def main():
dataset = load_cifar.load_cifar(n_train=N_TRAIN, n_test=N_TEST,
grayscale=GRAYSCALE, shuffle=False)
train_data = dataset['train_data']
train_labels = dataset['train_labels']
test_data = dataset['test_data']
test_labels = dataset['test_labels']
print train_data.shape, test_data.shape
patch_extractor = image.PatchExtractor(patch_size=(PATCH_SIZE, PATCH_SIZE),
max_patches = N_PATCHES/
len(train_data))
pp = preprocessing.Preprocessor(n_components=0.99)
fl = feature_learner.FeatureLearner(pp, patch_extractor, n_clusters=N_CENTROIDS)
fl.fit(train_data)
train = fl.transform(train_data)
m_train = mean(train, axis=0)
train -= m_train
v_train = sqrt(var(train, axis=0) + 0.01)
train /= v_train
test = fl.transform(test_data)
test -= m_train
test /= v_train
classifier = SVC(C=10.0)#, gamma=1e-3, verbose=False)
classifier.fit(train, train_labels)
print classifier.score(test, test_labels)
return
def test_lsb_acc(res_n=5, bits=16, n_data=1000):
param_values = load_params(NO, res_n)
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
X_test = np.dstack((X_test[:, :1024], X_test[:, 1024:2048], X_test[:,
2048:]))
X_test = X_test.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
input_shape = (None, 3, X_train.shape[2], X_train.shape[3])
n_out = len(np.unique(y_train))
input_var = T.tensor4('x')
target_var = T.ivector('targets')
_, _, X_test = reshape_data(X_train, y_train, X_test)
network = build_resnet(input_var=input_var,
classes=n_out,
input_shape=input_shape,
n=res_n)
lasagne.layers.set_all_param_values(network, param_values)
if bits:
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
total_params = lasagne.layers.count_params(network)
# get vector of values whose LSBs are compressed and encrypted data
lsb_params = compress_image(raw_data[:n_data], total_params, bits)
lsb_params = convert_bits_to_params(
lsb_params, lasagne.layers.get_all_params(network))
print('Writing lower {} bits of parameters...\n'.format(bits))
mask_fn = mask_param_lsb(lasagne.layers.get_all_params(network),
lsb_params,
bits=bits)
else:
mask_fn = lambda: None
test_prediction = lasagne.layers.get_output(network, deterministic=True)
test_acc = T.sum(T.eq(T.argmax(test_prediction, axis=1), target_var),
dtype=theano.config.floatX)
val_fn = theano.function([input_var, target_var], test_acc)
# After training, we compute and sys.stderr.write the test error:
mask_fn()
test_acc = 0
test_batches = 0
for batch in iterate_minibatches(X_test, y_test, 500, shuffle=False):
inputs, targets = batch
acc = val_fn(inputs, targets)
test_acc += acc
test_batches += 1
final_acc = test_acc / test_batches / 500 * 100
print "LSB {} test accuracy:\t\t{:.2f} %\n".format(bits, final_acc)
def load_data(name='cifar10'):
if name == 'cifar10':
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
X_test = np.dstack(
(X_test[:, :1024], X_test[:, 1024:2048], X_test[:, 2048:]))
X_test = X_test.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
return X_train, y_train, X_test, y_test
if name == 'olivetti':
X_train, y_train, X_test, y_test = load_olivetti()
return X_train, y_train, X_test, y_test
def test_sgn_reconstruction(res_n=5, cr=None):
# evaluate sign encoding attack
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
hidden_data_dim = np.prod(X_train.shape[2:])
# read parameter values
param_values = load_params(SGN, res_n=res_n, hp=cr)
params = np.concatenate([p.flatten() for p in param_values if p.ndim > 1])
total_params = len(params)
print total_params
n_hidden_data = total_params / int(hidden_data_dim) / 8
print n_hidden_data
# get the signs as bits
bits = np.sign(params[:n_hidden_data * int(hidden_data_dim) * 8])
bits[bits == -1] = 0
bits = bits.astype(np.uint8)
imgs = np.packbits(bits.reshape(-1, 8)).reshape(n_hidden_data,
X_train.shape[2],
X_train.shape[3])
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
targets = raw_data[:n_hidden_data]
img_dir = IMG_DIR + 'sgn_cifar_{}/'.format(cr)
if not os.path.exists(img_dir):
os.mkdir(img_dir)
err, sim = 0., 0.
