[{"data":1,"prerenderedAt":926},["ShallowReactive",2],{"content-query-MB5PTIw5RI":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"cover":11,"type":12,"category":13,"body":14,"_type":920,"_id":921,"_source":922,"_file":923,"_stem":924,"_extension":925},"/technology-blogs/zh/834","zh",false,"","万字详解-MindArmour 小白教程！","MindArmour的实操，欢迎大家亲手使用和调试~","2021-12-10","https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/78c75a22ce5049d3aa236cfa37951da1.png","technology-blogs","开发者分享",{"type":15,"children":16,"toc":917},"root",[17,25,34,52,57,62,67,81,86,91,96,106,117,122,132,143,163,168,186,196,201,206,224,229,237,242,250,268,273,281,286,293,298,305,310,317,322,329,334,339,344,351,356,361,366,371,376,383,388,393,398,405,412,417,424,429,436,443,448,453,460,465,470,475,482,489,494,501,506,524,529,534,539,544,549,554,562,569,576,581,588,593,598,603,611,618,631,636,641,649,654,662,669,674,681,689,694,702,709,714,719,724,736,744,749,756,763,771,778,785,790,797,802,807,812,817,822,830,837,842,847,852,860,865,870,878,883,890,898,903],{"type":18,"tag":19,"props":20,"children":22},"element","h1",{"id":21},"万字详解-mindarmour-小白教程",[23],{"type":24,"value":8},"text",{"type":18,"tag":26,"props":27,"children":28},"p",{},[29],{"type":18,"tag":30,"props":31,"children":33},"img",{"alt":7,"src":32},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/cfb32eb5b8a54fe78d549e0dd3a4c02f.gif",[],{"type":18,"tag":26,"props":35,"children":36},{},[37,39,45,47],{"type":24,"value":38},"作者：",{"type":18,"tag":40,"props":41,"children":42},"strong",{},[43],{"type":24,"value":44},"irrational",{"type":24,"value":46}," ｜",{"type":18,"tag":40,"props":48,"children":49},{},[50],{"type":24,"value":51},"来源：华为云",{"type":18,"tag":26,"props":53,"children":54},{},[55],{"type":24,"value":56},"MindArmour 使用",{"type":18,"tag":26,"props":58,"children":59},{},[60],{"type":24,"value":61},"配置环境：CPU环境",{"type":18,"tag":26,"props":63,"children":64},{},[65],{"type":24,"value":66},"首先下载mindspore，参考官网",{"type":18,"tag":26,"props":68,"children":69},{},[70,72],{"type":24,"value":71},"（**",{"type":18,"tag":73,"props":74,"children":78},"a",{"href":75,"rel":76},"https://www.mindspore.cn/install**%EF%BC%89",[77],"nofollow",[79],{"type":24,"value":80},"https://www.mindspore.cn/install**）",{"type":18,"tag":26,"props":82,"children":83},{},[84],{"type":24,"value":85},"安装MindArmour",{"type":18,"tag":26,"props":87,"children":88},{},[89],{"type":24,"value":90},"确认系统环境信息",{"type":18,"tag":26,"props":92,"children":93},{},[94],{"type":24,"value":95},"• 硬件平台为Ascend、GPU或CPU。",{"type":18,"tag":26,"props":97,"children":98},{},[99,101],{"type":24,"value":100},"• 参考",{"type":18,"tag":40,"props":102,"children":103},{},[104],{"type":24,"value":105},"MindSpore安装指南",{"type":18,"tag":26,"props":107,"children":108},{},[109,110,115],{"type":24,"value":71},{"type":18,"tag":73,"props":111,"children":113},{"href":75,"rel":112},[77],[114],{"type":24,"value":80},{"type":24,"value":116}," ，",{"type":18,"tag":26,"props":118,"children":119},{},[120],{"type":24,"value":121},"完成MindSpore的安装。MindArmour与MindSpore的版本需保持一致。",{"type":18,"tag":26,"props":123,"children":124},{},[125,127],{"type":24,"value":126},"• 其余依赖请参见",{"type":18,"tag":40,"props":128,"children":129},{},[130],{"type":24,"value":131},"setup.py",{"type":18,"tag":26,"props":133,"children":134},{},[135,136],{"type":24,"value":71},{"type":18,"tag":73,"props":137,"children":140},{"href":138,"rel":139},"https://gitee.com/mindspore/mindarmour/blob/master/setup.py**%EF%BC%89%E3%80%82",[77],[141],{"type":24,"value":142},"https://gitee.com/mindspore/mindarmour/blob/master/setup.py**）。",{"type":18,"tag":26,"props":144,"children":145},{},[146,151,153,158,159],{"type":18,"tag":40,"props":147,"children":148},{},[149],{"type":24,"value":150},"●",{"type":24,"value":152}," ",{"type":18,"tag":40,"props":154,"children":155},{},[156],{"type":24,"value":157},"安装方式",{"type":24,"value