def train_target_model(dataset, epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7,
n_hidden=50, model='nn', save=True, DATA_PATH = './data/', MODEL_PATH = './model/'):
train_x, train_y, test_x, test_y = dataset
output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate,
batch_size=batch_size, model=model, l2_ratio=l2_ratio)
# test data for attack model
attack_x, attack_y = [], []
input_var = T.matrix('x')
prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True)
prob_fn = theano.function([input_var], prob)
# data used in training, label is 1
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.ones(batch_size))
# data not used in training, label is 0
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.zeros(batch_size))
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
if save:
np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y)
np.savez(MODEL_PATH + 'target_model.npz', *lasagne.layers.get_all_param_values(output_layer))
classes = np.concatenate([train_y, test_y])
return attack_x, attack_y, classes
def train_target_model(dataset, name,epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7,
n_hidden=50, model='nn', save=True):
print("deeplearning.py -- train_target_model")
returnDouble=True
train_x, train_y, test_x, test_y = dataset
print("begin traning:")
output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate,
batch_size=batch_size, model=model, l2_ratio=l2_ratio)
# test data for attack model
attack_x, attack_y = [], []
isCorrect = []
if model=='cnn' or model=='Droppcnn'or model=='Droppcnn2' :
input_var = T.tensor4('x')
elif model=='cnn2':
input_var = T.tensor4('x')
else:
input_var = T.matrix('x')
prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True)
prob_fn = theano.function([input_var], prob)
# data used in training, label is 1
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
predicted = np.argmax(prob_fn(batch[0]), axis=1)
isCorrect.append((batch[1] == predicted).astype('float32'))
attack_y.append(np.zeros(len(batch[0])))
# data not used in training, label is 0
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
predicted = np.argmax(prob_fn(batch[0]), axis=1)
isCorrect.append((batch[1] == predicted).astype('float32'))
attack_y.append(np.ones(len(batch[0])))
#print len(attack_y)
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
isCorrect = np.concatenate(isCorrect)
#print('total length ' + str(sum(attack_y)))
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
if save:
np.savez(MODEL_PATH + 'attack_test_data'+str(name)+'.npz', attack_x)
np.savez(MODEL_PATH + 'attack_test_label'+str(name)+'.npz', attack_y)
np.savez(MODEL_PATH + 'target_model'+str(name)+'.npz', *lasagne.layers.get_all_param_values(output_layer))
classes = np.concatenate([train_y, test_y])
if(returnDouble):
return attack_x, attack_y, output_layer,prob_fn
else:
return attack_x, attack_y, output_layer
def train_shadow_models(n_hidden=50,
epochs=100,
n_shadow=20,
learning_rate=0.05,
batch_size=100,
l2_ratio=1e-7,
model='nn',
save=True):
# for getting probabilities
input_var = T.matrix('x')
# for attack model
attack_x, attack_y = [], []
classes = []
for i in range(n_shadow):
print('Training shadow model {}'.format(i))
data = load_data('shadow{}_data.npz'.format(i))
train_x, train_y, test_x, test_y = data
# train model
output_layer = train_model(data,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio)
prob = lasagne.layers.get_output(output_layer,
input_var,
deterministic=True)
prob_fn = theano.function([input_var], prob)
print('Gather training data for attack model')
attack_i_x, attack_i_y = [], []
# data used in training, label is 1
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_i_x.append(prob_fn(batch[0]))
attack_i_y.append(np.ones(batch_size))
# data not used in training, label is 0
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_i_x.append(prob_fn(batch[0]))
attack_i_y.append(np.zeros(batch_size))
attack_x += attack_i_x
attack_y += attack_i_y
classes.append(np.concatenate([train_y, test_y]))
# print("22222", len(np.unique(train_y)), len(np.unique(test_y)))
# input()
# train data for attack model
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
classes = np.concatenate(classes)
if save:
np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y)
return attack_x, attack_y, classes
def train_target_model(dataset,epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7,
n_hidden=50, model='nn'):
train_x, train_y, test_x, test_y = dataset
output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate,