for i, img in enumerate(imgs):
img_name = img_dir + 'cifar_res{}_{}.png'.format(res_n, i)
img = img.astype(np.uint8)
cv2.imwrite(img_name, img)
e, s = image_metrics(img, targets[i].astype(np.uint8))
err += e
sim += s
print err / n_hidden_data, sim / n_hidden_data
def test_cor_reconstruction(res_n=5, cr=None):
# evaluate correlation encoding attack
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
hidden_data_dim = np.prod(X_train.shape[2:])
# read parameter values
param_values = load_params(COR, res_n=res_n, hp=cr)
params = np.concatenate([p.flatten() for p in param_values if p.ndim > 1])
total_params = len(params)
n_hidden_data = total_params / int(hidden_data_dim)
if len(params) < n_hidden_data * hidden_data_dim:
n_hidden_data -= 1
cor_params = params[:n_hidden_data * hidden_data_dim].reshape(
n_hidden_data, X_train.shape[2], X_train.shape[3])
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
targets = raw_data[:n_hidden_data]
img_dir = IMG_DIR + 'cor_cifar_{}/'.format(cr)
if not os.path.exists(img_dir):
os.mkdir(img_dir)
err, sim = 0., 0.
for i, img in enumerate(cor_params):
img_name = img_dir + 'cifar_res{}_{}.png'.format(res_n, i)
# transform correlated parameters back to input space
img = normalize(img)
img = (img * 255).astype(np.uint8)
cv2.imwrite(img_name, img)
e1, s1 = image_metrics(img, targets[i].astype(np.uint8))
# some times we get negatively correlated values, invert it
img = np.asarray(ImageOps.invert(Image.fromarray(img)))
e2, s2 = image_metrics(img, targets[i].astype(np.uint8))
err += min([e1, e2])
sim += max([s1, s2])
print err / n_hidden_data, sim / n_hidden_data
def __init__(self, gen_dims=100, label_index=0):
self.samples = []
self.losses = []
self.gen_dims = gen_dims
self.weights = []
self.label_index = label_index
x_train, y_train, x_test, y_test = load_cifar(10)
x_train = x_train.reshape((-1, 3, 32, 32)).transpose((0, 2, 3, 1))
x_test = x_test.reshape((-1, 3, 32, 32)).transpose((0, 2, 3, 1))
x_train = np.concatenate((x_train, x_test), axis=0)
y_train = np.concatenate((y_train, y_test), axis=0)
index_train = [
i for i in range(y_train.shape[0]) if (y_train[i] != label_index)
]
self.training_set = np.delete(x_train, index_train, 0)
def main():
dataset = load_cifar.load_cifar(n_train=N_TRAIN, n_test=N_TEST,
grayscale=GRAYSCALE, shuffle=True)
train_data = dataset['train_data']
train_labels = dataset['train_labels']
test_data = dataset['test_data']
test_labels = dataset['test_labels']
fl = feature_learner.FeatureLearner(dictionary_size=N_CENTROIDS,
whiten=WHITEN, n_components=0.99, stride=STRIDE, patch_size=PATCH_SIZE, grayscale=GRAYSCALE, normalize=False)
patch_extractor = image.PatchExtractor(patch_size=(PATCH_SIZE, PATCH_SIZE),
max_patches = N_PATCHES/
len(train_data))
patches = patch_extractor.transform(util.reshape_images(train_data))
patches = patches.reshape(len(patches), -1)
#nm = Normalizer()
#patches = nm.fit_transform(patches)
fl.fit(patches)
ims = fl.transform(train_data)
im_mean = ims.mean()
im_std = sqrt(ims.var() + 0.01)
ims -= im_mean
ims /= im_std
nm = Normalizer()
#ims = nm.fit_transform(ims)
svm = SVC(C=1000, gamma= 0.01, verbose=True)
svm.fit(ims, train_labels)
ls = fl.transform(test_data)
ls -= im_mean
ls /= im_std
#ls = nm.transform(ls)
print svm.predict(ls)
print svm.score(ls, test_labels)
fl.view_dictionary()
def main(num_epochs=500,
lr=0.1,
attack=CAP,
res_n=5,
corr_ratio=0.0,
mal_p=0.1):
# training script modified from
# https://github.com/Lasagne/Recipes/blob/master/papers/deep_residual_learning/Deep_Residual_Learning_CIFAR-10.py
pprint.pprint(locals(), stream=sys.stderr)
# Load the dataset
sys.stderr.write("Loading data...\n")
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
X_test = np.dstack((X_test[:, :1024], X_test[:, 1024:2048], X_test[:,
2048:]))
X_test = X_test.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
mal_n = int(mal_p * len(X_train) * 2)