":152},{"type":18,"tag":40,"props":160,"children":161},{},[162],{"type":24,"value":150},{"type":18,"tag":26,"props":164,"children":165},{},[166],{"type":24,"value":167},"可以采用pip安装或者源码编译安装两种方式。",{"type":18,"tag":26,"props":169,"children":170},{},[171,175,176,181,182],{"type":18,"tag":40,"props":172,"children":173},{},[174],{"type":24,"value":150},{"type":24,"value":152},{"type":18,"tag":40,"props":177,"children":178},{},[179],{"type":24,"value":180},"pip安装",{"type":24,"value":152},{"type":18,"tag":40,"props":183,"children":184},{},[185],{"type":24,"value":150},{"type":18,"tag":187,"props":188,"children":190},"pre",{"code":189},"pip install https://ms-release.obs.cn-north-4.myhuaweicloud.com/{version}/MindArmour/any/mindarmour-{version}-py3-none-any.whl --trusted-host ms-release.obs.cn-north-4.myhuaweicloud.com -i https://pypi.tuna.tsinghua.edu.cn/simple\n",[191],{"type":18,"tag":192,"props":193,"children":194},"code",{"__ignoreMap":7},[195],{"type":24,"value":189},{"type":18,"tag":26,"props":197,"children":198},{},[199],{"type":24,"value":200},"• 在联网状态下，安装whl包时会自动下载MindArmour安装包的依赖项（依赖项详情参见setup.py ），其余情况需自行安装。",{"type":18,"tag":26,"props":202,"children":203},{},[204],{"type":24,"value":205},"• {version}表示MindArmour版本号，例如下载1.3.0版本MindArmour时，{version}应写为1.3.0。",{"type":18,"tag":26,"props":207,"children":208},{},[209,213,214,219,220],{"type":18,"tag":40,"props":210,"children":211},{},[212],{"type":24,"value":150},{"type":24,"value":152},{"type":18,"tag":40,"props":215,"children":216},{},[217],{"type":24,"value":218},"源码安装",{"type":24,"value":152},{"type":18,"tag":40,"props":221,"children":222},{},[223],{"type":24,"value":150},{"type":18,"tag":26,"props":225,"children":226},{},[227],{"type":24,"value":228},"1. 从Gitee下载源码。",{"type":18,"tag":187,"props":230,"children":232},{"code":231},"git clone https://gitee.com/mindspore/mindarmour.git\n",[233],{"type":18,"tag":192,"props":234,"children":235},{"__ignoreMap":7},[236],{"type":24,"value":231},{"type":18,"tag":26,"props":238,"children":239},{},[240],{"type":24,"value":241},"2. 在源码根目录下，执行如下命令编译并安装MindArmour。",{"type":18,"tag":187,"props":243,"children":245},{"code":244},"cd mindarmour\npython setup.py install\n",[246],{"type":18,"tag":192,"props":247,"children":248},{"__ignoreMap":7},[249],{"type":24,"value":244},{"type":18,"tag":26,"props":251,"children":252},{},[253,257,258,263,264],{"type":18,"tag":40,"props":254,"children":255},{},[256],{"type":24,"value":150},{"type":24,"value":152},{"type":18,"tag":40,"props":259,"children":260},{},[261],{"type":24,"value":262},"验证是否成功安装",{"type":24,"value":152},{"type":18,"tag":40,"props":265,"children":266},{},[267],{"type":24,"value":150},{"type":18,"tag":26,"props":269,"children":270},{},[271],{"type":24,"value":272},"执行如下命令，如果没有报错No module named 'mindarmour'，则说明安装成功。",{"type":18,"tag":187,"props":274,"children":276},{"code":275},"python -c 'import mindarmour'\n",[277],{"type":18,"tag":192,"props":278,"children":279},{"__ignoreMap":7},[280],{"type":24,"value":275},{"type":18,"tag":26,"props":282,"children":283},{},[284],{"type":24,"value":285},"具体操作如下：",{"type":18,"tag":26,"props":287,"children":288},{},[289],{"type":18,"tag":30,"props":290,"children":292},{"alt":7,"src":291},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/91f30d041d7c4fd89b599ac86fb6bb9e.jpg",[],{"type":18,"tag":26,"props":294,"children":295},{},[296],{"type":24,"value":297},"如图，最开始没有安装，显示没有mindarmour库",{"type":18,"tag":26,"props":299,"children":300},{},[301],{"type":18,"tag":30,"props":302,"children":304},{"alt":7,"src":303},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/1f2782d35e244a99bba582f825b25f8b.jpg",[],{"type":18,"tag":26,"props":306,"children":307},{},[308],{"type":24,"value":309},"pip命令直接安装。",{"type":18,"tag":26,"props":311,"children":312},{},[313],{"type":18,"tag":30,"props":314,"children":316},{"alt":7,"src":315},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