batch_size=batch_size, model=model, l2_ratio=l2_ratio)
# test data for attack model
attack_x, attack_y = [], []
if model=='cnn':
#Dimension for CIFAR-10
input_var = T.tensor4('x')
else:
#Dimension for News
input_var = T.matrix('x')
prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True)
prob_fn = theano.function([input_var], prob)
# data used in training, label is 1
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.ones(len(batch[0])))
# data not used in training, label is 0
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.zeros(len(batch[0])))
#print len(attack_y)
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
#print('total length ' + str(sum(attack_y)))
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
return attack_x, attack_y, output_layer
def train_target_model(epochs=100,
batch_size=100,
learning_rate=0.01,
l2_ratio=1e-7,
n_hidden=50,
model='nn',
save=True,
ratio=0):
print '-' * 10 + 'TRAIN TARGET' + '-' * 10 + '\n'
dataset = load_data('target_data.npz')
train_x, train_y, test_x, test_y = dataset
num_sample = train_x.shape[0]
if ratio > 0:
index = random.sample(range(num_sample), int(ratio * num_sample))
index.sort()
mask = np.random.choice([0, 1],
size=train_x.shape[-1:],
p=[2. / 3, 1. / 3])
for i in index:
train_x[i] = np.clip(
train_x[i] + np.multiply(
mask, np.random.normal(scale=0.3,
size=train_x.shape[-1:])), 0, 1)
output_layer = train_model(dataset,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio)
attack_x, attack_y = [], []
dataset = load_data('target_data.npz')
train_x, train_y, test_x, test_y = dataset
if model == 'cnn':
train_x = np.dstack(
(train_x[:, :1024], train_x[:, 1024:2048], train_x[:, 2048:]))
train_x = train_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
test_x = np.dstack(
(test_x[:, :1024], test_x[:, 1024:2048], test_x[:, 2048:]))
test_x = test_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
input_var = T.tensor4('x')
else:
input_var = T.matrix('x')
prob = lasagne.layers.get_output(output_layer,
input_var,
deterministic=True)
prob_fn = theano.function([input_var], prob)
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.ones(batch_size))
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_x.append(prob_fn(batch[0]))
attack_y.append(np.zeros(batch_size))
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
classes = np.concatenate([train_y, test_y])
if save:
np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y)
np.savez(MODEL_PATH + 'target_model.npz',
*lasagne.layers.get_all_param_values(output_layer))
np.savez(MODEL_PATH + 'attack_test_class.npz', classes)
return attack_x, attack_y, classes
def train_shadow_models(n_hidden=50,
epochs=100,
n_shadow=20,
learning_rate=0.05,
batch_size=100,
l2_ratio=1e-7,
model='nn',
save=True):
print '-' * 10 + 'TRAIN SHADOW' + '-' * 10 + '\n'
if model == 'cnn':
input_var = T.tensor4('x')
else:
input_var = T.matrix('x')
attack_x, attack_y = [], []
classes = []
for i in xrange(n_shadow):
print 'Training shadow model {}'.format(i)
data = load_data('shadow{}_data.npz'.format(i))
train_x, train_y, test_x, test_y = data
# train model
output_layer = train_model(data,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio)
if model == 'cnn':
train_x = np.dstack(
(train_x[:, :1024], train_x[:, 1024:2048], train_x[:, 2048:]))
train_x = train_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
test_x = np.dstack(
(test_x[:, :1024], test_x[:, 1024:2048], test_x[:, 2048:]))
test_x = test_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
prob = lasagne.layers.get_output(output_layer,
input_var,
deterministic=True)
prob_fn = theano.function([input_var], prob)
if save:
np.savez(MODEL_PATH + 'shadow' + str(i) + '_model.npz',
*lasagne.layers.get_all_param_values(output_layer))
print 'Gather training data for attack model'
attack_i_x, attack_i_y = [], []
# data used in training, label is 1
for batch in iterate_minibatches(train_x, train_y, batch_size, False):
attack_i_x.append(prob_fn(batch[0]))
attack_i_y.append(np.ones(batch_size))
# data not used in training, label is 0
for batch in iterate_minibatches(test_x, test_y, batch_size, False):
attack_i_x.append(prob_fn(batch[0]))
attack_i_y.append(np.zeros(batch_size))
attack_x += attack_i_x
attack_y += attack_i_y
classes.append(np.concatenate([train_y, test_y]))
# train data for attack model
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
classes = np.concatenate(classes)
if save:
np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y)
np.savez(MODEL_PATH + 'attack_train_class.npz', classes)
return attack_x, attack_y, classes