n_out = len(np.unique(y_train))
if attack in {SGN, COR}:
# get the gray-scaled data to be encoded
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
sys.stderr.write('Raw data shape {}\n'.format(raw_data.shape))
hidden_data_dim = np.prod(raw_data.shape[1:])
elif attack == CAP:
hidden_data_dim = int(np.prod(X_train.shape[2:]))
mal_n /= hidden_data_dim
if mal_n == 0:
mal_n = 1
X_mal, y_mal, mal_n = mal_data_synthesis(X_train, num_targets=mal_n)
sys.stderr.write('Number of encoded image: {}\n'.format(mal_n))
sys.stderr.write('Number of synthesized data: {}\n'.format(len(X_mal)))
input_shape = (None, 3, X_train.shape[2], X_train.shape[3])
X_train, y_train, X_test = reshape_data(X_train, y_train, X_test)
X_val, y_val = X_test, y_test
# Prepare Theano variables for inputs and targets
input_var = T.tensor4('inputs')
target_var = T.ivector('targets')
if attack == CAP:
X_train_mal = np.vstack([X_train, X_mal])
y_train_mal = np.concatenate([y_train, y_mal])
n = len(X_train)
sys.stderr.write("Number of training data, output: {}, {}...\n".format(
n, n_out))
# Create neural network model (depending on first command line parameter)
sys.stderr.write("Building model and compiling functions...\n")
network = build_resnet(input_var=input_var,
classes=n_out,
input_shape=input_shape,
n=res_n)
params = lasagne.layers.get_all_params(network, trainable=True)
total_params = lasagne.layers.count_params(network, trainable=True)
sys.stderr.write("Number of parameters in model: %d\n" % total_params)
if attack == COR:
n_hidden_data = total_params / int(hidden_data_dim)
sys.stderr.write("Number of data correlated: %d\n" % n_hidden_data)
corr_targets = raw_data[:n_hidden_data].flatten()
corr_targets = theano.shared(corr_targets)
offset = set_params_init(params, corr_targets)
corr_loss, r = corr_term(params, corr_targets, size=offset)
elif attack == SGN:
n_hidden_data = total_params / int(hidden_data_dim) / 8
sys.stderr.write("Number of data sign-encoded: %d\n" % n_hidden_data)
corr_targets = get_binary_secret(raw_data[:n_hidden_data])
corr_targets = theano.shared(corr_targets)
offset = set_params_init(params, corr_targets)
corr_loss, r = sign_term(params, corr_targets, size=offset)
else:
r = T.constant(0., dtype=np.float32)
# Create a loss expression for training, i.e., a scalar objective we want
# to minimize (for our multi-class problem, it is the cross-entropy loss):
prediction = lasagne.layers.get_output(network)
loss = lasagne.objectives.categorical_crossentropy(prediction, target_var)
loss = loss.mean()
# We could add some weight decay as well here, see lasagne.regularization.
all_layers = lasagne.layers.get_all_layers(network)
l2_penalty = lasagne.regularization.regularize_layer_params(
all_layers, lasagne.regularization.l2) * 0.0001
loss += l2_penalty
# add malicious term to loss function
if attack in {SGN, COR}:
corr_loss *= corr_ratio
loss += corr_loss
# save init
sh_lr = theano.shared(lasagne.utils.floatX(lr))
updates = lasagne.updates.nesterov_momentum(loss,
params,
learning_rate=sh_lr)
test_prediction = lasagne.layers.get_output(network, deterministic=True)
test_loss = lasagne.objectives.categorical_crossentropy(
test_prediction, target_var)
test_loss = test_loss.mean()
# As a bonus, also create an expression for the classification accuracy:
if target_var.ndim == 1:
train_acc = T.sum(T.eq(T.argmax(prediction, axis=1), target_var),
dtype=theano.config.floatX)
test_acc = T.sum(T.eq(T.argmax(test_prediction, axis=1), target_var),
dtype=theano.config.floatX)
else:
train_acc = T.sum(T.eq(T.argmax(prediction, axis=1),
T.argmax(target_var, axis=1)),
dtype=theano.config.floatX)
test_acc = T.sum(T.eq(T.argmax(test_prediction, axis=1),
T.argmax(target_var, axis=1)),
dtype=theano.config.floatX)
train_fn = theano.function([input_var, target_var], [loss, train_acc],
updates=updates)
val_fn = theano.function([input_var, target_var], [test_loss, test_acc])