/b7b674bcc7614a938eda281d3910ce8a.jpg",[],{"type":18,"tag":26,"props":318,"children":319},{},[320],{"type":24,"value":321},"输入enter之后，没有错误报告，安装正确。",{"type":18,"tag":26,"props":323,"children":324},{},[325],{"type":18,"tag":30,"props":326,"children":328},{"alt":7,"src":327},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/a76cb6f4e9544d94ac0ca94c84e763fe.jpg",[],{"type":18,"tag":26,"props":330,"children":331},{},[332],{"type":24,"value":333},"进入python环境，安装正确。",{"type":18,"tag":26,"props":335,"children":336},{},[337],{"type":24,"value":338},"那我们跑一下测试玩玩。",{"type":18,"tag":26,"props":340,"children":341},{},[342],{"type":24,"value":343},"使用NAD算法提升模型安全性",{"type":18,"tag":26,"props":345,"children":346},{},[347],{"type":18,"tag":30,"props":348,"children":350},{"alt":7,"src":349},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/8e66010537254984bf13f4195635974b.jpg",[],{"type":18,"tag":26,"props":352,"children":353},{},[354],{"type":24,"value":355},"开始",{"type":18,"tag":26,"props":357,"children":358},{},[359],{"type":24,"value":360},"刚一开始就报错啦。没事，我们看看信息。",{"type":18,"tag":26,"props":362,"children":363},{},[364],{"type":24,"value":365},"貌似这，暂时CPU还跑不了。",{"type":18,"tag":26,"props":367,"children":368},{},[369],{"type":24,"value":370},"“got device target GPU”。但是仔细分析，我们发现前面这句“support type cpu”。",{"type":18,"tag":26,"props":372,"children":373},{},[374],{"type":24,"value":375},"我们再结合报错信息，只用修改代码中的target即可。",{"type":18,"tag":26,"props":377,"children":378},{},[379],{"type":18,"tag":30,"props":380,"children":382},{"alt":7,"src":381},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/c9b00ac1ce8c403689d43680876bce8e.jpg",[],{"type":18,"tag":26,"props":384,"children":385},{},[386],{"type":24,"value":387},"MindSpore的兼容性还是很强的，",{"type":18,"tag":26,"props":389,"children":390},{},[391],{"type":24,"value":392},"稍微调试就好。",{"type":18,"tag":26,"props":394,"children":395},{},[396],{"type":24,"value":397},"果不其然，搞成了target=\"CPU\"就可以了",{"type":18,"tag":26,"props":399,"children":400},{},[401],{"type":18,"tag":30,"props":402,"children":404},{"alt":7,"src":403},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/90c6c31ed8a742028b9cd6f74c8cf325.jpg",[],{"type":18,"tag":26,"props":406,"children":407},{},[408],{"type":18,"tag":30,"props":409,"children":411},{"alt":7,"src":410},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/acde7fd6541940a5917dcbd411100914.jpg",[],{"type":18,"tag":26,"props":413,"children":414},{},[415],{"type":24,"value":416},"这就真不错。",{"type":18,"tag":26,"props":418,"children":419},{},[420],{"type":18,"tag":30,"props":421,"children":423},{"alt":7,"src":422},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/8532fbe2be6a49289193d0e1e472d541.jpg",[],{"type":18,"tag":26,"props":425,"children":426},{},[427],{"type":24,"value":428},"经过三轮训练，精确度已经达到97%了",{"type":18,"tag":26,"props":430,"children":431},{},[432],{"type":18,"tag":30,"props":433,"children":435},{"alt":7,"src":434},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/cbcedebe47c349f99852908f0e55b946.jpg",[],{"type":18,"tag":26,"props":437,"children":438},{},[439],{"type":18,"tag":30,"props":440,"children":442},{"alt":7,"src":441},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/0afbc7a3d86a45c387c40598ccea3b35.jpg",[],{"type":18,"tag":26,"props":444,"children":445},{},[446],{"type":24,"value":447},"GPU上演示",{"type":18,"tag":26,"props":449,"children":450},{},[451],{"type":24,"value":452},"还没玩够，那我们在gpu上再玩一遍",{"type":18,"tag":26,"props":454,"children":455},{},[456],{"type":18,"tag":30,"props":457,"children":459},{"alt":7,"src":458},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/63a96e4808d941afae596a63694fd320.jpg",[],{"type":18,"tag":26,"props":461,"children":462},{},[463],{"type":24,"value":464},"差点都忘了自己创建的环境叫什么了，原来叫mindspore1.5-gpu",{"type":18,"tag":26,"props":466,"children":467},{},[468],{"type":24,"value":469},"遇见的一些问题",{"type":18,"tag":26,"props