In [1]:
import numpy as np
from sklearn.metrics import accuracy_score
import matplotlib.pyplot as plt
import warnings
warnings.filterwarnings('ignore')   
def report_acc(data,label):    
    
    unique_labels = np.unique(label)
    train_index = []
    for this_label in unique_labels:
        this_class_index = np.arange(len(label))[label == this_label]
        this_class_train_index = np.random.choice(this_class_index,int(len(this_class_index)/2),replace=False)
        train_index.append(this_class_train_index)
    train_index = np.reshape(np.array(train_index),(-1))
    test_index = np.setdiff1d(np.arange(len(label)),train_index)

    train_data = data[train_index]
    train_label = label[train_index]
    test_data = data[test_index]
    test_label = label[test_index]

    train_data = np.reshape(train_data, (len(train_label), -1))
    test_data = np.reshape(test_data, (len(test_label),-1))

    from sklearn.linear_model import LogisticRegression
    from sklearn.metrics import balanced_accuracy_score
    from sklearn.metrics import roc_auc_score
    from sklearn.metrics import f1_score
    clf = LogisticRegression(random_state=0, solver='liblinear',class_weight='balanced')
    clf.fit(train_data, train_label)
    acc1 = balanced_accuracy_score(test_label,clf.predict(test_data))
    f1_1 = f1_score(test_label,clf.predict(test_data), average='weighted')

    from sklearn.ensemble import RandomForestClassifier
    clf = RandomForestClassifier(n_estimators=100,max_depth=30, random_state=0,class_weight="balanced")

    clf.fit(train_data, train_label)
    acc2 = balanced_accuracy_score(test_label,clf.predict(test_data))
    f1_2 = f1_score(test_label,clf.predict(test_data), average='weighted')
    
    from sklearn.neural_network import MLPClassifier
    clf = MLPClassifier(solver='sgd', alpha=0.01,hidden_layer_sizes=(50, len(unique_labels)), random_state=1)
    clf.fit(train_data,train_label)
    acc3 = balanced_accuracy_score(test_label,clf.predict(test_data))

    return max(acc1,acc2,acc3)


def all_analysis(epochs,name_prefix,dataset,model,eval_data_size,special_layers=None,num_layers=12,num_user=5,gap=0):
    target_data_size = 5000
    total_data_num = (num_user+1)*eval_data_size
    all_epoch_cos = np.zeros((total_data_num,len(epochs),num_user))
    all_epoch_loss = np.zeros((total_data_num,len(epochs),num_user))
    all_epoch_target_loss = np.zeros((total_data_num,len(epochs),num_user))
    all_epoch_grad_diff = np.zeros((total_data_num,len(epochs),num_user))
    all_epoch_layer_cos = np.zeros((total_data_num,len(epochs),num_user,num_layers))
    all_epoch_layer_grad_diff = np.zeros((total_data_num,len(epochs),num_user,num_layers))
    all_epoch_target_after_loss = np.zeros((total_data_num,len(epochs),num_user))
    all_epoch_label = np.zeros(total_data_num)
    best_layer_dict = {'cifar100':6,'cifar10':2}
    this_best_layer = best_layer_dict[dataset]
    
    for epoch_idx,epoch in enumerate(epochs):
        data_name = prefix+'all_info_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        data = np.load(data_name,allow_pickle=True)
        label_name = prefix+'all_label_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        label = np.load(label_name)
        loss_data_name = prefix+'loss_info_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        loss_data = np.load(loss_data_name,allow_pickle=True)
        loss_label_name = prefix+'loss_label_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        loss_label = np.load(loss_label_name,allow_pickle=True)
        
        target_loss_data_name = prefix+'target_model_before_loss_info_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        target_loss_data = np.load(target_loss_data_name,allow_pickle=True)
        target_after_loss_data_name = prefix+'target_model_after_loss_info_multi_party_member_attack_'+str(gap)+'_'+str(num_user)+'_0_0.0_0_0.0_0_'+str(epoch+1)+'_'+str(dataset)+'_'+str(target_data_size)+'_'+str(eval_data_size)+'_'+str(model)+'.npy'
        target_after_loss_data = np.load(target_loss_data_name,allow_pickle=True)
        data = np.reshape(data,(-1,num_user,12,14))
        label = np.reshape(label,(-1))
        loss_data = np.reshape(loss_data,(-1,num_user))
        loss_label = np.reshape(loss_label,(-1))
        target_loss_data = np.reshape(target_loss_data,(-1,1))
        target_loss_data = np.tile(target_loss_data,(1,num_user))
        target_after_loss_data = np.reshape(target_after_loss_data,(-1,1))
        target_after_loss_data = np.tile(target_after_loss_data,(1,num_user))
        #print (data.shape,label.shape,loss_data.shape,loss_label.shape,target_loss_data.shape)
        