# Finally, launch the training loop.
sys.stderr.write("Starting training...\n")
# We iterate over epochs:
for epoch in range(num_epochs):
# shuffle training data
train_indices = np.arange(n)
np.random.shuffle(train_indices)
X_train = X_train[train_indices, :, :, :]
y_train = y_train[train_indices]
# In each epoch, we do a full pass over the training data:
train_err = 0
train_batches = 0
start_time = time.time()
train_acc = 0
for batch in iterate_minibatches(X_train,
y_train,
128,
shuffle=True,
augment=True):
inputs, targets = batch
err, acc = train_fn(inputs, targets)
train_acc += acc
train_err += err
train_batches += 1
if attack == CAP:
# And a full pass over the malicious data
for batch in iterate_minibatches(X_train_mal,
y_train_mal,
128,
shuffle=True,
augment=False):
inputs, targets = batch
err, acc = train_fn(inputs, targets)
train_acc += acc
train_err += err
train_batches += 1
if attack == CAP:
mal_err = 0
mal_acc = 0
mal_batches = 0
for batch in iterate_minibatches(X_mal, y_mal, 500, shuffle=False):
inputs, targets = batch
err, acc = val_fn(inputs, targets)
mal_err += err
mal_acc += acc
mal_batches += 1
# And a full pass over the validation data:
val_err = 0
val_acc = 0
val_batches = 0
for batch in iterate_minibatches(X_val, y_val, 500, shuffle=False):
inputs, targets = batch
err, acc = val_fn(inputs, targets)
val_err += err
val_acc += acc
val_batches += 1
if (epoch + 1) == 41 or (epoch + 1) == 61:
new_lr = sh_lr.get_value() * 0.1
sh_lr.set_value(lasagne.utils.floatX(new_lr))
# Then we sys.stderr.write the results for this epoch:
sys.stderr.write("Epoch_{}: ".format(epoch + 1))
sys.stderr.write("training_loss: {:.6f} ".format(train_err /
train_batches))
sys.stderr.write("training_accuracy: {:.2f}% ".format(
train_acc / train_batches / 128 * 100))
if attack == CAP:
sys.stderr.write(" malicious loss:\t\t{:.6f}\n".format(
mal_err / mal_batches))
sys.stderr.write(" malicious accuracy:\t\t{:.2f} %\n".format(
mal_acc / mal_batches / 500 * 100))
sys.stderr.write("validation_loss: {:.6f} ".format(val_err /
val_batches))
sys.stderr.write("validation_accuracy: {:.2f}%\n".format(
val_acc / val_batches / 500 * 100))
# After training, we compute and sys.stderr.write the test error:
test_err = 0
test_acc = 0
test_batches = 0
for batch in iterate_minibatches(X_test, y_test, 500, shuffle=False):
inputs, targets = batch
err, acc = val_fn(inputs, targets)
test_err += err
test_acc += acc
test_batches += 1
sys.stderr.write("Final results:\n")
sys.stderr.write(" test loss:\t\t\t{:.6f}\n".format(test_err /
test_batches))
sys.stderr.write(" test accuracy:\t\t{:.2f} %\n".format(
test_acc / test_batches / 500 * 100))
# save final model
model_path = MODEL_DIR + 'cifar_{}_res{}_'.format(attack, res_n)
if attack == CAP:
model_path += '{}_'.format(mal_p)
if attack in {COR, SGN}:
model_path += '{}_'.format(corr_ratio)
np.savez(model_path + 'model.npz',
*lasagne.layers.get_all_param_values(network))
return test_acc / test_batches / 500
def test_cap_reconstruction(res_n=5, p=None):
# evaluate capacity abuse attack
param_values = load_params(CAP, res_n, hp=p)
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
input_shape = (None, 3, X_train.shape[2], X_train.shape[3])
n_out = len(np.unique(y_train))
input_var = T.tensor4('x')
network = build_resnet(input_var=input_var,
classes=n_out,
input_shape=input_shape,
n=res_n)
mal_n = int(p * len(X_train) * 2)
lasagne.layers.set_all_param_values(network, param_values)
hidden_data_dim = np.prod(X_train.shape[2:])
mal_n /= hidden_data_dim
if mal_n == 0:
mal_n = 1
# recreate malicious feature vector
X_mal, y_mal, mal_n = mal_data_synthesis(X_train, num_targets=mal_n)
test_prediction = lasagne.layers.get_output(network, deterministic=True)
test_prediction = T.argmax(test_prediction, axis=1)
query_fn = theano.function([input_var], test_prediction)
pixels = []
for batch in iterate_minibatches(X_mal, y_mal, 500):
inputs, _ = batch
pred = query_fn(inputs)
pixels.append(pred)
# now pixels are predictions from the model, which should be
# close to the encoded bits
pixels = np.concatenate(pixels)
pixels = pixels.reshape(-1, 2).sum(
1) # we used two predictions to encode one pixel
pixels = pixels.reshape(mal_n, X_train.shape[2], X_train.shape[3])
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
targets = raw_data[:mal_n]
img_dir = IMG_DIR + 'cap_cifar_{}/'.format(p)
if not os.path.exists(img_dir):
os.mkdir(img_dir)
err, sim = 0., 0.