":471,"children":472},{},[473],{"type":24,"value":474},"GPU运行armour",{"type":18,"tag":26,"props":476,"children":477},{},[478],{"type":18,"tag":30,"props":479,"children":481},{"alt":7,"src":480},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/2ac8ae92cc424dcb851a6d43fb09d15e.jpg",[],{"type":18,"tag":26,"props":483,"children":484},{},[485],{"type":18,"tag":30,"props":486,"children":488},{"alt":7,"src":487},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/268adc16f3c64289863c730b3b36f2f9.jpg",[],{"type":18,"tag":26,"props":490,"children":491},{},[492],{"type":24,"value":493},"运行的时候，莫名奇妙出了些小故障，难道python命令出问题了？",{"type":18,"tag":26,"props":495,"children":496},{},[497],{"type":18,"tag":30,"props":498,"children":500},{"alt":7,"src":499},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/948bf0fab4624b6db92511d33a198891.jpg",[],{"type":18,"tag":26,"props":502,"children":503},{},[504],{"type":24,"value":505},"原来是c盘满了，我把cuda卸了。看来寒假得重新加一块存储卡...那寒假再跟大家写gpu吧。",{"type":18,"tag":26,"props":507,"children":508},{},[509,513,514,519,520],{"type":18,"tag":40,"props":510,"children":511},{},[512],{"type":24,"value":150},{"type":24,"value":152},{"type":18,"tag":40,"props":515,"children":516},{},[517],{"type":24,"value":518},"完整演示",{"type":24,"value":152},{"type":18,"tag":40,"props":521,"children":522},{},[523],{"type":24,"value":150},{"type":18,"tag":26,"props":525,"children":526},{},[527],{"type":24,"value":528},"pycharm加装jupyter",{"type":18,"tag":26,"props":530,"children":531},{},[532],{"type":24,"value":533},"1、安装Jupyter pip install jupyter",{"type":18,"tag":26,"props":535,"children":536},{},[537],{"type":24,"value":538},"2、安装pycharm专业版，然后开始",{"type":18,"tag":26,"props":540,"children":541},{},[542],{"type":24,"value":543},"建立被攻击模型",{"type":18,"tag":26,"props":545,"children":546},{},[547],{"type":24,"value":548},"以MNIST为示范数据集，自定义的简单模型作为被攻击模型。",{"type":18,"tag":26,"props":550,"children":551},{},[552],{"type":24,"value":553},"引入相关包",{"type":18,"tag":187,"props":555,"children":557},{"code":556},"import os\nimport numpy as np\nfrom scipy.special import softmax\n\nfrom mindspore import dataset as ds\nfrom mindspore import dtype as mstype\nimport mindspore.dataset.vision.c_transforms as CV\nimport mindspore.dataset.transforms.c_transforms as C\nfrom mindspore.dataset.vision import Inter\nimport mindspore.nn as nn\nfrom mindspore.nn import SoftmaxCrossEntropyWithLogits\nfrom mindspore.common.initializer import TruncatedNormal\nfrom mindspore import Model, Tensor, context\nfrom mindspore.train.callback import LossMonitor\n\nfrom mindarmour.adv_robustness.attacks import FastGradientSignMethod\nfrom mindarmour.utils import LogUtil\nfrom mindarmour.adv_robustness.evaluations import AttackEvaluate\n\ncontext.set_context(mode=context.GRAPH_MODE, device_target=\"Ascend\")\n\nLOGGER = LogUtil.get_instance()\nLOGGER.set_level(\"INFO\")\nTAG = 'demo'\n",[558],{"type":18,"tag":192,"props":559,"children":560},{"__ignoreMap":7},[561],{"type":24,"value":556},{"type":18,"tag":26,"props":563,"children":564},{},[565],{"type":18,"tag":30,"props":566,"children":568},{"alt":7,"src":567},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/663e0cd1adf24bf4bbe5f0dac95d6902.jpg",[],{"type":18,"tag":26,"props":570,"children":571},{},[572],{"type":18,"tag":30,"props":573,"children":575},{"alt":7,"src":574},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/9826b56b12e74abeb9edad51290a64f5.jpg",[],{"type":18,"tag":26,"props":577,"children":578},{},[579],{"type":24,"value":580},"下载文件的时候，会报不信任http，没关系，不用管。",{"type":18,"tag":26,"props":582,"children":583},{},[584],{"type":18,"tag":30,"props":585,"children":587},{"alt":7,"src":586},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/c2c59159832d4e719fa52b92cd37d278.jpg",[],{"type":18,"tag":26,"props":589,"children":590},{},[591],{"type":24,"value":592},"注意，在CPU上运行，设置为target=\"CPU\"",{"type":18,"tag":26,"props":594,"children":595},{},[596],{"type":24,"value":597},"加载数据集",{"type":18,"tag":26,"props":599,"children":600},{},[601],{"type":24,"value":602},"利用MindSpore的dataset提供的MnistDataset接口加载MNIST数据集。",{"type":18,"tag":187,"props":604,"children":606},{"code":605},"# generate