def test_attack_models_are_created(
data,
shadow_model_fn,
shadow_model_serializer,
attack_model_fn,
attack_model_serializer,
):
(X_train, y_train), _ = data
smb = ShadowModelBundle(
shadow_model_fn,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=3,
serializer=shadow_model_serializer,
)
X_shadow, y_shadow = smb.fit_transform(X_train,
y_train,
fit_kwargs=dict(epochs=5,
verbose=False))
amb = AttackModelBundle(attack_model_fn,
num_classes=NUM_CLASSES,
serializer=attack_model_serializer)
# Fit the attack models.
amb.fit(X_shadow, y_shadow, fit_kwargs=dict(epochs=5, verbose=False))
# Predict membership for some training data.
membership_guesses = amb.predict(X_shadow[:100])
assert membership_guesses.shape == (len(X_shadow[:100]), )
def demo(argv):
del argv # Unused.
(X_train, y_train), (X_test, y_test) = get_data()
# Train the target model.
print("Training the target model...")
target_model = target_model_fn()
target_model.fit(
X_train, y_train, batch_size=128, epochs=FLAGS.target_epochs, validation_split=0.5, shuffle=True
)
#target_model.fit(
# X_train, y_train, batch_size=128, epochs=FLAGS.target_epochs, validation_data=(X_test, y_test), shuffle=True
#)
# Train the shadow models.
smb = ShadowModelBundle(
target_model_fn,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=FLAGS.num_shadows,
)
# We assume that attacker's data were not seen in target's training.
attacker_X_train, attacker_X_test, attacker_y_train, attacker_y_test = train_test_split(
X_test, y_test, test_size=0.1
)
print(attacker_X_train.shape, attacker_X_test.shape)
print("Training the shadow models...")
X_shadow, y_shadow = smb.fit_transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(
epochs=FLAGS.target_epochs,
verbose=True,
validation_data=(attacker_X_test, attacker_y_test),
),
)
# ShadowModelBundle returns data in the format suitable for the AttackModelBundle.
amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)
# Fit the attack models.
print("Training the attack models...")
amb.fit(
X_shadow, y_shadow, fit_kwargs=dict(epochs=FLAGS.attack_epochs, verbose=True)
)
# Test the success of the attack.
# Prepare examples that were in the training, and out of the training.
data_in = X_train[:ATTACK_TEST_DATASET_SIZE], y_train[:ATTACK_TEST_DATASET_SIZE]
data_out = X_test[:ATTACK_TEST_DATASET_SIZE], y_test[:ATTACK_TEST_DATASET_SIZE]
# Compile them into the expected format for the AttackModelBundle.
attack_test_data, real_membership_labels = prepare_attack_data(
target_model, data_in, data_out
)
# Compute the attack accuracy.
attack_guesses = amb.predict(attack_test_data)
attack_accuracy = np.mean(attack_guesses == real_membership_labels)
print(attack_accuracy)
def demo(argv):
x = pd.read_csv(
r"C:\document\education\python\python\predict mortality\data\drug_table_mortality_with_no.csv"
)
y = pd.read_csv(
r"C:\document\education\python\python\predict mortality\data\mortality_table.csv"
)
# (X_train, y_train), (X_test, y_test) = get_data()
X, Y = ga.shuffleData(x, y)
X_test = X[25000:] #####################################################
y_test = Y[
25000:] #########################################################
X_train = X[:8 * scala]
y_train = Y[:8 * scala]
# Train the target model.
print("Training the target model...")
target_model = train_target(X, Y)
# Train the shadow models.
smb = ShadowModelBundle(
target_model_fn,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=FLAGS.num_shadows,
)
# We assume that attacker's data were not seen in target's training.
attacker_X_train, attacker_X_test, attacker_y_train, attacker_y_test = train_test_split(
X_test, y_test, test_size=0.1)
print(attacker_X_train.shape, attacker_X_test.shape)
print("Training the shadow models...")
X_shadow, y_shadow = smb.fit_transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(
epochs=FLAGS.target_epochs,
verbose=True,
validation_data=(attacker_X_test, attacker_y_test),
),
)
print("shadow_shape")
print(X_shadow.shape)
print(y_shadow)
# ShadowModelBundle returns data in the format suitable for the AttackModelBundle.
amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)
# Fit the attack models.
print("Training the attack models...")
amb.fit(X_shadow,
y_shadow,
fit_kwargs=dict(epochs=FLAGS.attack_epochs, verbose=True))
