In [1]:
%matplotlib inline 
import sys, os
base_path = os.getcwd()[0:os.getcwd().rfind('Watermark')] + "Watermark/"
sys.path.append(base_path) 

import matplotlib.pyplot as plt
from src.usenix_main import usenix_blackbox
from src.models import get_deep_cnn_for_cifar, get_lenet_model_for_mnist
from src.preprocess_data import load_cifar_images, load_mnist_images

Using TensorFlow backend.


Instructions for updating:
Colocations handled automatically by placer.


# Description
In this notebook we are running a surrogate model attack. The attacker and owner data is disjoint.

In [2]:
surr_model, all_history = usenix_blackbox(
     load_dataset_func=load_cifar_images,  # Which dataset to choose. Should return training and testing data
     dataset_label="CIFAR",  # Label of the dataset (for caching)
     model=get_deep_cnn_for_cifar(),  # Model specification for wm_embedding
     surrogate_model=get_deep_cnn_for_cifar(),
     owner_data_size=25000,
     total_owner_data_size=100000,
     key_length=35,
     wm_boost_factor=100,
     attacker_data_size=25000,
     total_attacker_data_size=100000,
     epochs_embed=20,
     epochs_surr=20,
     batchsize_surr=64,
     cache_embed_wm="usenix_cifar",
     cache_surr_model=None,
     verbose=True
)

Instructions for updating:
Please use `rate` instead of `keep_prob`. Rate should be set to `rate = 1 - keep_prob`.
[1/4] USENIX Blackbox Attack: Loading CIFAR data
      Owner data: 100000 Attacker Data: 100000
10%..20%..30%..40%..50%..60%..70%..80%..89%..99%..100%! Done!
10%..20%..30%..40%..50%..60%..70%..80%..

KeyboardInterrupt: 

In [None]:
embed_history, surr_history = all_history
for elem in all_history: 
    print(elem.history.keys())
    
if surr_history.history['val_acc'][0] != 0:
    surr_history.history['val_acc'] = [0] + surr_history.history['val_acc']
    surr_history.history['watermark_val'] = [0] + surr_history.history['watermark_val']
    embed_history.history['val_acc'] = [0] + embed_history.history['val_acc']
    embed_history.history['watermark_val'] = [0] + embed_history.history['watermark_val']

plt.figure(figsize=(20,10))
params = {'legend.fontsize': 20,
          'legend.handlelength': 2,
          'font.size': 16}
plt.rcParams.update(params)

plt.title('USENIX Blackbox Attack CIFAR', fontsize=26)
plt.xlabel('Epochs', fontsize=20)
plt.ylabel('Accuracy', fontsize=20)

plt.plot(embed_history.history['val_acc'], 'x-')
plt.plot(embed_history.history['watermark_val'], 'o-')

l1 = len(embed_history.history['val_acc'])-1

import numpy as np
xaxis_extended = np.arange(l1, len(surr_history.history['val_acc'])+l1)

plt.plot(xaxis_extended, surr_history.history['val_acc'], 'x-')
plt.plot(xaxis_extended, surr_history.history['watermark_val'], 'o-')

plt.axvline(l1, linestyle='--', color='red')
plt.text(l1/2-2, 0.5, "embed", fontsize=20)
plt.text(l1+15, 0.5, "surr", fontsize=20)

import numpy as np
# Annotate test accuracy of surrogate model
ctr=1
for xy in zip(xaxis_extended[1:], surr_history.history['val_acc']):    
    if ctr == len(surr_history.history['val_acc'])-1: # Last point
        plt.annotate("{:.3f}".format(xy[1]), xy=(xy[0],xy[1]+0.01), textcoords='data', fontsize=14) # <--
    elif ctr % 3 == 0:
        plt.annotate("{:.3f}".format(xy[1]), xy=xy, textcoords='data', fontsize=14) # <--
    ctr+=1
    
# Annotate watermark accuracy of surrogate model
ctr=0
for xy in zip(xaxis_extended, surr_history.history['watermark_val']):
    if ctr == len(surr_history.history['watermark_val'])-1: # Last point
        print("Am in here!")
        plt.annotate("{:.3f}".format(xy[1]), xy=(xy[0],xy[1]), textcoords='data', fontsize=14) # <--
    ctr+=1
    
# Annotate test accuracy of owners model model
len_embed_hist = len(embed_history.history['val_acc'])
for xy in zip(np.arange(len_embed_hist-1,len_embed_hist), embed_history.history['val_acc'][-1:]):                                      
    plt.annotate("{:.3f}".format(xy[1]), xy=xy, textcoords='data', fontsize=14) # <--  
    
# Annotate watermark accuracy of owners model model
len_embed_hist = len(embed_history.history['watermark_val'])
for xy in zip(np.arange(len_embed_hist-1,len_embed_hist), embed_history.history['watermark_val'][-1:]):                                      
    plt.annotate("{:.3f}".format(xy[1]), xy=(xy[0],xy[1]-0.03), textcoords='data', fontsize=14) # <--  
    
xint = np.arange(0, len(embed_history.history['val_acc'])+len(surr_history.history['watermark_val']), 5)
plt.xticks(xint)

plt.ylim(0,1)
plt.xlim(0)

plt.grid()

plt.legend(['test_acc', 'wm_ret', 'test_acc_surr', 'wm_ret_surr'], loc='best')
plt.show()