### Import libraries

In [1]:
import numpy as np
import pandas as pd
from absl import flags
import tensorflow as tf
import tensorflow_privacy
from keras.models import Model
import matplotlib.pyplot as plt
import tensorflow_addons as tfa
from keras.layers.convolutional import Conv2D
from tensorflow.keras.datasets import cifar10
from tensorflow_addons.layers import GroupNormalization
from keras.layers import Input, Dense, Flatten, Dropout, Add
from tensorflow_privacy.privacy.analysis import compute_dp_sgd_privacy
from tensorflow_privacy.privacy.analysis.rdp_accountant import compute_rdp
from tensorflow_privacy.privacy.analysis.rdp_accountant import get_privacy_spent
from keras.layers.pooling import MaxPooling2D, AveragePooling2D, GlobalAveragePooling2D
tf.compat.v1.disable_v2_behavior()
tf.get_logger().setLevel('ERROR')
%matplotlib inline

Instructions for updating:
non-resource variables are not supported in the long term


### Load Dataset

In [2]:
# Loading cifar10 image dataset
data_train, data_test = cifar10.load_data()
x_train, y_train = data_train
x_test, y_test = data_test

# Normalizing pixel values of images
x_train = x_train / 255.0
x_test = x_test / 255.0

# Flattening images in dataset
y_train = y_train.flatten().reshape(y_train.shape[0], 1)
y_test = y_test.flatten().reshape(y_test.shape[0], 1)

# One hot encoding of labels/target column
y_train = tf.keras.utils.to_categorical(y_train, num_classes=10)
y_test = tf.keras.utils.to_categorical(y_test, num_classes=10)

print("training:", x_train.shape, y_train.shape)
print("testing:", x_test.shape, y_test.shape)

training: (50000, 32, 32, 3) (50000, 10)
testing: (10000, 32, 32, 3) (10000, 10)


### Model5: Custom Simple CNN

In [12]:
# Hyper-parameters
epochs = 41
batch_size = 1500
l2_norm_clip = 1
noise_multiplier = 1.3
num_microbatches = 100
learning_rate = 0.15
delta = 1e-5

# epochs = 20
# batch_size = 500
# l2_norm_clip = 1.5
# noise_multiplier = 1.3
# num_microbatches = 250
# learning_rate = 0.25

if batch_size % num_microbatches != 0:
    raise ValueError('Batch size should be an integer multiple of the number of microbatches')
    
# Compute RDP
orders = [1 + x / 10. for x in range(1, 100)] + list(range(12, 64))
rdp = compute_rdp(q = batch_size / 50000,
                  noise_multiplier = noise_multiplier,
                  steps = epochs * 50000 // batch_size,
                  orders = orders)
# Calculate epsilon
epsilon = get_privacy_spent(orders, rdp, target_delta = delta)[0]
epsilon

4.979053549560634

In [4]:
### Custom ResNet model
model_input = Input(shape = (32, 32, 3))
x1 = Conv2D(16, (8, 8), activation = 'tanh', strides = 2)(model_input)
x2 = MaxPooling2D(pool_size = (2,1))(x1)
x3 = Conv2D(32, (4, 4), activation = 'tanh', strides = 2)(x2)
x4 = MaxPooling2D(pool_size = (2,1))(x3)

# ## Residual Block 1
# x3 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x2)
# x3 = GroupNormalization(groups = 64, axis=3)(x3) # normalization layer 1
# x4 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x3)
# sk1 = Add()([x2, x4]) # skip connection 1
# ## Residual Block 2
# x5 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(sk1)
# x5 = GroupNormalization(groups = 64, axis=3)(x5) # normalization layer 2
# x6 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x5)
# sk2 = Add()([sk1, x6]) # skip connection 2
# Global Average Pooling layer
# avg = GlobalAveragePooling2D()(sk2)

ftn = Flatten()(x4)
# Feed-forward network
d1 = Dense(64, activation = 'tanh')(ftn)
d2 = Dense(32, activation = 'tanh')(d1)
model_output = Dense(10, activation = 'softmax')(d2)
model = Model(inputs = model_input, outputs = model_output)
model.summary()

