def test_shadow_transform_with_custom_shadow_indices(data, shadow_model_fn,
model_serializer,
num_models,
max_models_for_transform):
(X_train, y_train), _ = data
smb = ShadowModelBundle(
shadow_model_fn,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=num_models,
serializer=model_serializer,
)
smb._fit(X_train, y_train, fit_kwargs=dict(epochs=5, verbose=False))
shadow_indices = range(max_models_for_transform)
X_shadow, y_shadow = smb._transform(shadow_indices=shadow_indices)
assert X_shadow.shape[
0] == 2 * max_models_for_transform * SHADOW_DATASET_SIZE
assert y_shadow.shape[
0] == 2 * max_models_for_transform * SHADOW_DATASET_SIZE
#if model is not saved
X_shadow, y_shadow = smb.fit_transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(epochs=target_epochs,
verbose=True,
validation_data=(attacker_X_test, attacker_y_test),
batch_size=100),
)
else:
# if model is saved
X_shadow, y_shadow = smb._transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(epochs=target_epochs,
verbose=True,
validation_data=(attacker_X_test, attacker_y_test),
batch_size=100),
)
amb_serializer = MySerializer(model_fn=attack_model_fn,
prefix="./amb_DPSGD__model_weights_zena")
# ShadowModelBundle returns data in the format suitable for the AttackModelBundle.
amb = AttackModelBundle(attack_model_fn,
num_classes=NUM_CLASSES,
serializer=amb_serializer)
# Fit the attack models.
print("Training the attack models...")
amb.fit(X_shadow,
y_shadow,