        all_epoch_cos[:,epoch_idx,:] = data[:,:,this_best_layer,0]
        all_epoch_grad_diff[:,epoch_idx,:] = data[:,:,this_best_layer,1] - data[:,:,this_best_layer,2]
        all_epoch_layer_cos[:,epoch_idx,:,:] = data[:,:,:,0]
        all_epoch_layer_grad_diff[:,epoch_idx,:,:] = data[:,:,:,1] - data[:,:,:,2]
        all_epoch_loss[:,epoch_idx,:] = loss_data
        all_epoch_target_loss[:,epoch_idx,:] = target_loss_data
        all_epoch_target_after_loss[:,epoch_idx,:] = target_after_loss_data
        all_epoch_label = label
        
        
    all_epoch_analysis(all_epoch_cos,all_epoch_grad_diff,all_epoch_loss,all_epoch_target_loss,all_epoch_target_after_loss,all_epoch_label,member_index = num_user*eval_data_size)
       
        
def all_epoch_analysis(all_epoch_cosine,all_epoch_grad_diff,all_epoch_loss,all_epoch_target_loss,all_epoch_target_after_loss,label,member_index):
    ### for all epoch analysis and member-only case, we would like to see the following attacks:
    # 1. sum of loss, argmin
    # 2. sum of cosine, argmax
    # 3. sum of grad-diff, argmax
    # 4. all loss, NN
    # 5. all cosine, NN
    # 6. all grad-diff, NN
    # 7. sum of loss, sum of cosine, sum of grad-diff, NN
    # 8. all loss, all cosine, all grad-diff, NN
    # 9. sum of sign of loss reduction, argmax
    # 10. sum of loss, sum of cosine, sum of grad-diff, sum of sign of loss reduction, NN
    import copy
    num_instance = all_epoch_cosine.shape[0]
    
    #print (num_instance)
    
    max_acc = 0
    print ("member only case")
    #1
    metric = np.sum(all_epoch_loss,axis=1)
    this_acc = accuracy_score(np.argmin(metric[:member_index],axis=1),label[:member_index])
    #print (f"sum of loss acc {this_acc}")
    max_acc = max(max_acc,this_acc)

    #2 
    metric = np.sum(all_epoch_cosine,axis=1)
    this_acc = accuracy_score(np.argmax(metric[:member_index],axis=1),label[:member_index])
    #print (f"sum of cosine acc {this_acc}")
    max_acc = max(max_acc,this_acc)

    #3
    metric = np.sum(all_epoch_grad_diff,axis=1)
    this_acc = accuracy_score(np.argmax(metric[:member_index],axis=1),label[:member_index])
    #print (f"sum of grad diff acc {this_acc}")
    max_acc = max(max_acc,this_acc)

    #11 grad_diff / loss
    # p = e^(-L), grad multiplier = p - 1
    multiplier = 1 - np.exp(-1*all_epoch_loss) 
    metric = np.sum(all_epoch_grad_diff/multiplier,axis=1)
    this_acc = accuracy_score(np.argmax(metric[:member_index],axis=1),label[:member_index])
    #print (f"sum of grad_diff/loss acc {this_acc}")
    max_acc = max(max_acc,this_acc)

    #4
    metric = np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1))
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch loss acc {this_acc}")    
    max_acc = max(max_acc,this_acc)

    #5
    metric = np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1))
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch cosine acc {this_acc}")   
    max_acc = max(max_acc,this_acc)

    #6
    metric = np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1))
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch grad diff acc {this_acc}")
    max_acc = max(max_acc,this_acc)
    
    #7
    metric = np.concatenate((np.sum(all_epoch_loss,axis=1),
                             np.sum(all_epoch_cosine,axis=1),
                             np.sum(all_epoch_grad_diff,axis=1)),axis=1)
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch sum acc {this_acc}")
    max_acc = max(max_acc,this_acc)
    
    #8
    metric = np.concatenate((np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1))),axis=1)
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch loss+cosine+grad_diff acc {this_acc}")
    max_acc = max(max_acc,this_acc)
    