Model: "model"
_________________________________________________________________
 Layer (type)                Output Shape              Param #   
 input_1 (InputLayer)        [(None, 32, 32, 3)]       0         
                                                                 
 conv2d (Conv2D)             (None, 13, 13, 16)        3088      
                                                                 
 max_pooling2d (MaxPooling2D  (None, 6, 13, 16)        0         
 )                                                               
                                                                 
 conv2d_1 (Conv2D)           (None, 2, 5, 32)          8224      
                                                                 
 max_pooling2d_1 (MaxPooling  (None, 1, 5, 32)         0         
 2D)                                                             
                                                                 
 flatten (Flatten)           (None, 160)               0     

In [5]:
# define optimizer (dp-sgd) 
optimizer = tensorflow_privacy.DPKerasSGDOptimizer(
    l2_norm_clip=l2_norm_clip,
    noise_multiplier=noise_multiplier,
    num_microbatches=num_microbatches,
    learning_rate=learning_rate)

# # define optimizer (dp-adam)
# optimizer = tensorflow_privacy.DPKerasAdamOptimizer(
#     l2_norm_clip=l2_norm_clip,
#     noise_multiplier=noise_multiplier,
#     num_microbatches=num_microbatches,
#     learning_rate=learning_rate,
#     gradient_accumulation_steps=5)

# define loss function
loss = tf.keras.losses.CategoricalCrossentropy(
    from_logits=True, reduction=tf.losses.Reduction.NONE)

In [6]:
# Compile model
model.compile(optimizer=optimizer, loss=loss, metrics=['accuracy'])
# Train model
model.fit(x_train, y_train,
          epochs=epochs,
          validation_data=(x_test, y_test),
          batch_size=batch_size)

  return dispatch_target(*args, **kwargs)


Train on 50000 samples, validate on 10000 samples
Metal device set to: Apple M1 Pro


2022-03-24 19:05:09.869095: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:305] Could not identify NUMA node of platform GPU ID 0, defaulting to 0. Your kernel may not have been built with NUMA support.
2022-03-24 19:05:09.869235: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:271] Created TensorFlow device (/job:localhost/replica:0/task:0/device:GPU:0 with 0 MB memory) -> physical PluggableDevice (device: 0, name: METAL, pci bus id: <undefined>)
2022-03-24 19:05:09.995101: W tensorflow/core/platform/profile_utils/cpu_utils.cc:128] Failed to get CPU frequency: 0 Hz
2022-03-24 19:05:09.997151: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 1/130


2022-03-24 19:05:10.141793: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-24 19:05:10.279402: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-24 19:05:10.311692: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.




  updates = self.state_updates
2022-03-24 19:08:18.056319: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 2/130
Epoch 3/130
Epoch 4/130
Epoch 5/130
Epoch 6/130
Epoch 7/130
Epoch 8/130
Epoch 9/130
Epoch 10/130
Epoch 11/130
Epoch 12/130
Epoch 13/130
Epoch 14/130
Epoch 15/130
Epoch 16/130
Epoch 17/130
Epoch 18/130
Epoch 19/130
Epoch 20/130
Epoch 21/130
Epoch 22/130
Epoch 23/130
Epoch 24/130
Epoch 25/130
Epoch 26/130
Epoch 27/130
Epoch 28/130
Epoch 29/130
Epoch 30/130
Epoch 31/130
Epoch 32/130
Epoch 33/130
Epoch 34/130
Epoch 35/130
Epoch 36/130
Epoch 37/130
Epoch 38/130
Epoch 39/130
Epoch 40/130
Epoch 41/130
Epoch 42/130
Epoch 43/130
Epoch 44/130
Epoch 45/130
Epoch 46/130
Epoch 47/130
Epoch 48/130
Epoch 49/130
Epoch 50/130
Epoch 51/130
Epoch 52/130
Epoch 53/130
Epoch 54/130
Epoch 55/130
Epoch 56/130
Epoch 57/130
Epoch 58/130