for i, img in enumerate(pixels):
img_name = img_dir + 'cifar_res{}_{}.png'.format(res_n, i)
img *= 2**4
cv2.imwrite(img_name, img.astype(np.uint8))
e, s = image_metrics(img, targets[i].astype(np.uint8))
err += e
sim += s
print err / mal_n, sim / mal_n
def main(num_epochs=500,
lr=0.1,
attack=CAP,
res_n=5,
corr_ratio=0.0,
mal_p=0.1):
# Load the dataset
pprint.pprint(locals(), stream=sys.stderr)
# print(res_n)
# if res_n != 1:
# print("nope")
# return
res_n = 1
# num_epochs=1
sys.stderr.write("Loading data...\n")
X_train, y_train, X_test, y_test = load_cifar(10)
X_train = np.dstack(
(X_train[:, :1024], X_train[:, 1024:2048], X_train[:, 2048:]))
X_train = X_train.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
X_test = np.dstack((X_test[:, :1024], X_test[:, 1024:2048], X_test[:,
2048:]))
X_test = X_test.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2)
mal_n = int(mal_p * len(X_train) * 2) #not sure what this does?
n_out = len(np.unique(y_train)) #Or this?
#from original code:
if attack in {SGN, COR}:
# get the gray-scaled data to be encoded
raw_data = X_train if X_train.dtype == np.uint8 else X_train * 255
if raw_data.shape[-1] != 3:
raw_data = raw_data.transpose(0, 2, 3, 1)
raw_data = rbg_to_grayscale(raw_data).astype(np.uint8)
sys.stderr.write('Raw data shape {}\n'.format(raw_data.shape))
hidden_data_dim = np.prod(raw_data.shape[1:])
elif attack == CAP:
hidden_data_dim = int(np.prod(X_train.shape[2:]))
mal_n /= hidden_data_dim
if mal_n == 0:
mal_n = 1
X_mal, y_mal, mal_n = mal_data_synthesis2(X_train, num_targets=mal_n)
print(X_mal)
print(y_mal)
sys.stderr.write('Number of encoded image: {}\n'.format(mal_n))
sys.stderr.write('Number of synthesized data: {}\n'.format(len(X_mal)))
input_shape = (None, 3, X_train.shape[2], X_train.shape[3])
X_train, y_train, X_test = reshape_data(X_train, y_train, X_test)
X_val, y_val = X_test, y_test
# input_var = tf.placeholder(tf.float32, [None, FLAGS.img_width * FLAGS.img_height * FLAGS.img_channels])
# input_var = tf.placeholder(tf.float32, [None, FLAGS.img_width, FLAGS.img_height, FLAGS.img_channels])
input_var = tf.placeholder(tf.float32,
[None, X_train.shape[2], X_train.shape[3], 3])
# input_var = tf.placeholder(tf.float32, [None, FLAGS.img_channels, FLAGS.img_width, FLAGS.img_height])
y_ = tf.placeholder(tf.float32, [None, FLAGS.num_classes])
if attack == CAP:
X_train_mal = np.vstack([X_train, X_mal])
y_train_mal = np.concatenate([y_train, y_mal])
X_train = X_train_mal
y_train = y_train_mal
X_train_mal = X_mal
y_train_mal = y_mal
net = tf_build_resnet(input_var=input_var,
classes=n_out,
input_shape=input_shape,
n=res_n)
# test_graph('logs2')
#now the malicious data and the model have been generated, start the training process!
