def train_target_model(dataset, epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7, n_hidden=50, model='nn', save=True, DATA_PATH = './data/', MODEL_PATH = './model/'): train_x, train_y, test_x, test_y = dataset output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) # test data for attack model attack_x, attack_y = [], [] input_var = T.matrix('x') prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) # data used in training, label is 1 for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.ones(batch_size)) # data not used in training, label is 0 for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.zeros(batch_size)) attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') if save: np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y) np.savez(MODEL_PATH + 'target_model.npz', *lasagne.layers.get_all_param_values(output_layer)) classes = np.concatenate([train_y, test_y]) return attack_x, attack_y, classes
def train_target_model(dataset, name,epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7, n_hidden=50, model='nn', save=True): print("deeplearning.py -- train_target_model") returnDouble=True train_x, train_y, test_x, test_y = dataset print("begin traning:") output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) # test data for attack model attack_x, attack_y = [], [] isCorrect = [] if model=='cnn' or model=='Droppcnn'or model=='Droppcnn2' : input_var = T.tensor4('x') elif model=='cnn2': input_var = T.tensor4('x') else: input_var = T.matrix('x') prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) # data used in training, label is 1 for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_x.append(prob_fn(batch[0])) predicted = np.argmax(prob_fn(batch[0]), axis=1) isCorrect.append((batch[1] == predicted).astype('float32')) attack_y.append(np.zeros(len(batch[0]))) # data not used in training, label is 0 for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_x.append(prob_fn(batch[0])) predicted = np.argmax(prob_fn(batch[0]), axis=1) isCorrect.append((batch[1] == predicted).astype('float32')) attack_y.append(np.ones(len(batch[0]))) #print len(attack_y) attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) isCorrect = np.concatenate(isCorrect) #print('total length ' + str(sum(attack_y))) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') if save: np.savez(MODEL_PATH + 'attack_test_data'+str(name)+'.npz', attack_x) np.savez(MODEL_PATH + 'attack_test_label'+str(name)+'.npz', attack_y) np.savez(MODEL_PATH + 'target_model'+str(name)+'.npz', *lasagne.layers.get_all_param_values(output_layer)) classes = np.concatenate([train_y, test_y]) if(returnDouble): return attack_x, attack_y, output_layer,prob_fn else: return attack_x, attack_y, output_layer
def train_shadow_models(n_hidden=50, epochs=100, n_shadow=20, learning_rate=0.05, batch_size=100, l2_ratio=1e-7, model='nn', save=True): # for getting probabilities input_var = T.matrix('x') # for attack model attack_x, attack_y = [], [] classes = [] for i in range(n_shadow): print('Training shadow model {}'.format(i)) data = load_data('shadow{}_data.npz'.format(i)) train_x, train_y, test_x, test_y = data # train model output_layer = train_model(data, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) print('Gather training data for attack model') attack_i_x, attack_i_y = [], [] # data used in training, label is 1 for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_i_x.append(prob_fn(batch[0])) attack_i_y.append(np.ones(batch_size)) # data not used in training, label is 0 for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_i_x.append(prob_fn(batch[0])) attack_i_y.append(np.zeros(batch_size)) attack_x += attack_i_x attack_y += attack_i_y classes.append(np.concatenate([train_y, test_y])) # print("22222", len(np.unique(train_y)), len(np.unique(test_y))) # input() # train data for attack model attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') classes = np.concatenate(classes) if save: np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y) return attack_x, attack_y, classes