Epoch 59/130
Epoch 60/130
Epoch 61/130
Epoch 62/130
Epoch 63/130
Epoch 64/130
Epoch 65/130
Epoch 66/130
Epoch 67/130
Epoch 68/130
Epoch 69/130
Epoch 70/130
Epoch 71/130
Epoch 72/130
Epoch 73/130
Epoch 74/130
Epoch 75/130
Epoch 76/130
Epoch 77/130
Epoch 78/130
Epoch 79/130
Epoch 80/130
Epoch 81/130
Epoch 82/130
Epoch 83/130
Epoch 84/130
Epoch 85/130
Epoch 86/130
Epoch 87/130
Epoch 88/130
Epoch 89/130
10000/50000 [=====>........................] - ETA: 2:17 - loss: 1.5801 - acc: 0.4331

KeyboardInterrupt: 

### Model4: Custom ResNet

In [12]:
# Hyper-parameters
# epochs = 132
# batch_size = 500
# l2_norm_clip = 1.2
# noise_multiplier = 1.3
# num_microbatches = 100
# learning_rate = 2.5e-1
# delta = 1e-5
epochs = 55
batch_size = 500
l2_norm_clip = 2
noise_multiplier = 1
num_microbatches = 50
learning_rate = 1.3
delta = 1e-5

if batch_size % num_microbatches != 0:
    raise ValueError('Batch size should be an integer multiple of the number of microbatches')
    
# Compute RDP
orders = [1 + x / 10. for x in range(1, 100)] + list(range(12, 64))
rdp = compute_rdp(q = batch_size / 50000,
                  noise_multiplier = noise_multiplier,
                  steps = epochs * 50000 // batch_size,
                  orders = orders)
# Calculate epsilon
epsilon = get_privacy_spent(orders, rdp, target_delta = delta)[0]
epsilon

4.830398168750132

In [13]:
### Custom ResNet model
model_input = Input(shape = (32, 32, 3))
x1 = Conv2D(64, (3, 3), activation = 'relu', strides = 2)(model_input)
x2 = MaxPooling2D(pool_size = (3,3))(x1)
## Residual Block 1
x3 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x2)
x3 = GroupNormalization(groups = 64, axis=3)(x3) # normalization layer 1
x4 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x3)
sk1 = Add()([x2, x4]) # skip connection 1
## Residual Block 2
x5 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(sk1)
x5 = GroupNormalization(groups = 64, axis=3)(x5) # normalization layer 2
x6 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(x5)
sk2 = Add()([sk1, x6]) # skip connection 2
# ## Residual Block 3
# x7 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(sk2)
# x7 = GroupNormalization(groups = 64, axis=3)(x7) # normalization layer 3
# x8 = Conv2D(64, (3, 3), activation = 'tanh', strides = 1)(x7)
# sk3 = Add()([sk2, x8]) # skip connection 3
# ## Residual Block 4
# x9 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(sk3)
# x9 = GroupNormalization(groups = 64, axis=3)(x9) # normalization layer 4
# x10 = Conv2D(64, (3, 3), activation = 'tanh', strides = 1)(x9)
# sk4 = Add()([sk3, x10]) # skip connection 4
# ## Residual Block 5
# x11 = Conv2D(64, (3, 3), activation = 'relu', strides = 1)(sk4)
# x11 = GroupNormalization(groups = 64, axis=3)(x11) # normalization layer 5
# x12 = Conv2D(64, (3, 3), activation = 'tanh', strides = 1)(x11)
# sk5 = Add()([sk4, x12]) # skip connection 5
# Global Average Pooling layer
# avg = GlobalAveragePooling2D()(sk2)
ftn = Flatten()(sk2)
# Feed-forward network
d1 = Dense(64, activation = 'relu')(ftn)
d2 = Dense(32, activation = 'relu')(d1)
model_output = Dense(10, activation = 'softmax')(d2)
model = Model(inputs = model_input, outputs = model_output)
model.summary()