n = len(X_train)
print("ok then")
sys.stderr.write("Number of training data, output: {}, {}...\n".format(
n, n_out))
params = tf.trainable_variables()
print(params)
total_params = np.sum([np.prod(v.get_shape().as_list()) for v in params])
sys.stderr.write("Number of parameters in model: %d\n" % total_params)
if attack == COR:
n_hidden_data = total_params / int(hidden_data_dim)
sys.stderr.write("Number of data correlated: %d\n" % n_hidden_data)
corr_targets = raw_data[:n_hidden_data].flatten()
# corr_targets = theano.shared(corr_targets) ???
offset = set_params_init(params, corr_targets)
corr_loss, r = corr_term(params, corr_targets, size=offset)
elif attack == SGN:
n_hidden_data = total_params / int(hidden_data_dim) / 8
sys.stderr.write("Number of data sign-encoded: %d\n" % n_hidden_data)
corr_targets = get_binary_secret(raw_data[:n_hidden_data])
# corr_targets = theano.shared(corr_targets) ???
offset = set_params_init(params, corr_targets)
corr_loss, r = sign_term(params, corr_targets, size=offset)
else:
r = tf.constant(0., dtype=np.float32)
# Create a loss expression for training, i.e., a scalar objective we want
# to minimize (for our multi-class problem, it is the cross-entropy loss):
# prediction = lasagne.layers.get_output(network)
train_vars = tf.trainable_variables()
WEIGHT_DECAY = 0.0000 # from original code
lossL2 = tf.add_n(
[tf.nn.l2_loss(v) for v in train_vars if 'bias' not in v.name])
softmax_loss = tf.reduce_mean(
tf.nn.softmax_cross_entropy_with_logits(labels=y_, logits=net))
total_loss = tf.reduce_mean(softmax_loss + lossL2 * WEIGHT_DECAY)
# loss = lasagne.objectives.categorical_crossentropy(prediction, target_var)
# loss = loss.mean()
# We could add some weight decay as well here, see lasagne.regularization.
# all_layers = lasagne.layers.get_all_layers(network)
# l2_penalty = lasagne.regularization.regularize_layer_params(all_layers, lasagne.regularization.l2) * 0.0001
# loss += l2_penalty
# add malicious term to loss function
if attack in {SGN, COR}:
corr_loss *= corr_ratio
loss += corr_loss
# save init
# sh_lr = theano.shared(lasagne.utils.floatX(lr))
#training settings
# WEIGHT_DECAY = 0.0001 #from paper
START_LEARNING_RATE = 0.01
DECAY_STEPS = 100000 # decay the learning rate every 100000 steps
DECAY_RATE = 0.1 # the base of our exponential for the decay
MOMENTUM = 0.9 #from paper
global_step = tf.Variable(
0, trainable=False
) # this will be incremented automatically by tensorflow
# updates = lasagne.updates.nesterov_momentum(loss, params, learning_rate=sh_lr)
decayed_learning_rate = tf.train.exponential_decay(START_LEARNING_RATE,
global_step,
DECAY_STEPS,
DECAY_RATE,
staircase=True)
train_step = tf.train.MomentumOptimizer(
learning_rate=decayed_learning_rate,
momentum=MOMENTUM,
use_nesterov=True).minimize(total_loss, global_step=global_step)
actual_label = tf.argmax(y_, 1)
prediction = tf.argmax(net, 1)
is_correct = tf.equal(prediction, actual_label)
accuracy = tf.reduce_mean(tf.cast(is_correct, tf.float32), name='accuracy')
error = tf.subtract(1.0, accuracy)
# test_prediction = lasagne.layers.get_output(network, deterministic=True)
# test_loss = lasagne.objectives.categorical_crossentropy(test_prediction, target_var)
# test_loss = test_loss.mean()
#ignoring this?
