Example #1
0
def train_attack_model(classes,
                       dataset=None,
                       n_hidden=50,
                       learning_rate=0.01,
                       batch_size=200,
                       epochs=50,
                       model='nn',
                       l2_ratio=1e-7):
    if dataset is None:
        dataset = load_attack_data()

    train_x, train_y, test_x, test_y = dataset

    train_classes, test_classes = classes
    train_indices = np.arange(len(train_x))
    test_indices = np.arange(len(test_x))
    unique_classes = np.unique(train_classes)

    true_y = []
    pred_y = []
    pred_scores = []
    true_x = []
    for c in unique_classes:
        #print('Training attack model for class {}...'.format(c))
        c_train_indices = train_indices[train_classes == c]
        c_train_x, c_train_y = train_x[c_train_indices], train_y[
            c_train_indices]
        c_test_indices = test_indices[test_classes == c]
        c_test_x, c_test_y = test_x[c_test_indices], test_y[c_test_indices]
        c_dataset = (c_train_x, c_train_y, c_test_x, c_test_y)
        _, c_pred_y, c_pred_scores, _, _, _ = train_model(
            c_dataset,
            n_hidden=n_hidden,
            epochs=epochs,
            learning_rate=learning_rate,
            batch_size=batch_size,
            model=model,
            l2_ratio=l2_ratio,
            non_linearity='relu')
        true_y.append(c_test_y)
        pred_y.append(c_pred_y)
        true_x.append(c_test_x)
        pred_scores.append(c_pred_scores)

    print('-' * 10 + 'FINAL EVALUATION' + '-' * 10 + '\n')
    true_y = np.concatenate(true_y)
    pred_y = np.concatenate(pred_y)
    true_x = np.concatenate(true_x)
    pred_scores = np.concatenate(pred_scores)
    #print('Testing Accuracy: {}'.format(accuracy_score(true_y, pred_y)))
    #print(classification_report(true_y, pred_y))
    fpr, tpr, thresholds = roc_curve(true_y, pred_y, pos_label=1)
    print(fpr, tpr, tpr - fpr)
    attack_adv = tpr[1] - fpr[1]
    #plt.plot(fpr, tpr)

    # membership
    fpr, tpr, thresholds = roc_curve(true_y, pred_scores[:, 1], pos_label=1)
    #plt.plot(fpr, tpr)
    # non-membership
    fpr, tpr, thresholds = roc_curve(true_y, pred_scores[:, 0], pos_label=0)
    #plt.show()

    #FILE_SUFFIX = '_nn_rdp_1000_0.npz'
    #np.save(DATA_PATH + 'true_x' + FILE_SUFFIX, true_x)
    #np.save(DATA_PATH + 'true_y' + FILE_SUFFIX, true_y)
    #np.save(DATA_PATH + 'pred_scores' + FILE_SUFFIX, pred_scores)
    return attack_adv, pred_scores
Example #2
0
def train_target_model(dataset,
                       epochs=100,
                       batch_size=100,
                       learning_rate=0.01,
                       l2_ratio=1e-7,
                       n_hidden=50,
                       model='nn',
                       save=True,
                       privacy='no_privacy',
                       dp='dp',
                       epsilon=0.5,
                       delta=1e-5):
    train_x, train_y, test_x, test_y = dataset

    classifier, _, _, train_loss, train_acc, test_acc = train_model(
        dataset,
        n_hidden=n_hidden,
        epochs=epochs,
        learning_rate=learning_rate,
        batch_size=batch_size,
        model=model,
        l2_ratio=l2_ratio,
        silent=False,
        privacy=privacy,
        dp=dp,
        epsilon=epsilon,
        delta=delta)
    # test data for attack model
    attack_x, attack_y = [], []

    # data used in training, label is 1
    pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': train_x},
                                                       num_epochs=1,
                                                       shuffle=False)

    predictions = classifier.predict(input_fn=pred_input_fn)
    _, pred_scores = get_predictions(predictions)

    attack_x.append(pred_scores)
    attack_y.append(np.ones(train_x.shape[0]))

    # data not used in training, label is 0
    pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': test_x},
                                                       num_epochs=1,
                                                       shuffle=False)

    predictions = classifier.predict(input_fn=pred_input_fn)
    _, pred_scores = get_predictions(predictions)

    attack_x.append(pred_scores)
    attack_y.append(np.zeros(test_x.shape[0]))

    attack_x = np.vstack(attack_x)
    attack_y = np.concatenate(attack_y)
    attack_x = attack_x.astype('float32')
    attack_y = attack_y.astype('int32')

    if save:
        np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y)
        np.savez(MODEL_PATH + 'target_model.npz',
                 *lasagne.layers.get_all_param_values(output_layer))

    classes = np.concatenate([train_y, test_y])
    return attack_x, attack_y, classes, train_loss, classifier, train_acc, test_acc
Example #3
0
def train_shadow_models(n_hidden=50,
                        epochs=100,
                        n_shadow=20,
                        learning_rate=0.05,
                        batch_size=100,
                        l2_ratio=1e-7,
                        model='nn',
                        save=True):
    # for attack model
    attack_x, attack_y = [], []
    classes = []
    for i in range(n_shadow):
        #print('Training shadow model {}'.format(i))
        data = load_data('shadow{}_data.npz'.format(i))
        train_x, train_y, test_x, test_y = data

        # train model
        classifier, _, _, _, _, _ = train_model(data,
                                                n_hidden=n_hidden,
                                                epochs=epochs,
                                                learning_rate=learning_rate,
                                                batch_size=batch_size,
                                                model=model,
                                                l2_ratio=l2_ratio)
        #print('Gather training data for attack model')
        attack_i_x, attack_i_y = [], []

        # data used in training, label is 1
        pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': train_x},
                                                           num_epochs=1,
                                                           shuffle=False)

        predictions = classifier.predict(input_fn=pred_input_fn)
        _, pred_scores = get_predictions(predictions)

        attack_i_x.append(pred_scores)
        attack_i_y.append(np.ones(train_x.shape[0]))

        # data not used in training, label is 0
        pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': test_x},
                                                           num_epochs=1,
                                                           shuffle=False)

        predictions = classifier.predict(input_fn=pred_input_fn)
        _, pred_scores = get_predictions(predictions)

        attack_i_x.append(pred_scores)
        attack_i_y.append(np.zeros(test_x.shape[0]))

        attack_x += attack_i_x
        attack_y += attack_i_y
        classes.append(np.concatenate([train_y, test_y]))
    # train data for attack model
    attack_x = np.vstack(attack_x)
    attack_y = np.concatenate(attack_y)
    attack_x = attack_x.astype('float32')
    attack_y = attack_y.astype('int32')
    classes = np.concatenate(classes)
    if save:
        np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y)

    return attack_x, attack_y, classes