Model: "model_2"
__________________________________________________________________________________________________
 Layer (type)                   Output Shape         Param #     Connected to                     
 input_3 (InputLayer)           [(None, 32, 32, 3)]  0           []                               
                                                                                                  
 conv2d_10 (Conv2D)             (None, 15, 15, 64)   1792        ['input_3[0][0]']                
                                                                                                  
 max_pooling2d_2 (MaxPooling2D)  (None, 5, 5, 64)    0           ['conv2d_10[0][0]']              
                                                                                                  
 conv2d_11 (Conv2D)             (None, 3, 3, 64)     36928       ['max_pooling2d_2[0][0]']        
                                                                                            

In [15]:
# define optimizer (dp-sgd) 
optimizer = tensorflow_privacy.DPKerasSGDOptimizer(
    l2_norm_clip=l2_norm_clip,
    noise_multiplier=noise_multiplier,
    num_microbatches=num_microbatches,
    learning_rate=learning_rate)

# # define optimizer (dp-adam)
# optimizer = tensorflow_privacy.DPKerasAdamOptimizer(
#     l2_norm_clip=l2_norm_clip,
#     noise_multiplier=noise_multiplier,
#     num_microbatches=num_microbatches,
#     learning_rate=learning_rate,
#     gradient_accumulation_steps=5)

# define loss function
loss = tf.keras.losses.CategoricalCrossentropy(
    from_logits=True, reduction=tf.losses.Reduction.NONE)

In [None]:
# Compile model
model.compile(optimizer=optimizer, loss=loss, metrics=['accuracy'])
# Train model
model.fit(x_train, y_train,
          epochs=epochs,
          validation_data=(x_test, y_test),
          batch_size=batch_size)

Train on 50000 samples, validate on 10000 samples


2022-03-23 13:18:10.477792: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-23 13:18:11.304313: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 1/55


2022-03-23 13:18:11.596346: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-23 13:18:11.739659: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.




2022-03-23 13:26:40.755324: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 2/55

### Model3: Custom CNN

In [3]:
# Hyper-parameters
epochs = 63
batch_size = 1000
l2_norm_clip = 1
noise_multiplier = 1.3
num_microbatches = 125
learning_rate = 0.25
delta = 1e-5

if batch_size % num_microbatches != 0:
    raise ValueError('Batch size should be an integer multiple of the number of microbatches')
    
# Compute RDP
orders = [1 + x / 10. for x in range(1, 100)] + list(range(12, 64))
rdp = compute_rdp(q = batch_size / 50000,
                  noise_multiplier = noise_multiplier,
                  steps = epochs * 50000 // batch_size,
                  orders=orders)
# Calculate epsilon
epsilon = get_privacy_spent(orders, rdp, target_delta=delta)[0]
epsilon

4.959247448597203

In [4]:
# Define model
model = tf.keras.Sequential([
    
    tf.keras.layers.Conv2D(64, 5, strides=1, padding='same', activation='tanh', input_shape=(32, 32, 3)),
#     tf.keras.layers.ReLU(max_value = 50, negative_slope = 1.2),
#     tfa.layers.GroupNormalization(groups=32, axis=3),
    tf.keras.layers.MaxPool2D(2, 2),
    
    tf.keras.layers.Conv2D(32, 5, strides=1, padding='valid', activation='relu'),
    tfa.layers.GroupNormalization(groups=32, axis=3),
#     tf.keras.layers.ReLU(max_value = 50, negative_slope = 1.2),
    tf.keras.layers.MaxPool2D(2, 2),
    
    tf.keras.layers.Conv2D(32, 3, strides=2, padding='valid', activation='relu'),
    tfa.layers.GroupNormalization(groups=32, axis=3),
#     tf.keras.layers.ReLU(max_value = 50, negative_slope = 1.2),
    tf.keras.layers.MaxPool2D(2, 2),
    
    tf.keras.layers.Flatten(),
    tf.keras.layers.Dense(256, activation='tanh'),
#     tfa.layers.GroupNormalization(groups=64, axis=3),
#     tf.keras.layers.ReLU(max_value = 50, negative_slope = 1.2),
    tf.keras.layers.Dense(64, activation='tanh'),
    tf.keras.layers.Dense(32, activation='tanh'),
    tf.keras.layers.Dense(10, activation='softmax')
])
model.summary()