# As a bonus, also create an expression for the classification w:
# if target_var.ndim == 1:
# test_acc = T.sum(T.eq(T.argmax(test_prediction, axis=1), target_var), dtype=theano.config.floatX)
# else:
# test_acc = T.sum(T.eq(T.argmax(test_prediction, axis=1), T.argmax(target_var, axis=1)), dtype=theano.config.floatX)
# train_fn = theano.function([input_var, target_var], [loss, r], updates=updates)
# val_fn = theano.function([input_var, target_var], [test_loss, test_acc])
# Finally, launch the training loop.
#summaries added in
accuracy_summary = tf.summary.scalar("Accuracy", accuracy)
error_summary = tf.summary.scalar("Error", error)
loss_summary = tf.summary.scalar("Loss", total_loss)
l2_loss_summary = tf.summary.scalar("Loss L2", lossL2)
# img_summary = tf.summary.image('Input Images', input_var, max_outputs=4)
# aug_image_summary = tf.summary.image('Augmented Images', input_var, max_outputs=4)
# test_img_summary = tf.summary.image('Test Images', input_var)
# train_summary = tf.summary.merge([loss_summary, accuracy_summary, error_summary, l2_loss_summary, img_summary])
train_summary = tf.summary.merge(
[loss_summary, accuracy_summary, error_summary, l2_loss_summary])
validation_summary = tf.summary.merge(
[loss_summary, accuracy_summary, error_summary])
step = 0
saver = tf.train.Saver(tf.global_variables(), max_to_keep=1)
sys.stderr.write("Starting training...\n")
with tf.Session(config=tf.ConfigProto(gpu_options=gpu_options)) as sess:
sess.run(tf.global_variables_initializer())
train_writer = tf.summary.FileWriter(log_dir + "_train", sess.graph)
validation_writer = tf.summary.FileWriter(log_dir + "_validation",
sess.graph)
step = 0
epochs = range(1, EPOCH_LIMIT + 1)
for epoch in epochs:
# shuffle training data
train_indices = np.arange(n)
np.random.shuffle(train_indices)
X_train = X_train[train_indices, :, :, :]
y_train = y_train[train_indices]
# In each epoch, we do a full pass over the training data:
train_err_total = 0
train_acc_total = 0
train_batches = 0
step = 0
PRINT_FREQ = 100
start_time = time.time()
train_r = 0
# for batch in iterate_minibatches(X_train, y_train, 128, shuffle=True, augment=True):
# inputs, targets = batch
# step += 1
# targets = translate_labels(targets)
# inputs = translate_images(inputs)
## print(targets)
## err, r = train_fn(inputs, targets)
# _, train_summary_str, train_acc, err, train_loss, l2_loss = sess.run([train_step, train_summary, accuracy,error, total_loss,lossL2],feed_dict={input_var: inputs, y_: targets})
# if(step % PRINT_FREQ == 0):
# print('step {}, accuracy on training set : {}, loss: {}, L2 Loss: {}'.format(step, train_acc, train_loss, l2_loss))
#
## train_r += r
# train_acc_total += train_acc
# train_err_total += err
# train_batches += 1
if attack == CAP:
step = 0
# And a full pass over the malicious data
for batch in iterate_minibatches(X_train_mal,
y_train_mal,
128,
shuffle=True,
augment=False):
step += 1
inputs, targets = batch
targets = translate_labels(targets)
inputs = translate_images(inputs)
# err, r = train_fn(inputs, targets)
_, train_summary_str, train_acc, err, train_loss, l2_loss = sess.run(
[
train_step, train_summary, accuracy, error,
total_loss, lossL2
],
feed_dict={
input_var: inputs,
y_: targets
})
if (step % PRINT_FREQ == 0):
print(
'step {}, accuracy on mal training set : {}, loss: {}, L2 Loss: {}'
.format(step, train_acc, train_loss, l2_loss))
# train_r += r
train_acc_total += train_acc
train_err_total += err
train_batches += 1
if attack == CAP:
mal_err = 0
mal_acc = 0
mal_batches = 0
step = 0
for batch in iterate_minibatches(X_mal,
y_mal,
600,
shuffle=False):
inputs, targets = batch
step += 1
targets = translate_labels(targets)
inputs = translate_images(inputs)
# err, acc = val_fn(inputs, targets)
predictions_made = sess.run(net,
feed_dict={input_var: inputs})
targets_new = []
predictions_new = []
for i in range(0, 200):
avg_pred = np.argmax(predictions_made[i * 3] +
predictions_made[i * 3 + 1] +
predictions_made[i * 3 + 2])
# avg_pred = predictions_made[i*3]
# print(avg_pred.eval())
# avg_pred = tf.argmax(avg_pred, 1)
predictions_new.append(avg_pred)
targets_new.append(targets[i * 3])
# prediction = tf.argmax(net, 1)
# predictions_new = translate_labels(predictions_new)
# print("predictions_new.eval()")
# print(predictions_new)
#
# print(tf.argmax(predictions_new, 1).eval())
# print("targets_new")
# print(tf.argmax(targets_new, 1).eval())
is_correct2 = tf.equal(