# Test the success of the attack.
# Prepare examples that were in the training, and out of the training.
data_in = X_train[:
ATTACK_TEST_DATASET_SIZE], y_train[:
ATTACK_TEST_DATASET_SIZE]
data_out = X_test[:
ATTACK_TEST_DATASET_SIZE], y_test[:
ATTACK_TEST_DATASET_SIZE]
# Compile them into the expected format for the AttackModelBundle.
attack_test_data, real_membership_labels = prepare_attack_data(
target_model, data_in, data_out)
# Compute the attack accuracy.
attack_guesses = amb.predict(attack_test_data)
attack_accuracy = np.mean(attack_guesses == real_membership_labels)
print(attack_accuracy)
"""
the xshadow and yshadow are not strictly follow the shape of attacher_train
because retranformation is done in below
"""
X_shadow, y_shadow = smb.fit_transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(
epochs=10,
verbose=False,
validation_data=(attacker_X_test, attacker_y_test),
),
)
amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)
amb.fit(X_shadow, y_shadow, fit_kwargs=dict(epochs=12, verbose=False))
data_in = X_train[:
ATTACK_TEST_DATASET_SIZE_used], y_train[:
ATTACK_TEST_DATASET_SIZE_used]
data_out = X_test[:
ATTACK_TEST_DATASET_SIZE_not_used], y_test[:
ATTACK_TEST_DATASET_SIZE_not_used]
attack_test_data, real_membership_labels = prepare_attack_data(
target_model, data_in, data_out)
attack_guesses = amb.predict(attack_test_data)
attack_accuracy = np.mean(attack_guesses == real_membership_labels)
print(attack_accuracy)
def demo(argv):
del argv # Unused.
(X_train, y_train), (X_test, y_test) = load_mnist()
# Train the target model.
print("Training the target model...")
target_model = mnist_dpsgd_tutorial_keras.main()
target_model.fit(X_train,
y_train,
epochs=FLAGS.target_epochs,
validation_split=0.1,
verbose=True,
validation_data=(X_test, y_test),
batch_size=250)
# Train the shadow models.
smb = ShadowModelBundle(
mnist_dpsgd_tutorial_keras.main,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=FLAGS.num_shadows,
)
# We assume that attacker's data were not seen in target's training.
attacker_X_train, attacker_X_test, attacker_y_train, attacker_y_test = train_test_split(
X_test, y_test, test_size=0.1)
print(attacker_X_train.shape, attacker_X_test.shape)
print("Training the shadow models...")
X_shadow, y_shadow = smb.fit_transform(
attacker_X_train,
attacker_y_train,
fit_kwargs=dict(epochs=FLAGS.target_epochs,
verbose=True,
validation_data=(attacker_X_test, attacker_y_test),
batch_size=250),
)
# ShadowModelBundle returns data in the format suitable for the AttackModelBundle.
amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)
# Fit the attack models.
print("Training the attack models...")
amb.fit(X_shadow,
y_shadow,
fit_kwargs=dict(epochs=FLAGS.attack_epochs, verbose=True))
# Test the success of the attack.
# Prepare examples that were in the training, and out of the training.
data_in = X_train[:
ATTACK_TEST_DATASET_SIZE], y_train[:
ATTACK_TEST_DATASET_SIZE]
data_out = X_test[:
ATTACK_TEST_DATASET_SIZE], y_test[:
ATTACK_TEST_DATASET_SIZE]
# Compile them into the expected format for the AttackModelBundle.
attack_test_data, real_membership_labels = prepare_attack_data(
target_model, data_in, data_out)
# Compute the attack accuracy.
attack_guesses = amb.predict(attack_test_data)
attack_accuracy = np.mean(attack_guesses == real_membership_labels)
print(attack_accuracy)
fscores = precision_recall_fscore_support(real_membership_labels,
attack_guesses)
[print(fscore) for fscore in fscores]
from sklearn.metrics import precision_score, recall_score, f1_score
print(f1_score(real_membership_labels, attack_guesses))
def demo(argv):
del argv .
(x_train, y_train), (x_test, y_test) = get_data()
# 训练target model
print("Training the target model...")
target_model = target_model_fn()
target_model.fit(
x_train, y_train, epochs=FLAGS.target_epochs, validation_split=0.9, verbose=True
)
# 训练shadow model
smb = ShadowModelBundle(
target_model_fn,
shadow_dataset_size=SHADOW_DATASET_SIZE,
num_models=FLAGS.num_shadows,
)
# Shadow model所用数据
attacker_x_train, attacker_x_test, attacker_y_train, attacker_y_test = train_test_split(
x_test, y_test, test_size=0.1
)
print(attacker_x_train.shape, attacker_x_test.shape)
print("Training the shadow models...")
X_shadow, y_shadow = smb.fit_transform(
attacker_x_train,
attacker_y_train,
fit_kwargs=dict(
epochs=FLAGS.target_epochs,
verbose=True,
validation_data=(attacker_x_test, attacker_y_test),
),
)
# ShadowModelBundle 返回 AttackModelBundle 所需的数据形式
amb = AttackModelBundle(attack_model_fn, num_classes=NUM_CLASSES)
# 训练attack models.
print("Training the attack models...")
amb.fit(
X_shadow, y_shadow, fit_kwargs=dict(epochs=FLAGS.attack_epochs, verbose=True)
)
# 测试attack model效果
# 生成测试集
data_in = x_train[:ATTACK_TEST_DATASET_SIZE], y_train[:ATTACK_TEST_DATASET_SIZE]
data_out = x_test[:ATTACK_TEST_DATASET_SIZE], y_test[:ATTACK_TEST_DATASET_SIZE]
attack_test_data, real_membership_labels = prepare_attack_data(
target_model, data_in, data_out
)
# 计算成员检测攻击的准确度
attack_guesses = amb.predict(attack_test_data)
attack_accuracy = np.mean(attack_guesses == real_membership_labels)
print(attack_accuracy)