Model: "sequential"
_________________________________________________________________
 Layer (type)                Output Shape              Param #   
 conv2d (Conv2D)             (None, 32, 32, 64)        4864      
                                                                 
 max_pooling2d (MaxPooling2D  (None, 16, 16, 64)       0         
 )                                                               
                                                                 
 conv2d_1 (Conv2D)           (None, 12, 12, 32)        51232     
                                                                 
 group_normalization (GroupN  (None, 12, 12, 32)       64        
 ormalization)                                                   
                                                                 
 max_pooling2d_1 (MaxPooling  (None, 6, 6, 32)         0         
 2D)                                                             
                                                        

In [5]:
# define optimizer (dp-sgd) 
optimizer = tensorflow_privacy.DPKerasSGDOptimizer(
    l2_norm_clip=l2_norm_clip,
    noise_multiplier=noise_multiplier,
    num_microbatches=num_microbatches,
    learning_rate=learning_rate)

# # define optimizer (dp-adam)
# optimizer = tensorflow_privacy.DPKerasAdamOptimizer(
#     l2_norm_clip, noise_multiplier, num_microbatches)

# define loss function
loss = tf.keras.losses.CategoricalCrossentropy(
    from_logits=True, reduction=tf.losses.Reduction.NONE)

In [6]:
# Compile model
model.compile(optimizer=optimizer, loss=loss, metrics=['accuracy'])
# Train model
model.fit(x_train, y_train,
          epochs=epochs,
          validation_data=(x_test, y_test),
          batch_size=batch_size)

  return dispatch_target(*args, **kwargs)


Train on 50000 samples, validate on 10000 samples
Metal device set to: Apple M1 Pro


2022-03-21 09:01:09.300782: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:305] Could not identify NUMA node of platform GPU ID 0, defaulting to 0. Your kernel may not have been built with NUMA support.
2022-03-21 09:01:09.300907: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:271] Created TensorFlow device (/job:localhost/replica:0/task:0/device:GPU:0 with 0 MB memory) -> physical PluggableDevice (device: 0, name: METAL, pci bus id: <undefined>)
2022-03-21 09:01:09.825404: W tensorflow/core/platform/profile_utils/cpu_utils.cc:128] Failed to get CPU frequency: 0 Hz
2022-03-21 09:01:09.837009: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-21 09:01:10.420292: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-21 09:01:10.590297: I tensorflow/core/grappler/o

Epoch 1/63


2022-03-21 09:01:10.701318: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.




  updates = self.state_updates
2022-03-21 09:13:25.384671: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 2/63
Epoch 3/63
Epoch 4/63
Epoch 5/63
Epoch 6/63
Epoch 7/63
Epoch 8/63
Epoch 9/63
Epoch 10/63
Epoch 11/63
Epoch 12/63
Epoch 13/63
Epoch 14/63
Epoch 15/63
Epoch 16/63
Epoch 17/63
Epoch 18/63
Epoch 19/63
Epoch 20/63
Epoch 21/63
Epoch 22/63
Epoch 23/63
Epoch 24/63
Epoch 25/63
Epoch 26/63
Epoch 27/63
Epoch 28/63
Epoch 29/63
Epoch 30/63
Epoch 31/63
Epoch 32/63
Epoch 33/63
Epoch 34/63
Epoch 35/63
Epoch 36/63
Epoch 37/63
Epoch 38/63
Epoch 39/63
Epoch 40/63

KeyboardInterrupt: 

### Model1: Simple CNN

In [11]:
# Hyper-parameters
epochs = 20
batch_size = 500

l2_norm_clip = 1.5
noise_multiplier = 1.3
num_microbatches = 250
learning_rate = 0.25

if batch_size % num_microbatches != 0:
    raise ValueError('Batch size should be an integer multiple of the number of microbatches')