dataset for train of test\ndef generate_mnist_dataset(data_path, batch_size=32, repeat_size=1,\nnum_parallel_workers=1, sparse=True):\n\"\"\"\ncreate dataset for training or testing\n\"\"\"\n# define dataset\nds1 = ds.MnistDataset(data_path)\n\n# define operation parameters\nresize_height, resize_width = 32, 32\nrescale = 1.0 / 255.0\nshift = 0.0\n\n# define map operations\nresize_op = CV.Resize((resize_height, resize_width),\ninterpolation=Inter.LINEAR)\nrescale_op = CV.Rescale(rescale, shift)\nhwc2chw_op = CV.HWC2CHW()\ntype_cast_op = C.TypeCast(mstype.int32)\n\n# apply map operations on images\nif not sparse:\none_hot_enco = C.OneHot(10)\nds1 = ds1.map(operations=one_hot_enco, input_columns=\"label\",\nnum_parallel_workers=num_parallel_workers)\ntype_cast_op = C.TypeCast(mstype.float32)\nds1 = ds1.map(operations=type_cast_op, input_columns=\"label\",\nnum_parallel_workers=num_parallel_workers)\nds1 = ds1.map(operations=resize_op, input_columns=\"image\",\nnum_parallel_workers=num_parallel_workers)\nds1 = ds1.map(operations=rescale_op, input_columns=\"image\",\nnum_parallel_workers=num_parallel_workers)\nds1 = ds1.map(operations=hwc2chw_op, input_columns=\"image\",\nnum_parallel_workers=num_parallel_workers)\n\n# apply DatasetOps\nbuffer_size = 10000\nds1 = ds1.shuffle(buffer_size=buffer_size)\nds1 = ds1.batch(batch_size, drop_remainder=True)\nds1 = ds1.repeat(repeat_size)\n\nreturn ds1\n",[607],{"type":18,"tag":192,"props":608,"children":609},{"__ignoreMap":7},[610],{"type":24,"value":605},{"type":18,"tag":26,"props":612,"children":613},{},[614],{"type":18,"tag":30,"props":615,"children":617},{"alt":7,"src":616},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/def7414d12264af199aa5973e2989840.jpg",[],{"type":18,"tag":26,"props":619,"children":620},{},[621,626,627],{"type":18,"tag":40,"props":622,"children":623},{},[624],{"type":24,"value":625},"建立模型",{"type":24,"value":152},{"type":18,"tag":40,"props":628,"children":629},{},[630],{"type":24,"value":150},{"type":18,"tag":26,"props":632,"children":633},{},[634],{"type":24,"value":635},"这里以LeNet模型为例，您也可以建立训练自己的模型。",{"type":18,"tag":26,"props":637,"children":638},{},[639],{"type":24,"value":640},"1. 定义LeNet模型网络",{"type":18,"tag":187,"props":642,"children":644},{"code":643},"def conv(in_channels, out_channels, kernel_size, stride=1, padding=0):\nweight = weight_variable()\nreturn nn.Conv2d(in_channels, out_channels,\nkernel_size=kernel_size, stride=stride, padding=padding,\nweight_init=weight, has_bias=False, pad_mode=\"valid\")\n\ndef fc_with_initialize(input_channels, out_channels):\nweight = weight_variable()\nbias = weight_variable()\nreturn nn.Dense(input_channels, out_channels, weight, bias)\n\ndef weight_variable():\nreturn TruncatedNormal(0.02)\n\nclass LeNet5(nn.Cell):\n\"\"\"\nLenet network\n\"\"\"\ndef __init__(self):\nsuper(LeNet5, self).__init__()\nself.conv1 = conv(1, 6, 5)\nself.conv2 = conv(6, 16, 5)\nself.fc1 = fc_with_initialize(16*5*5, 120)\nself.fc2 = fc_with_initialize(120, 84)\nself.fc3 = fc_with_initialize(84, 10)\nself.relu = nn.ReLU()\nself.max_pool2d = nn.MaxPool2d(kernel_size=2, stride=2)\nself.flatten = nn.Flatten()\n\ndef construct(self, x):\nx = self.conv1(x)\nx = self.relu(x)\nx = self.max_pool2d(x)\nx = self.conv2(x)\nx = self.relu(x)\nx = self.max_pool2d(x)\nx = self.flatten(x)\nx = self.fc1(x)\nx = self.relu(x)\nx = self.fc2(x)\nx = self.relu(x)\nx = self.fc3(x)\nreturn x\n",[645],{"type":18,"tag":192,"props":646,"children":647},{"__ignoreMap":7},[648],{"type":24,"value":643},{"type":18,"tag":26,"props":650,"children":651},{},[652],{"type":24,"value":653},"2. 