def test_3_tensorflow_classifier(self):
"""
First test with the TensorFlowClassifier.
:return:
"""
# Build TensorFlowClassifier
victim_tfc, sess = get_image_classifier_tf()
# Create the thieved classifier
thieved_tfc, _ = get_image_classifier_tf(load_init=False, sess=sess)
# Create random attack
attack = KnockoffNets(
classifier=victim_tfc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="random",
verbose=False,
)
thieved_tfc = attack.extract(x=self.x_train_mnist,
thieved_classifier=thieved_tfc)
victim_preds = np.argmax(victim_tfc.predict(x=self.x_train_mnist),
axis=1)
thieved_preds = np.argmax(thieved_tfc.predict(x=self.x_train_mnist),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.3)
# Create adaptive attack
attack = KnockoffNets(
classifier=victim_tfc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="adaptive",
reward="all",
verbose=False,
)
thieved_tfc = attack.extract(x=self.x_train_mnist,
y=self.y_train_mnist,
thieved_classifier=thieved_tfc)
victim_preds = np.argmax(victim_tfc.predict(x=self.x_train_mnist),
axis=1)
thieved_preds = np.argmax(thieved_tfc.predict(x=self.x_train_mnist),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.4)
# Clean-up session
if sess is not None:
sess.close()
def test_6_keras_iris(self):
"""
Second test for Keras.
:return:
"""
# Build KerasClassifier
victim_krc = get_tabular_classifier_kr()
# Create the thieved classifier
thieved_krc = get_tabular_classifier_kr(load_init=False)
# Create random attack
attack = KnockoffNets(
classifier=victim_krc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="random",
verbose=False,
)
thieved_krc = attack.extract(x=self.x_train_iris,
thieved_classifier=thieved_krc)
victim_preds = np.argmax(victim_krc.predict(x=self.x_train_iris),
axis=1)
thieved_preds = np.argmax(thieved_krc.predict(x=self.x_train_iris),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.3)
# Create adaptive attack
attack = KnockoffNets(
classifier=victim_krc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="adaptive",
reward="all",
verbose=False,
)
thieved_krc = attack.extract(x=self.x_train_iris,
y=self.y_train_iris,
thieved_classifier=thieved_krc)
victim_preds = np.argmax(victim_krc.predict(x=self.x_train_iris),
axis=1)
thieved_preds = np.argmax(thieved_krc.predict(x=self.x_train_iris),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.33)
# Clean-up
k.clear_session()
def test_4_pytorch_iris(self):
"""
Third test for PyTorch.
:return:
"""
# Build PyTorchClassifier
victim_ptc = get_tabular_classifier_pt()
# Create the thieved classifier
thieved_ptc = get_tabular_classifier_pt(load_init=False)
# Create random attack
attack = KnockoffNets(
classifier=victim_ptc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="random",
verbose=False,
)
thieved_ptc = attack.extract(x=self.x_train_iris,
thieved_classifier=thieved_ptc)
victim_preds = np.argmax(victim_ptc.predict(x=self.x_train_iris),
axis=1)
thieved_preds = np.argmax(thieved_ptc.predict(x=self.x_train_iris),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.3)
# Create adaptive attack
attack = KnockoffNets(
classifier=victim_ptc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="adaptive",
reward="all",
verbose=False,
)
thieved_ptc = attack.extract(x=self.x_train_iris,
y=self.y_train_iris,
thieved_classifier=thieved_ptc)
victim_preds = np.argmax(victim_ptc.predict(x=self.x_train_iris),
axis=1)
thieved_preds = np.argmax(thieved_ptc.predict(x=self.x_train_iris),
axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.4)
def test_5_pytorch_classifier(self):
"""
Third test with the PyTorchClassifier.
:return:
"""
self.x_train_mnist = np.reshape(self.x_train_mnist, (self.x_train_mnist.shape[0], 1, 28, 28)).astype(np.float32)
# Build PyTorchClassifier
victim_ptc = get_image_classifier_pt()
# Create the thieved classifier
thieved_ptc = get_image_classifier_pt(load_init=False)
# Create random attack
attack = KnockoffNets(
classifier=victim_ptc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="random",
verbose=False,
)
thieved_ptc = attack.extract(x=self.x_train_mnist, thieved_classifier=thieved_ptc)
victim_preds = np.argmax(victim_ptc.predict(x=self.x_train_mnist), axis=1)
thieved_preds = np.argmax(thieved_ptc.predict(x=self.x_train_mnist), axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.3)
# Create adaptive attack
attack = KnockoffNets(
classifier=victim_ptc,
batch_size_fit=BATCH_SIZE,
batch_size_query=BATCH_SIZE,
nb_epochs=NB_EPOCHS,
nb_stolen=NB_STOLEN,
sampling_strategy="adaptive",
reward="all",
verbose=False,
)
thieved_ptc = attack.extract(x=self.x_train_mnist, y=self.y_train_mnist, thieved_classifier=thieved_ptc)
victim_preds = np.argmax(victim_ptc.predict(x=self.x_train_mnist), axis=1)
thieved_preds = np.argmax(thieved_ptc.predict(x=self.x_train_mnist), axis=1)
acc = np.sum(victim_preds == thieved_preds) / len(victim_preds)
self.assertGreater(acc, 0.4)
self.x_train_mnist = np.reshape(self.x_train_mnist, (self.x_train_mnist.shape[0], 28, 28, 1)).astype(np.float32)