def train_attack_model(classes,
dataset=None,
n_hidden=50,
learning_rate=0.01,
batch_size=200,
epochs=50,
model='nn',
l2_ratio=1e-7):
if dataset is None:
dataset = load_attack_data()
train_x, train_y, test_x, test_y = dataset
train_classes, test_classes = classes
train_indices = np.arange(len(train_x))
test_indices = np.arange(len(test_x))
unique_classes = np.unique(train_classes)
true_y = []
pred_y = []
pred_scores = []
true_x = []
for c in unique_classes:
#print('Training attack model for class {}...'.format(c))
c_train_indices = train_indices[train_classes == c]
c_train_x, c_train_y = train_x[c_train_indices], train_y[
c_train_indices]
c_test_indices = test_indices[test_classes == c]
c_test_x, c_test_y = test_x[c_test_indices], test_y[c_test_indices]
c_dataset = (c_train_x, c_train_y, c_test_x, c_test_y)
_, c_pred_y, c_pred_scores, _, _, _ = train_model(
c_dataset,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio,
non_linearity='relu')
true_y.append(c_test_y)
pred_y.append(c_pred_y)
true_x.append(c_test_x)
pred_scores.append(c_pred_scores)
print('-' * 10 + 'FINAL EVALUATION' + '-' * 10 + '\n')
true_y = np.concatenate(true_y)
pred_y = np.concatenate(pred_y)
true_x = np.concatenate(true_x)
pred_scores = np.concatenate(pred_scores)
#print('Testing Accuracy: {}'.format(accuracy_score(true_y, pred_y)))
#print(classification_report(true_y, pred_y))
fpr, tpr, thresholds = roc_curve(true_y, pred_y, pos_label=1)
print(fpr, tpr, tpr - fpr)
attack_adv = tpr[1] - fpr[1]
#plt.plot(fpr, tpr)
# membership
fpr, tpr, thresholds = roc_curve(true_y, pred_scores[:, 1], pos_label=1)
#plt.plot(fpr, tpr)
# non-membership
fpr, tpr, thresholds = roc_curve(true_y, pred_scores[:, 0], pos_label=0)
#plt.show()
#FILE_SUFFIX = '_nn_rdp_1000_0.npz'
#np.save(DATA_PATH + 'true_x' + FILE_SUFFIX, true_x)
#np.save(DATA_PATH + 'true_y' + FILE_SUFFIX, true_y)
#np.save(DATA_PATH + 'pred_scores' + FILE_SUFFIX, pred_scores)
return attack_adv, pred_scores
def train_target_model(dataset,
epochs=100,
batch_size=100,
learning_rate=0.01,
l2_ratio=1e-7,
n_hidden=50,
model='nn',
save=True,
privacy='no_privacy',
dp='dp',
epsilon=0.5,
delta=1e-5):
train_x, train_y, test_x, test_y = dataset
classifier, _, _, train_loss, train_acc, test_acc = train_model(
dataset,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio,
silent=False,
privacy=privacy,
dp=dp,
epsilon=epsilon,
delta=delta)
# test data for attack model
attack_x, attack_y = [], []
# data used in training, label is 1
pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': train_x},
num_epochs=1,
shuffle=False)
predictions = classifier.predict(input_fn=pred_input_fn)
_, pred_scores = get_predictions(predictions)
attack_x.append(pred_scores)
attack_y.append(np.ones(train_x.shape[0]))
# data not used in training, label is 0
pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': test_x},
num_epochs=1,
shuffle=False)
predictions = classifier.predict(input_fn=pred_input_fn)
_, pred_scores = get_predictions(predictions)
attack_x.append(pred_scores)
attack_y.append(np.zeros(test_x.shape[0]))
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
if save:
np.savez(MODEL_PATH + 'attack_test_data.npz', attack_x, attack_y)
np.savez(MODEL_PATH + 'target_model.npz',
*lasagne.layers.get_all_param_values(output_layer))
classes = np.concatenate([train_y, test_y])
return attack_x, attack_y, classes, train_loss, classifier, train_acc, test_acc
def train_shadow_models(n_hidden=50,
epochs=100,
n_shadow=20,
learning_rate=0.05,
batch_size=100,
l2_ratio=1e-7,
model='nn',
save=True):
# for attack model
attack_x, attack_y = [], []
classes = []
for i in range(n_shadow):
#print('Training shadow model {}'.format(i))
data = load_data('shadow{}_data.npz'.format(i))
train_x, train_y, test_x, test_y = data
# train model
classifier, _, _, _, _, _ = train_model(data,
n_hidden=n_hidden,
epochs=epochs,
learning_rate=learning_rate,
batch_size=batch_size,
model=model,
l2_ratio=l2_ratio)
#print('Gather training data for attack model')
attack_i_x, attack_i_y = [], []
# data used in training, label is 1
pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': train_x},
num_epochs=1,
shuffle=False)
predictions = classifier.predict(input_fn=pred_input_fn)
_, pred_scores = get_predictions(predictions)
attack_i_x.append(pred_scores)
attack_i_y.append(np.ones(train_x.shape[0]))
# data not used in training, label is 0
pred_input_fn = tf.estimator.inputs.numpy_input_fn(x={'x': test_x},
num_epochs=1,
shuffle=False)
predictions = classifier.predict(input_fn=pred_input_fn)
_, pred_scores = get_predictions(predictions)
attack_i_x.append(pred_scores)
attack_i_y.append(np.zeros(test_x.shape[0]))
attack_x += attack_i_x
attack_y += attack_i_y
classes.append(np.concatenate([train_y, test_y]))
# train data for attack model
attack_x = np.vstack(attack_x)
attack_y = np.concatenate(attack_y)
attack_x = attack_x.astype('float32')
attack_y = attack_y.astype('int32')
classes = np.concatenate(classes)
if save:
np.savez(MODEL_PATH + 'attack_train_data.npz', attack_x, attack_y)
return attack_x, attack_y, classes