训练LeNet模型，利用上面定义的数据加载函数generate_mnist_dataset载入数据",{"type":18,"tag":187,"props":655,"children":657},{"code":656},"mnist_path = \"../common/dataset/MNIST/\"\nbatch_size = 32\n# train original model\nds_train = generate_mnist_dataset(os.path.join(mnist_path, \"train\"),\nbatch_size=batch_size, repeat_size=1,\nsparse=False)\nnet = LeNet5()\nloss = SoftmaxCrossEntropyWithLogits(sparse=False)\nopt = nn.Momentum(net.trainable_params(), 0.01, 0.09)\nmodel = Model(net, loss, opt, metrics=None)\nmodel.train(10, ds_train, callbacks=[LossMonitor()],\ndataset_sink_mode=False)\n",[658],{"type":18,"tag":192,"props":659,"children":660},{"__ignoreMap":7},[661],{"type":24,"value":656},{"type":18,"tag":26,"props":663,"children":664},{},[665],{"type":18,"tag":30,"props":666,"children":668},{"alt":7,"src":667},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/235343eedd2945cfacc6bc975a5cd616.jpg",[],{"type":18,"tag":26,"props":670,"children":671},{},[672],{"type":24,"value":673},"以下是训练模型的结果",{"type":18,"tag":26,"props":675,"children":676},{},[677],{"type":18,"tag":30,"props":678,"children":680},{"alt":7,"src":679},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/1b4828f7bf5c4373a0595ba3260fef3f.jpg",[],{"type":18,"tag":187,"props":682,"children":684},{"code":683},"# 2. get test data\n\nds_test = generate_mnist_dataset(os.path.join(mnist_path, \"test\"),\nbatch_size=batch_size, repeat_size=1,\nsparse=False)\ninputs = []\nlabels = []\nfor data in ds_test.create_tuple_iterator():\ninputs.append(data[0].asnumpy().astype(np.float32))\nlabels.append(data[1].asnumpy())\ntest_inputs = np.concatenate(inputs)\ntest_labels = np.concatenate(labels)\n",[685],{"type":18,"tag":192,"props":686,"children":687},{"__ignoreMap":7},[688],{"type":24,"value":683},{"type":18,"tag":26,"props":690,"children":691},{},[692],{"type":24,"value":693},"1. 测试模型",{"type":18,"tag":187,"props":695,"children":697},{"code":696},"# prediction accuracy before attack\nnet.set_train(False)\ntest_logits = net(Tensor(test_inputs)).asnumpy()\n\ntmp = np.argmax(test_logits, axis=1) == np.argmax(test_labels, axis=1)\naccuracy = np.mean(tmp)\nLOGGER.info(TAG, 'prediction accuracy before attacking is : %s', accuracy)\n",[698],{"type":18,"tag":192,"props":699,"children":700},{"__ignoreMap":7},[701],{"type":24,"value":696},{"type":18,"tag":26,"props":703,"children":704},{},[705],{"type":18,"tag":30,"props":706,"children":708},{"alt":7,"src":707},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/f3ec5e4e818d4b20861c8873959e116d.jpg",[],{"type":18,"tag":26,"props":710,"children":711},{},[712],{"type":24,"value":713},"测试结果中分类精度达到了97%。",{"type":18,"tag":26,"props":715,"children":716},{},[717],{"type":24,"value":718},"对抗性攻击",{"type":18,"tag":26,"props":720,"children":721},{},[722],{"type":24,"value":723},"调用MindArmour提供的FGSM接口（FastGradientSignMethod）。",{"type":18,"tag":26,"props":725,"children":726},{},[727,731,732],{"type":18,"tag":30,"props":728,"children":730},{"alt":7,"src":729},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/630043c3b1c043c788a9109b952730da.jpg",[],{"type":24,"value":152},{"type":18,"tag":30,"props":733,"children":735},{"alt":7,"src":734},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/22528fcacc9a4aacb3d09a4b0dfe9750.jpg",[],{"type":18,"tag":187,"props":737,"children":739},{"code":738},"# attacking\n# get adv data\nattack = FastGradientSignMethod(net, eps=0.3, loss_fn=loss)\nadv_data = attack.batch_generate(test_inputs, test_labels)\n\n# get accuracy of adv data on original model\nadv_logits = net(Tensor(adv_data)).asnumpy()\nadv_proba = softmax(adv_logits, axis=1)\ntmp = np.argmax(adv_proba, axis=1) == np.argmax(test_labels, axis=1)\naccuracy_adv = np.mean(tmp)\nLOGGER.info(TAG, 'prediction accuracy after attacking is : %s', accuracy_adv)\n\nattack_evaluate = AttackEvaluate(test_inputs.transpose(0, 2, 3, 1),\ntest_labels,\nadv_data.transpose(0, 2, 3, 1),\nadv_proba)\nLOGGER.info(TAG, 