    #9
    loss_reduction = all_epoch_target_after_loss - all_epoch_loss
    loss_reduction = np.reshape(copy.deepcopy(loss_reduction),(num_instance,-1))
    #loss_reduction_sign_metric = np.sum(sign_loss_reduction,axis=1)
    #print (loss_reduction_sign_metric)
    metric = loss_reduction
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"sum of loss reduction acc {this_acc}")
    max_acc = max(max_acc,this_acc)
    
    #10
    metric = np.concatenate((np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1)),
                            np.reshape(copy.deepcopy(loss_reduction),(num_instance,-1))),axis=1)
    this_acc = report_acc(metric[:member_index],label[:member_index])
    #print (f"all epoch loss+cosine+grad_diff+loss_reduction acc {this_acc}")
    max_acc = max(max_acc,this_acc)
    
    print (f"MAXIMUM ACC {max_acc}")
    
    max_acc = 0
    ### for non-member including case, we need to consider the following attacks:
    #1. sum loss 
    #2. all loss
    #3. sum cos
    #4. all cos
    #5. sum grad diff
    #6. all grad diff
    #7. all feature
    print ("testing instances included")
    #1
    metric = np.sum(all_epoch_loss,axis=1)
    this_acc = report_acc(metric,label)
    #print (f"sum of loss acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #2 
    metric = np.sum(all_epoch_cosine,axis=1)
    this_acc = report_acc(metric,label)
    #print (f"sum of cosine acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #3
    metric = np.sum(all_epoch_grad_diff,axis=1)
    this_acc = report_acc(metric,label)
    #print (f"sum of grad diff acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #4
    metric = np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1))
    this_acc = report_acc(metric,label)
    #print (f"all epoch loss acc {this_acc}")   
    max_acc = max(this_acc,max_acc) 
    
    #5
    metric = np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1))
    this_acc = report_acc(metric,label)
    #print (f"all epoch cosine acc {this_acc}")   
    max_acc = max(this_acc,max_acc)
    
    #6
    metric = np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1))
    this_acc = report_acc(metric,label)
    #print (f"all epoch grad diff acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #7
    metric = np.concatenate((np.sum(all_epoch_loss,axis=1),
                             np.sum(all_epoch_cosine,axis=1),
                             np.sum(all_epoch_grad_diff,axis=1)),axis=1)
    this_acc = report_acc(metric,label)
    #print (f"all epoch sum acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #8
    metric = np.concatenate((np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1))),axis=1)
    this_acc = report_acc(metric,label)
    #print (f"all epoch loss+cosine+grad_diff acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    
    #9
    loss_reduction = all_epoch_target_after_loss - all_epoch_loss
    loss_reduction = np.reshape(copy.deepcopy(loss_reduction),(num_instance,-1))
    #loss_reduction_sign_metric = np.sum(sign_loss_reduction,axis=1)
    #print (loss_reduction_sign_metric)
    metric = loss_reduction
    this_acc = report_acc(metric,label)
    #print (f"sum of loss reduction acc {this_acc}")
    max_acc = max(this_acc,max_acc)

    #10
    metric = np.concatenate((np.reshape(copy.deepcopy(all_epoch_loss),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_cosine),(num_instance,-1)),
                             np.reshape(copy.deepcopy(all_epoch_grad_diff),(num_instance,-1)),
                            np.reshape(copy.deepcopy(loss_reduction),(num_instance,-1))),axis=1)
    this_acc = report_acc(metric,label)
    #print (f"all epoch loss+cosine+grad_diff+loss_reduction acc {this_acc}")
    max_acc = max(this_acc,max_acc)
    print (f"MAXIMUM ACC {max_acc}")
    

def per_layer_analysis(all_epoch_cosine,all_epoch_grad_diff,all_epoch_loss,all_epoch_target_loss,label,all_epoch_layer_cosine,all_epoch_layer_grad_diff,member_index):
    ### for per layer analysis, we want to see the difference between 1. loss 2. csoine 3. grad_diff for member only case
    
    num_layers = all_epoch_layer_cosine.shape[-1]
    num_instance = all_epoch_cosine.shape[0]
    num_epoch = all_epoch_cosine.shape[1]
    num_user = all_epoch_cosine.shape[2]    
    eval_data_size = 5000
    
    print ("member only case")
    
    all_epoch_loss_acc = []
    all_epoch_cos_acc = []
    all_epoch_grad_diff_acc = []
    