tf.cast(predictions_new, tf.int64),
tf.argmax(tf.convert_to_tensor(targets_new), 1))
# print("is_correct2.eval()")
# print(is_correct2.eval())
accuracy_mal = tf.reduce_mean(
tf.cast(is_correct2, tf.float32)).eval()
validation_accuracy, err, summary_str = sess.run(
[accuracy, error, validation_summary],
feed_dict={
input_var: inputs,
y_: targets
})
if (step % (PRINT_FREQ / 20) == 0):
print(
'step {}, accuracy on mal test set : {}/{}, err: {}'
.format(step, accuracy_mal, validation_accuracy,
err))
mal_err += err
# mal_acc += validation_accuracy
mal_acc += accuracy_mal
mal_batches += 1
# And a full pass over the validation data:
val_err = 0
val_acc = 0
val_batches = 0
##validation
# for batch in iterate_minibatches(X_val, y_val, 500, shuffle=False):
# inputs, targets = batch
# targets = translate_labels(targets)
# inputs = translate_images(inputs)
## err, acc = val_fn(inputs, targets)
# validation_accuracy, err, summary_str = sess.run([accuracy, error, validation_summary], feed_dict={input_var: inputs, y_: targets})
#
# val_err += err
# val_acc += validation_accuracy
# val_batches += 1
# Then we sys.stderr.write the results for this epoch:
sys.stderr.write("Epoch {} of {} took {:.3f}s\n".format(
epoch, EPOCH_LIMIT,
time.time() - start_time))
sys.stderr.write(" training loss:\t\t{:.6f}\n".format(
train_err_total / train_batches))
sys.stderr.write(" training accuracy:\t\t{:.6f}\n".format(
train_acc_total / train_batches))
if attack == CAP:
sys.stderr.write(" malicious loss:\t\t{:.6f}\n".format(
mal_err / mal_batches))
sys.stderr.write(" malicious accuracy:\t\t{:.2f} %\n".format(
mal_acc / mal_batches))
if attack in {SGN, COR}:
# sys.stderr.write(" training r:\t\t{:.6f}\n".format(train_r / train_batches))
# sys.stderr.write(" validation loss:\t\t{:.6f}\n".format(val_err / val_batches))
sys.stderr.write(" validation accuracy:\t\t{:.2f} %\n".format(
validation_accuracy))
# don't loop back when we reach the end of the test set
evaluated_images = 0
test_accuracy = 0
batch_count = 0
for batch in iterate_minibatches(X_test, y_test, 500, shuffle=False):
inputs, targets = batch
targets = translate_labels(targets)
inputs = translate_images(inputs)
test_accuracy_temp = sess.run([accuracy],
feed_dict={
input_var: X_test,
y_: y_test
})
batch_count = batch_count + 1
test_accuracy = test_accuracy + test_accuracy_temp
# evaluated_images = evaluated_images + testLabels.shape[0]
test_accuracy = test_accuracy / batch_count
sys.stderr.write("Final results:\n")
sys.stderr.write(" test loss:\t\t\t{:.6f}\n".format(test_err /
test_batches))
sys.stderr.write(" test accuracy:\t\t{:.2f} %\n".format(
test_accuracy / 500 * 100))
import os
import scipy.io as sio
import numpy as np
from load_cifar import load_cifar
from model.initial_cifarNet import initial_cifar
train_data = []
valid_data = []
train_labels = []
valid_labels = []
if os.path.isfile('../data/cifar/cifar.mat'):
print 'read mat file: %s' % ('../data/cifar/cifar.mat')
data = sio.loadmat('../data/cifar/cifar.mat')
train_data = data['train_data']
valid_data = data['valid_data']
train_labels = data['train_labels']
valid_labels = data['valid_labels']
else:
train_data, valid_data, train_labels, valid_labels = load_cifar()
cnn = initial_cifar()
lr = np.logspace(-2, -3, 20)
cnn.train(train_data, train_labels, lr, epoch=20, batch_size=32)
res = cnn.predict(valid_data)
res = res.reshape(valid_labels.shape)
print 'Accuracy is: %f' % (np.sum(res == valid_labels) / float(np.max(valid_labels.shape)))
import os
import scipy.io as sio
import numpy as np
from load_cifar import load_cifar
from model.initial_cifarNet import initial_cifar
train_data = []
valid_data = []
train_labels = []
valid_labels = []
if os.path.isfile('../data/cifar/cifar.mat'):
print 'read mat file: %s' % ('../data/cifar/cifar.mat')
data = sio.loadmat('../data/cifar/cifar.mat')
train_data = data['train_data']
valid_data = data['valid_data']
train_labels = data['train_labels']
valid_labels = data['valid_labels']
else:
train_data, valid_data, train_labels, valid_labels = load_cifar()
cnn = initial_cifar()
lr = np.ones(20) * 0.001
cnn.train(train_data, train_labels, lr, epoch=20, batch_size=32)
res = cnn.predict(valid_data)
res = res.reshape(valid_labels.shape)
print 'Accuracy is: %f' % (np.sum(res == valid_labels) / float(np.max(valid_labels.shape)))
def load_dataset(data_dir):
train_x, train_y, test_x, test_y = load_cifar(10, data_dir)
return train_x, train_y, test_x, test_y