Spaces:

lucasddmc
/

ViTViz

Sleeping

App Files Files Community

lucasddmc commited on Nov 20, 2025

Commit

7aad02c

1 Parent(s): 641929c

feat: adds MIM attack

Browse files

Files changed (2) hide show

app.py +10 -3
utils/attacks.py +91 -0

app.py CHANGED Viewed

@@ -6,7 +6,7 @@ from typing import Optional, List, Tuple
 from utils.model_loader import load_model_and_labels
 from utils.preprocessing import get_default_transform, preprocess_image
 from utils.inference import predict_topk
-from utils.attacks import PGDIterations, FGSM, SAGA
 from utils.visualization import extract_attention_maps, attention_rollout, create_attention_overlay, extract_attention_for_iterations, create_iteration_attention_overlays
 DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")
@@ -224,6 +224,8 @@ def run_attack(
         # Configurar ataque baseado no tipo selecionado
         if attack_type == "FGSM":
             attack = FGSM(model, eps=eps)
         elif attack_type == "SAGA":
             attack = SAGA(model, eps=eps, steps=steps)
         else:  # PGD
@@ -275,6 +277,11 @@ def run_attack(
         if attack_type == "PGD":
             result += f"- Alpha (α): {alpha:.4f}\n"
             result += f"- Steps: {steps}\n"
         elif attack_type == "SAGA":
             result += f"- Steps: {steps}\n"
             result += f"- Gradiente ponderado por atenção (ViT-specific)\n"
@@ -375,10 +382,10 @@ def create_app():
                         gr.Markdown("#### ⚔️ Configuração do Ataque")
                         attack_type = gr.Dropdown(
-                            choices=["PGD", "FGSM", "SAGA"],
                             value="PGD",
                             label="Tipo de Ataque",
-                            info="PGD: iterativo | FGSM: single-step | SAGA: gradient × attention (ViT-specific)"
                         )
                         eps_input = gr.Slider(

 from utils.model_loader import load_model_and_labels
 from utils.preprocessing import get_default_transform, preprocess_image
 from utils.inference import predict_topk
+from utils.attacks import PGDIterations, FGSM, SAGA, MIFGSM
 from utils.visualization import extract_attention_maps, attention_rollout, create_attention_overlay, extract_attention_for_iterations, create_iteration_attention_overlays
 DEVICE = torch.device("cuda" if torch.cuda.is_available() else "cpu")
         # Configurar ataque baseado no tipo selecionado
         if attack_type == "FGSM":
             attack = FGSM(model, eps=eps)
+        elif attack_type == "MIFGSM":
+            attack = MIFGSM(model, eps=eps, alpha=alpha, steps=steps, decay=1.0)
         elif attack_type == "SAGA":
             attack = SAGA(model, eps=eps, steps=steps)
         else:  # PGD
         if attack_type == "PGD":
             result += f"- Alpha (α): {alpha:.4f}\n"
             result += f"- Steps: {steps}\n"
+        elif attack_type == "MIFGSM":
+            result += f"- Alpha (α): {alpha:.4f}\n"
+            result += f"- Steps: {steps}\n"
+            result += f"- Momentum decay: 1.0\n"
+            result += f"- Gradiente normalizado com acumulação de momentum\n"
         elif attack_type == "SAGA":
             result += f"- Steps: {steps}\n"
             result += f"- Gradiente ponderado por atenção (ViT-specific)\n"
                         gr.Markdown("#### ⚔️ Configuração do Ataque")
                         attack_type = gr.Dropdown(
+                            choices=["PGD", "FGSM", "MIFGSM", "SAGA"],
                             value="PGD",
                             label="Tipo de Ataque",
+                            info="PGD: iterativo | FGSM: single-step | MIFGSM: momentum | SAGA: gradient × attention"
                         )
                         eps_input = gr.Slider(

utils/attacks.py CHANGED Viewed

@@ -317,4 +317,95 @@ class SAGA(torch.nn.Module):
         # Retornar normalizado
         adv_images = (adv_images_denorm - mean) / std
         return adv_images, self.iteration_images