In [12]:
# Define model
model = tf.keras.Sequential([
    tf.keras.layers.Conv2D(16, 8,
                           strides=2,
                           padding='same',
                           activation='relu',
                           input_shape=(32, 32, 3)),
    tf.keras.layers.MaxPool2D(2, 1),
    tf.keras.layers.Conv2D(32, 4,
                           strides=2,
                           padding='valid',
                           activation='relu'),
    tf.keras.layers.MaxPool2D(2, 1),
    tf.keras.layers.Flatten(),
    tf.keras.layers.Dense(32, activation='relu'),
    tf.keras.layers.Dense(10)
])

In [13]:
# define optimizer (dp-sgd) 
optimizer = tensorflow_privacy.DPKerasSGDOptimizer(
    l2_norm_clip=l2_norm_clip,
    noise_multiplier=noise_multiplier,
    num_microbatches=num_microbatches,
    learning_rate=learning_rate)
# define loss function
loss = tf.keras.losses.CategoricalCrossentropy(
    from_logits=True, reduction=tf.losses.Reduction.NONE)

In [14]:
# Compile model
model.compile(optimizer=optimizer, loss=loss, metrics=['accuracy'])
# Train model
model.fit(x_train, y_train,
          epochs=epochs,
          validation_data=(x_test, y_test),
          batch_size=batch_size)

Train on 50000 samples, validate on 10000 samples


2022-03-08 16:42:30.484258: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-08 16:42:31.402756: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 1/20


2022-03-08 16:42:31.686466: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-08 16:42:31.846137: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.




2022-03-08 17:04:09.816648: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 2/20
Epoch 3/20
Epoch 4/20
Epoch 5/20
Epoch 6/20
Epoch 7/20
Epoch 8/20
Epoch 9/20
Epoch 10/20
Epoch 11/20
Epoch 12/20
Epoch 13/20
Epoch 14/20
Epoch 15/20
Epoch 16/20
Epoch 17/20
Epoch 18/20
Epoch 19/20
Epoch 20/20


<keras.callbacks.History at 0x4a21c5700>

In [15]:
# Calculate privacy performance
compute_dp_sgd_privacy.compute_dp_sgd_privacy(n=x_train.shape[0],
                                              batch_size=batch_size,
                                              noise_multiplier=noise_multiplier,
                                              epochs=epochs,
                                              delta=1e-5)

DP-SGD with sampling rate = 1% and noise_multiplier = 1.3 iterated over 2000 steps satisfies differential privacy with eps = 1.8 and delta = 1e-05.
The optimal RDP order is 11.0.


(1.798929515280597, 11.0)

### Model2: VGG with transfer learning

In [3]:
# Hyper-parameters
epochs = 50
batch_size = 1250

l2_norm_clip = 1.5
noise_multiplier = 1.3
num_microbatches = 250
learning_rate = 0.25

if batch_size % num_microbatches != 0:
    raise ValueError('Batch size should be an integer multiple of the number of microbatches')

In [4]:
#Building a VGG model with pretrained weights

vgg_model=tf.keras.Sequential()

#https://keras.io/api/applications/vgg/#vgg16-function
#https://keras.io/guides/transfer_learning/
#https://chroniclesofai.com/transfer-learning-with-keras-resnet-50/
pre_vgg_model=tf.keras.applications.VGG16(include_top=False,weights="imagenet",
                                          classes=10,pooling=max,input_shape=(32,32,3))
pre_vgg_model.trainable=False
vgg_model.add(pre_vgg_model)
vgg_model.add(tf.keras.layers.Flatten())
vgg_model.add(tf.keras.layers.Dense(512, activation='tanh'))
vgg_model.add(tf.keras.layers.Dense(10, activation='softmax'))


Metal device set to: Apple M1 Pro


2022-03-14 00:07:48.042660: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:305] Could not identify NUMA node of platform GPU ID 0, defaulting to 0. Your kernel may not have been built with NUMA support.
2022-03-14 00:07:48.042815: I tensorflow/core/common_runtime/pluggable_device/pluggable_device_factory.cc:271] Created TensorFlow device (/job:localhost/replica:0/task:0/device:GPU:0 with 0 MB memory) -> physical PluggableDevice (device: 0, name: METAL, pci bus id: <undefined>)
2022-03-14 00:07:48.050509: W tensorflow/core/platform/profile_utils/cpu_utils.cc:128] Failed to get CPU frequency: 0 Hz
2022-03-14 00:07:48.050609: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-14 00:07:48.065426: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-14 00:07:48.153230: I tensorflow/core/grappler/o