'mis-classification rate of adversaries is : %s',\nattack_evaluate.mis_classification_rate())\nLOGGER.info(TAG, 'The average confidence of adversarial class is : %s',\nattack_evaluate.avg_conf_adv_class())\nLOGGER.info(TAG, 'The average confidence of true class is : %s',\nattack_evaluate.avg_conf_true_class())\nLOGGER.info(TAG, 'The average distance (l0, l2, linf) between original '\n'samples and adversarial samples are: %s',\nattack_evaluate.avg_lp_distance())\nLOGGER.info(TAG, 'The average structural similarity between original '\n'samples and adversarial samples are: %s',\nattack_evaluate.avg_ssim())\n",[740],{"type":18,"tag":192,"props":741,"children":742},{"__ignoreMap":7},[743],{"type":24,"value":738},{"type":18,"tag":26,"props":745,"children":746},{},[747],{"type":24,"value":748},"攻击结果如下：",{"type":18,"tag":26,"props":750,"children":751},{},[752],{"type":18,"tag":30,"props":753,"children":755},{"alt":7,"src":754},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/0f37f81d81d94332a5b5d0a85fbe9dae.jpg",[],{"type":18,"tag":26,"props":757,"children":758},{},[759],{"type":18,"tag":30,"props":760,"children":762},{"alt":7,"src":761},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/d8328ed03df941d79fba6bea700d361e.jpg",[],{"type":18,"tag":187,"props":764,"children":766},{"code":765},"prediction accuracy after attacking is : 0.052083\nmis-classification rate of adversaries is : 0.947917\nThe average confidence of adversarial class is : 0.803375\nThe average confidence of true class is : 0.042139\nThe average distance (l0, l2, linf) between original samples and adversarial samples are: (1.698870, 0.465888, 0.300000)\nThe average structural similarity between original samples and adversarial samples are: 0.332538\n",[767],{"type":18,"tag":192,"props":768,"children":769},{"__ignoreMap":7},[770],{"type":24,"value":765},{"type":18,"tag":26,"props":772,"children":773},{},[774],{"type":18,"tag":30,"props":775,"children":777},{"alt":7,"src":776},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/6b631aad55464203aac083286adcb79b.jpg",[],{"type":18,"tag":26,"props":779,"children":780},{},[781],{"type":18,"tag":30,"props":782,"children":784},{"alt":7,"src":783},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/9dd38b99894f45f59710d73bc496bd1f.jpg",[],{"type":18,"tag":26,"props":786,"children":787},{},[788],{"type":24,"value":789},"结果如下。",{"type":18,"tag":26,"props":791,"children":792},{},[793],{"type":18,"tag":30,"props":794,"children":796},{"alt":7,"src":795},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/b0cd254b5671435d95c6ae32737335b8.jpg",[],{"type":18,"tag":26,"props":798,"children":799},{},[800],{"type":24,"value":801},"对模型进行FGSM无目标攻击后，模型精度由11%，误分类率高达89%，成功攻击的对抗样本的预测类别的平均置信度（ACAC）为 0.721933，成功攻击的对抗样本的真实类别的平均置信度（ACTC）为 0.05756182，同时给出了生成的对抗样本与原始样本的零范数距离、二范数距离和无穷范数距离，平均每个对抗样本与原始样本间的结构相似性为0.5708779。",{"type":18,"tag":26,"props":803,"children":804},{},[805],{"type":24,"value":806},"对抗性防御",{"type":18,"tag":26,"props":808,"children":809},{},[810],{"type":24,"value":811},"NaturalAdversarialDefense（NAD）是一种简单有效的对抗样本防御方法，使用对抗训练的方式，在模型训练的过程中构建对抗样本，并将对抗样本与原始样本混合，一起训练模型。随着训练次数的增加，模型在训练的过程中提升对于对抗样本的鲁棒性。NAD算法使用FGSM作为攻击算法，构建对抗样本。",{"type":18,"tag":26,"props":813,"children":814},{},[815],{"type":24,"value":816},"防御实现",{"type":18,"tag":26,"props":818,"children":819},{},[820],{"type":24,"value":821},"调用MindArmour提供的NAD防御接口（NaturalAdversarialDefense）。",{"type":18,"tag":187,"props":823,"children":825},{"code":824},"from mindarmour.adv_robustness.defenses import NaturalAdversarialDefense\n\n# defense\nnet.set_train()\nnad = NaturalAdversarialDefense(net, loss_fn=loss, optimizer=opt,\nbounds=(0.0, 1.0), eps=0.3)\nnad.batch_defense(test_inputs, test_labels, batch_size=32, epochs=10)\n\n# get accuracy of test data on defensed model\nnet.set_train(False)\ntest_logits = net(Tensor(test_inputs)).asnumpy()\n\ntmp = np.argmax(test_logits, axis=1) == np.argmax(test_labels, axis=1)\naccuracy = np.mean(tmp)\nLOGGER.info(TAG, 'accuracy of TEST data on defensed model is : %s', accuracy)\n\n# get accuracy of adv data on defensed model\nadv_logits = net(Tensor(adv_data)).asnumpy()\nadv_proba = softmax(adv_logits, axis=1)\ntmp = np.argmax(adv_proba, axis=1) == np.argmax(test_labels, axis=1)\naccuracy_adv = np.mean(tmp)\n\nattack_evaluate = AttackEvaluate(test_inputs.transpose(0, 2, 3, 1),\ntest_labels,\nadv_data.transpose(0, 2, 3, 1),\nadv_proba)\n\nLOGGER.info(TAG, 'accuracy of adv data on defensed model is : %s',\nnp.mean(accuracy_adv))\nLOGGER.info(TAG, 'defense mis-classification rate of adversaries is : %s',\nattack_evaluate.mis_classification_rate())\nLOGGER.info(TAG, 'The average confidence of adversarial class is : %s',\nattack_evaluate.avg_conf_adv_class())\nLOGGER.info(TAG, 'The average confidence of true class is : %s',\nattack_evaluate.avg_conf_true_class())\n",[826],{"type":18,"tag":192,"props":827,"children":828},{"__ignoreMap":7},[829],{"type":24,"value":824},{"type":18,"tag":26,"props":831,"children":832},{},[833],{"type":18,"tag":30,"props":834,"children":836},{"alt":7,"src":835},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/7094e47660be49d1815f7b69d6a2d953.jpg",[],{"type":18,"tag":26,"props":838,"children":839},{},[840],{"type":24,"value":841},"在CPU上跑起来了，我已经听到了风扇的声音！",{"type":18,"tag":26,"props":843,"children":844},{},[845],{"type":24,"value":846},"数秒后，风扇声音降低，准备查看结果。",{"type":18,"tag":26,"props":848,"children":849},{},[850],{"type":24,"value":851},"防御效果",{"type":18,"tag":187,"props":853,"children":855},{"code":854},"accuracy of TEST data on defensed model is : 0.981270\naccuracy of adv data on defensed model is : 0.813602\ndefense mis-classification rate of adversaries is : 0.186398\nThe average confidence of adversarial class is : 0.653031\nThe average confidence of true class is : 0.184980\n",[856],{"type":18,"tag":192,"props":857,"children":858},{"__ignoreMap":7},[859],{"type":24,"value":854},{"type":18,"tag":26,"props":861,"children":862},{},[863],{"type":24,"value":864},"使用NAD进行对抗样本防御后，模型对于对抗样本的误分类率降至18%，模型有效地防御了对抗样本。同时，模型对于原来测试数据集的分类精度达98%。",{"type":18,"tag":26,"props":866,"children":867},{},[868],{"type":24,"value":869},"与官网数据对比：",{"type":18,"tag":187,"props":871,"children":873},{"code":872},"accuracy of TEST data on defensed model is : 0.974259\naccuracy of adv data on defensed model is : 0.856370\ndefense mis-classification rate of adversaries is : 0.143629\nThe average confidence of adversarial class is : 0.616670\nThe average confidence of true class is : 0.177374\n",[874],{"type":18,"tag":192,"props":875,"children":876},{"__ignoreMap":7},[877],{"type":24,"value":872},{"type":18,"tag":26,"props":879,"children":880},{},[881],{"type":24,"value":882},"使用NAD进行对抗样本防御后，模型对于对抗样本的误分类率从95%降至14%，模型有效地防御了对抗样本。同时，模型对于原来测试数据集的分类精度达97%。",{"type":18,"tag":26,"props":884,"children":885},{},[886],{"type":18,"tag":30,"props":887,"children":889},{"alt":7,"src":888},"https://obs-mindspore-file.obs.cn-north-4.myhuaweicloud.com/file/2021/12/13/e6203089eb884737b1e2ed35c0d754ad.jpg",[],{"type":18,"tag":26,"props":891,"children":892},{},[893],{"type":18,"tag":40,"props":894,"children":895},{},[896],{"type":24,"value":897},"开源代码",{"type":18,"tag":26,"props":899,"children":900},{},[901],{"type":24,"value":902},"亲爱的朋友，我已将本文中MindArmour的实操代码开源到gitee，代码已经在CPU上调试通过，欢迎大家下载使用，亲手调试后会有更加深入的理解。",{"type":18,"tag":26,"props":904,"children":905},{},[906],{"type":18,"tag":40,"props":907,"children":908},{},[909,911],{"type":24,"value":910},"链接：",{"type":18,"tag":73,"props":912,"children":915},{"href":913,"rel":914},"https://gitee.com/qmckw/mindspore-armour",[77],[916],{"type":24,"value":913},{"title":7,"searchDepth":918,"depth":918,"links":919},4,[],"markdown","content:technology-blogs:zh:834.md","content","technology-blogs/zh/834.md","technology-blogs/zh/834","md",1776506141827]