def train_target_model(dataset,epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7, n_hidden=50, model='nn'): train_x, train_y, test_x, test_y = dataset output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) # test data for attack model attack_x, attack_y = [], [] if model=='cnn': #Dimension for CIFAR-10 input_var = T.tensor4('x') else: #Dimension for News input_var = T.matrix('x') prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) # data used in training, label is 1 for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.ones(len(batch[0]))) # data not used in training, label is 0 for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.zeros(len(batch[0]))) #print len(attack_y) attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) #print('total length ' + str(sum(attack_y))) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') return attack_x, attack_y, output_layer
def train_target_model(epochs=100, batch_size=100, learning_rate=0.01, l2_ratio=1e-7, n_hidden=50, model='nn', save=True, ratio=0): print '-' * 10 + 'TRAIN TARGET' + '-' * 10 + '\n' dataset = load_data('target_data.npz') train_x, train_y, test_x, test_y = dataset num_sample = train_x.shape[0] if ratio > 0: index = random.sample(range(num_sample), int(ratio * num_sample)) index.sort() mask = np.random.choice([0, 1], size=train_x.shape[-1:], p=[2. / 3, 1. / 3]) for i in index: train_x[i] = np.clip( train_x[i] + np.multiply( mask, np.random.normal(scale=0.3, size=train_x.shape[-1:])), 0, 1) output_layer = train_model(dataset, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) attack_x, attack_y = [], [] dataset = load_data('target_data.npz') train_x, train_y, test_x, test_y = dataset if model == 'cnn': train_x = np.dstack( (train_x[:, :1024], train_x[:, 1024:2048], train_x[:, 2048:])) train_x = train_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2) test_x = np.dstack( (test_x[:, :1024], test_x[:, 1024:2048], test_x[:, 2048:])) test_x = test_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2) input_var = T.tensor4('x') else: input_var = T.matrix('x') prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.ones(batch_size)) for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_x.append(prob_fn(batch[0])) attack_y.append(np.zeros(batch_size)) attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') classes = np.concatenate([train_y, test_y]) if save: np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y) np.savez(MODEL_PATH + 'target_model.npz', *lasagne.layers.get_all_param_values(output_layer)) np.savez(MODEL_PATH + 'attack_test_class.npz', classes) return attack_x, attack_y, classes
def train_shadow_models(n_hidden=50, epochs=100, n_shadow=20, learning_rate=0.05, batch_size=100, l2_ratio=1e-7, model='nn', save=True): print '-' * 10 + 'TRAIN SHADOW' + '-' * 10 + '\n' if model == 'cnn': input_var = T.tensor4('x') else: input_var = T.matrix('x') attack_x, attack_y = [], [] classes = [] for i in xrange(n_shadow): print 'Training shadow model {}'.format(i) data = load_data('shadow{}_data.npz'.format(i)) train_x, train_y, test_x, test_y = data # train model output_layer = train_model(data, n_hidden=n_hidden, epochs=epochs, learning_rate=learning_rate, batch_size=batch_size, model=model, l2_ratio=l2_ratio) if model == 'cnn': train_x = np.dstack( (train_x[:, :1024], train_x[:, 1024:2048], train_x[:, 2048:])) train_x = train_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2) test_x = np.dstack( (test_x[:, :1024], test_x[:, 1024:2048], test_x[:, 2048:])) test_x = test_x.reshape((-1, 32, 32, 3)).transpose(0, 3, 1, 2) prob = lasagne.layers.get_output(output_layer, input_var, deterministic=True) prob_fn = theano.function([input_var], prob) if save: np.savez(MODEL_PATH + 'shadow' + str(i) + '_model.npz', *lasagne.layers.get_all_param_values(output_layer)) print 'Gather training data for attack model' attack_i_x, attack_i_y = [], [] # data used in training, label is 1 for batch in iterate_minibatches(train_x, train_y, batch_size, False): attack_i_x.append(prob_fn(batch[0])) attack_i_y.append(np.ones(batch_size)) # data not used in training, label is 0 for batch in iterate_minibatches(test_x, test_y, batch_size, False): attack_i_x.append(prob_fn(batch[0])) attack_i_y.append(np.zeros(batch_size)) attack_x += attack_i_x attack_y += attack_i_y classes.append(np.concatenate([train_y, test_y])) # train data for attack model attack_x = np.vstack(attack_x) attack_y = np.concatenate(attack_y) attack_x = attack_x.astype('float32') attack_y = attack_y.astype('int32') classes = np.concatenate(classes) if save: np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y) np.savez(MODEL_PATH + 'attack_train_class.npz', classes) return attack_x, attack_y, classes