In [5]:
vgg_model.summary()

Model: "sequential"
_________________________________________________________________
 Layer (type)                Output Shape              Param #   
 vgg16 (Functional)          (None, 1, 1, 512)         14714688  
                                                                 
 flatten (Flatten)           (None, 512)               0         
                                                                 
 dense (Dense)               (None, 512)               262656    
                                                                 
 dense_1 (Dense)             (None, 10)                5130      
                                                                 
Total params: 14,982,474
Trainable params: 267,786
Non-trainable params: 14,714,688
_________________________________________________________________


In [6]:
# define optimizer (dp-sgd) 
vgg_optimizer = tensorflow_privacy.DPKerasSGDOptimizer(
    l2_norm_clip=l2_norm_clip,
    noise_multiplier=noise_multiplier,
    num_microbatches=num_microbatches,
    learning_rate=learning_rate)
# define loss function
vgg_loss = tf.keras.losses.CategoricalCrossentropy(
    from_logits=True, reduction=tf.losses.Reduction.NONE)

In [7]:
# Compile model
vgg_model.compile(optimizer=vgg_optimizer, loss=vgg_loss, metrics=['accuracy'])
# Train model
vgg_model.fit(x_train, y_train,
          epochs=epochs,
          validation_data=(x_test, y_test),
          batch_size=batch_size)

  return dispatch_target(*args, **kwargs)


Train on 50000 samples, validate on 10000 samples


2022-03-14 00:08:06.080186: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 1/50


2022-03-14 00:08:06.388985: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-14 00:08:06.466079: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.
2022-03-14 00:08:06.528768: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.




  updates = self.state_updates
2022-03-14 00:10:55.361394: I tensorflow/core/grappler/optimizers/custom_graph_optimizer_registry.cc:113] Plugin optimizer for device_type GPU is enabled.


Epoch 2/50
Epoch 3/50
Epoch 4/50
Epoch 5/50
Epoch 6/50
Epoch 7/50
Epoch 8/50
Epoch 9/50
Epoch 10/50
Epoch 11/50
Epoch 12/50
Epoch 13/50
Epoch 14/50
Epoch 15/50
Epoch 16/50
Epoch 17/50
Epoch 18/50
Epoch 19/50
Epoch 20/50
Epoch 21/50
Epoch 22/50
Epoch 23/50
Epoch 24/50
Epoch 25/50
Epoch 26/50
Epoch 27/50
Epoch 28/50
Epoch 29/50
Epoch 30/50
Epoch 31/50
Epoch 32/50
Epoch 33/50
Epoch 34/50
Epoch 35/50
Epoch 36/50
Epoch 37/50
Epoch 38/50
Epoch 39/50
Epoch 40/50
Epoch 41/50
Epoch 42/50
Epoch 43/50
Epoch 44/50
Epoch 45/50
Epoch 46/50
Epoch 47/50
Epoch 48/50
Epoch 49/50
Epoch 50/50


<keras.callbacks.History at 0x157600100>

In [8]:
# noise_multiplier = FLAGS.noise_multiplier
# sampling_probability = FLAGS.batch_size / 60000
# steps = FLAGS.epochs * 60000 // FLAGS.batch_size

In [9]:
# from absl import app
# from absl import flags
# from absl import logging
# FLAGS = flags.FLAGS
orders = [1 + x / 10. for x in range(1, 100)] + list(range(12, 64))
rdp = compute_rdp(q = batch_size / 50000,
                  noise_multiplier = noise_multiplier,
                  steps = epochs * 50000 // batch_size,
                  orders=orders)

In [10]:
epsilon = get_privacy_spent(orders, rdp, target_delta=1e-5)[0]
epsilon

4.980956406486334