         # Retornar normalizado
         adv_images = (adv_images_denorm - mean) / std
+        return adv_images, self.iteration_images
+class MIFGSM(torchattacks.MIFGSM):
+    """
+    MI-FGSM: Momentum Iterative Fast Gradient Sign Method
+    Extensão do ataque MIFGSM que captura imagens e atenção de cada iteração.
+    Usa momentum para estabilizar direção do gradiente e melhorar transferabilidade.
+    Paper: "Boosting Adversarial Attacks with Momentum" (2017)
+    https://arxiv.org/abs/1710.06081
+    """
+    def __init__(self, model, eps=8/255, alpha=2/255, steps=10, decay=1.0):
+        super().__init__(model, eps=eps, alpha=alpha, steps=steps, decay=decay)
+        self.iteration_images: List[Image.Image] = []
+        self.iteration_tensors: List[torch.Tensor] = []
+    def forward(self, images, labels) -> Tuple[torch.Tensor, List[Image.Image]]:
+        """
+        Executa o ataque MI-FGSM e retorna:
+        - adv_images: tensor adversarial final
+        - iteration_images: lista de PIL Images (uma por iteração)
+        Implementação adaptada para trabalhar com imagens normalizadas ImageNet
+        e capturar todas as iterações.
+        """
+        images = images.clone().detach().to(self.device)
+        labels = labels.clone().detach().to(self.device)
+        if self.targeted:
+            target_labels = self.get_target_label(images, labels)
+        loss = torch.nn.CrossEntropyLoss()
+        # Desnormalizar para aplicar eps e clipping no espaço correto [0,1]
+        mean = torch.tensor([0.485, 0.456, 0.406]).view(1, 3, 1, 1).to(self.device)
+        std = torch.tensor([0.229, 0.224, 0.225]).view(1, 3, 1, 1).to(self.device)
+        images_denorm = images * std + mean
+        adv_images_denorm = images_denorm.clone().detach()
+        # Inicializar momentum
+        momentum = torch.zeros_like(images).detach().to(self.device)
+        self.iteration_images = []
+        self.iteration_tensors = []
+        # Salvar iteração 0 (imagem original)
+        pil_img_orig = tensor_to_pil(images_denorm[0], denormalize=False)
+        self.iteration_images.append(pil_img_orig)
+        self.iteration_tensors.append(images.clone().detach())
+        for _ in range(self.steps):
+            # Normalizar para passar pelo modelo
+            adv_images = (adv_images_denorm - mean) / std
+            adv_images.requires_grad = True
+            outputs = self.get_logits(adv_images)
+            # Calcular loss
+            if self.targeted:
+                cost = -loss(outputs, target_labels)
+            else:
+                cost = loss(outputs, labels)
+            # Calcular gradiente
+            grad = torch.autograd.grad(cost, adv_images,
+                                       retain_graph=False, create_graph=False)[0]
+            # Normalizar gradiente (chave do MI-FGSM!)
+            grad = grad / torch.mean(torch.abs(grad), dim=(1, 2, 3), keepdim=True)
+            # Aplicar momentum
+            grad = grad + momentum * self.decay
+            momentum = grad
+            # Voltar para espaço desnormalizado para aplicar perturbação
+            adv_images_denorm = adv_images_denorm.detach() + self.alpha * grad.sign() * std
+            delta = torch.clamp(adv_images_denorm - images_denorm, min=-self.eps, max=self.eps)
+            adv_images_denorm = torch.clamp(images_denorm + delta, min=0, max=1).detach()
+            # Normalizar para salvar tensor
+            adv_images_normalized = (adv_images_denorm - mean) / std
+            # Capturar imagem e tensor desta iteração
+            pil_img = tensor_to_pil(adv_images_denorm[0], denormalize=False)
+            self.iteration_images.append(pil_img)
+            self.iteration_tensors.append(adv_images_normalized.clone().detach())
+        # Retornar imagem normalizada para o modelo
+        adv_images = (adv_images_denorm - mean) / std
         return adv_images, self.iteration_images