x_val, eps_step=0.1, eps_max=1., **kwargs):
             adv_x_op = self.generate_graph(x, eps=eps, **kwargs)
             adv_y = tf.argmax(self.model(adv_x_op), 1)
 
-            feed_dict = {x: x_val[curr_indexes], k.learning_phase(): 0}
-            new_adv_x, new_y = self.sess.run([adv_x_op, adv_y], feed_dict=feed_dict)
+            new_adv_x, new_y = self.sess.run([adv_x_op, adv_y], {x: x_val[curr_indexes]})
 
             # Update
             adv_x[curr_indexes] = new_adv_x
@@ -128,6 +128,7 @@ def generate(self, x_val, **kwargs):
         input_shape = list(x_val.shape)
         input_shape[0] = None
         self._x = tf.placeholder(tf.float32, shape=input_shape)
+        k.set_learning_phase(0)
 
         if "minimal" in kwargs and kwargs["minimal"]:
             return self.minimal_perturbations(self._x, x_val, **kwargs)
@@ -136,12 +137,12 @@ def generate(self, x_val, **kwargs):
 
         # Run symbolic graph without or with true labels
         if 'y_val' not in kwargs or kwargs['y_val'] is None:
-            feed_dict = {self._x: x_val, k.learning_phase(): 0}
+            feed_dict = {self._x: x_val}
         else:
             # Verify label placeholder was given in params if using true labels
             if self.y is None:
                 raise Exception("True labels given but label placeholder not given.")
-            feed_dict = {self._x: x_val, self.y: kwargs['y_val'], k.learning_phase(): 0}
+            feed_dict = {self._x: x_val, self.y: kwargs['y_val']}
 
         return self.sess.run(self._x_adv, feed_dict=feed_dict)
 

src/attacks/universal_perturbation.py

@@ -58,6 +58,7 @@ def _get_attack(self, a_name, params=None):
 
     def generate(self, x_val, **kwargs):
         self.set_params(**kwargs)
+        k.set_learning_phase(0)
 
         # init universal perturbation
         v = 0
@@ -80,15 +81,15 @@ def generate(self, x_val, **kwargs):
             for j, x in enumerate(x_val[rnd_idx]):
                 xi = x[None, ...]
 
-                f_xi = self.sess.run(self.model(xi_op), feed_dict={xi_op: xi + v, k.learning_phase(): 0})
+                f_xi = self.sess.run(self.model(xi_op), feed_dict={xi_op: xi + v})
                 fk_i_hat = np.argmax(f_xi[0])
                 fk_hat = np.argmax(true_y[rnd_idx][j])
 
                 if fk_i_hat == fk_hat:
 
                     # Compute adversarial perturbation
                     adv_xi = attacker.generate(np.expand_dims(x, 0) + v)
-                    adv_f_xi = self.sess.run(self.model(xi_op), feed_dict={xi_op: adv_xi, k.learning_phase(): 0})
+                    adv_f_xi = self.sess.run(self.model(xi_op), feed_dict={xi_op: adv_xi})
                     adv_fk_i_hat = np.argmax(adv_f_xi[0])
 
                     # If the class has changed, update v
@@ -113,7 +114,8 @@ def generate(self, x_val, **kwargs):
         return adv_x
 
     def set_params(self, **kwargs):
-        """Take in a dictionary of parameters and applies attack-specific checks before saving them as attributes.
+        """
+        Take in a dictionary of parameters and applies attack-specific checks before saving them as attributes.
 
         Attack-specific parameters:
         :param classifier: A function that takes a symbolic input and returns the symbolic output for the classifier's

src/classifiers/mlp_unittest.py

@@ -25,22 +25,22 @@ def setUp(self):
     def tearDown(self):
         shutil.rmtree("./tests/")
 
-    def test_mlp_cifar(self):
-        session = tf.Session()
-        keras.backend.set_session(session)
-
-        # get CIFAR10
-        (X_train, Y_train), (X_test, Y_test), _, _ = load_cifar10()
-        X_train, Y_train, X_test, Y_test = X_train[:NB_TRAIN], Y_train[:NB_TRAIN], X_test[:NB_TEST], Y_test[:NB_TEST]
-        im_shape = X_train[0].shape
-
-        classifier = MLP(im_shape, act="brelu", dataset="cifar10")
-        classifier.compile({'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy']})
-
-        # Fit the classifier
-        classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE)
-        scores = classifier.evaluate(X_test, Y_test)
-        print("\naccuracy: %.2f%%" % (scores[1] * 100))
+    # def test_mlp_cifar(self):
+    #     session = tf.Session()
+    #     keras.backend.set_session(session)
+    #
+    #     # get CIFAR10
+    #     (X_train, Y_train), (X_test, Y_test), _, _ = load_cifar10()
+    #     X_train, Y_train, X_test, Y_test = X_train[:NB_TRAIN], Y_train[:NB_TRAIN], X_test[:NB_TEST], Y_test[:NB_TEST]
+    #     im_shape = X_train[0].shape
+    #
+    #     classifier = MLP(im_shape, act="brelu", dataset="cifar10")
+    #     classifier.compile({'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy']})
+    #
+    #     # Fit the classifier
+    #     classifier.fit(X_train, Y_train, epochs=1, batch_size=BATCH_SIZE)
+    #     scores = classifier.evaluate(X_test, Y_test)
+    #     print("\naccuracy: %.2f%%" % (scores[1] * 100))
 
     def test_mlp_mnist(self):
         session = tf.Session()