    for epoch_idx in range(num_epoch):
        #print (f"epoch:{epoch_idx*10}")
        layer_cosine_acc = []
        layer_grad_diff_acc = []
        this_epoch_loss = all_epoch_loss[:,epoch_idx,:]
        for layer_idx in range(num_layers):
            this_layer_cosine = all_epoch_layer_cosine[:,epoch_idx,:,layer_idx]
            this_layer_grad_diff = all_epoch_layer_grad_diff[:,epoch_idx,:,layer_idx]
            layer_cosine_acc.append(accuracy_score(np.argmax(this_layer_cosine,axis=1)[:member_index],label[:member_index]))
            layer_grad_diff_acc.append(accuracy_score(np.argmax(this_layer_grad_diff,axis=1)[:member_index],label[:member_index]))
        loss_acc = accuracy_score(np.argmin(this_epoch_loss,axis=1)[:member_index],label[:member_index])
        
        #fig = plt.figure(figsize=(5,5))
        #plt.plot(np.arange(num_layers),layer_cosine_acc)
        #plt.plot(np.arange(num_layers),layer_grad_diff_acc)
        #plt.plot(np.arange(num_layers),[loss_acc for i in range(num_layers)])
        #plt.legend(['cosine','grad-diff','loss'])
        #plt.show()
        
        all_epoch_loss_acc.append(loss_acc)
        all_epoch_cos_acc.append(max(layer_cosine_acc))
        all_epoch_grad_diff_acc.append(max(layer_grad_diff_acc))
                                           
    fig = plt.figure(figsize=(5,5))
    plt.plot(np.arange(num_epoch)*10,all_epoch_cos_acc)
    plt.plot(np.arange(num_epoch)*10,all_epoch_grad_diff_acc)
    plt.plot(np.arange(num_epoch)*10,all_epoch_loss_acc)
    plt.legend(['cosine','grad-diff','loss'])
    plt.show()
    
    
    print ("testing instances included")
    
    all_epoch_loss_acc = []
    all_epoch_cos_acc = []
    all_epoch_grad_diff_acc = []
    
    for epoch_idx in range(num_epoch):
        #print (f"epoch:{epoch_idx*10}")
        layer_cosine_acc = []
        layer_grad_diff_acc = []
        this_epoch_loss = all_epoch_loss[:,epoch_idx,:]
        for layer_idx in range(num_layers):
            this_layer_cosine = all_epoch_layer_cosine[:,epoch_idx,:,layer_idx]
            this_layer_grad_diff = all_epoch_layer_grad_diff[:,epoch_idx,:,layer_idx]
            layer_cosine_acc.append(report_acc(this_layer_cosine,label))
            layer_grad_diff_acc.append(report_acc(this_layer_grad_diff,label))
        loss_acc = report_acc(this_epoch_loss,label)
        
        #fig = plt.figure(figsize=(5,5))
        #plt.plot(np.arange(num_layers),layer_cosine_acc)
        #plt.plot(np.arange(num_layers),layer_grad_diff_acc)
        #plt.plot(np.arange(num_layers),[loss_acc for i in range(num_layers)])
        #plt.legend(['cosine','grad-diff','loss'])
        #plt.show()
        
        all_epoch_loss_acc.append(loss_acc)
        all_epoch_cos_acc.append(max(layer_cosine_acc))
        all_epoch_grad_diff_acc.append(max(layer_grad_diff_acc))
                                           
    fig = plt.figure(figsize=(5,5))
    plt.plot(np.arange(num_epoch)*10,all_epoch_cos_acc)
    plt.plot(np.arange(num_epoch)*10,all_epoch_grad_diff_acc)
    plt.plot(np.arange(num_epoch)*10,all_epoch_loss_acc)
    plt.legend(['cosine','grad-diff','loss'])
    plt.show()

In [None]:
gap = np.array([2,3,4,5,6,7,8,9,10])
prefix = '/Users/jclialex/PycharmProjects/whiteboxmi_expdata/expdata/expdata/'
epochs = ((np.arange(29)+1)*10)

for this_gap in gap:
    print (f"active attacker gradien ascent every {this_gap} epoch")
    all_analysis(epochs,prefix,'cifar10','alexnet',200,num_user=3,gap=this_gap)

In [2]:
a = [[[1,2],[3,4]],[[5,6],[7,8]]]
a = np.array(a)
print (a.shape)
print (np.vstack(a).shape)
print (np.hstack(a).shape)

(2, 2, 2)
