In [15]:
import torch 
import torch.nn as nn
import torch.nn.functional as F
import torchvision.models as models
import numpy as np
import torch
import torchvision
import torch.utils.data as data
import torchvision.datasets as datasets
import torchvision.transforms as transforms
from torchvision import datasets
import numpy as np
from PIL import Image
#from utils import Cutout

class part_pytorch_dataset(data.Dataset):
    def __init__(self,x,y,train=True,transform=None, target_transform=None,float_target=False):
        self.transform = transform
        self.target_transform = target_transform
        self.train = train
        if (train):
            self.train_data = x
            self.train_labels = y
        else:
            self.test_data = x
            self.test_labels = y
        self.float_target =  float_target
    
    def __getitem__(self, index):
        if self.train:
            img, target = self.train_data[index], self.train_labels[index]
        else:
            img, target = self.test_data[index], self.test_labels[index]

        # doing this so that it is consistent with all other datasets
        # to return a PIL Image
        #img = Image.fromarray(img, mode='L')

        #print (self.transform)
        #print (img.shape)

        if self.transform is not None:
            new_img = self.transform(img)
        else:
            new_img = torch.from_numpy(np.array(img)).type(torch.FloatTensor)

        #if self.target_transform is not None:
        #    new_target = self.target_transform(target)
        #else:
            #print (target)
        if (not self.float_target):
            new_target = torch.from_numpy(np.array(target)).type(torch.LongTensor)
        else:
            new_target = torch.from_numpy(np.array(target)).type(torch.FloatTensor)

        #print (new_target)

        #print ("new img type",type(new_img))
        #new_img.share_memory_()
        #new_target.share_memory_()

        return new_img.type(torch.FloatTensor), new_target, index

    def __len__(self):
        if self.train:
            return len(self.train_data)
        else:
            return len(self.test_data)

class oakland_whitebox_attacknet_fcgradient(nn.Module):

    def __init__(self,dim):
        dim1 = int(dim[0])
        dim2 = int(dim[1])
        print("dim2",dim2)
        super(oakland_whitebox_attacknet_fcgradient,self).__init__()
        self.drop1 = nn.Dropout(p=0.2,inplace=True)
        self.conv1 = nn.Conv2d(in_channels=1,out_channels=100,kernel_size=(1,dim2),stride=1)
        self.activation1 = nn.ReLU(inplace=True)
        self.drop2 = nn.Dropout(p=0.2,inplace=True)
        self.fc1 = nn.Linear(1,2024)
        self.activation2 = nn.ReLU(inplace=True)
        self.drop3 = nn.Dropout(p=0.2,inplace=True)
        self.fc2 = nn.Linear(2024,512)
        self.activation3 = nn.ReLU(inplace=True)
        self.fc3 = nn.Linear(512,256)
        self.activation4 = nn.ReLU(inplace=True)

        #### layers above are to process the gradient of fc layer

        self.fc4 = nn.Linear(256,256)
        self.activation5 = nn.ReLU(inplace=True)
        self.fc5 = nn.Linear(256,128)
        self.activation6 = nn.ReLU(inplace=True)
        self.fc6 = nn.Linear(128,64)
        self.activation7 = nn.ReLU(inplace=True)
        self.fc7 = nn.Linear(64,1)
        self.activation8 = nn.ReLU(inplace=True)

        #### layers above are the components of the encoder network

    def forward(self,x):
        x = self.drop1(x)
        x = self.conv1(x)
        x = self.activation1(x)
        x = x.view(x.size(0),-1)
        x = self.drop2(x)
        x = self.fc1(x)
        x = self.activation2(x)
        x = self.drop3(x)
        x = self.fc2(x)
        x = self.activation3(x)
        x = self.fc3(x)
        x = self.activation4(x)
        x = self.fc4(x)
        x = self.activation5(x)
        x = self.fc5(x)
        x = self.activation6(x)
        x = self.fc6(x)
        x = self.activation7(x)
        x = self.fc7(x)
        x = self.activation8(x)
        return x
    ### here we only use the gradient wrt the last layer as input and use a CNN to process the data
    ###
    
def gradient_analysis(dataset_name,model_name,training_size,evaluation_size,epochs):
    
    attack_batch_size = 100
    batch_size = 100
    attack_learning_rate = 0.01
    attack_training_epochs = 20
    
    for epoch in epochs:
        naming_str = str(epoch)+"_"+str(dataset_name)+"_"+str(training_size)+"_"+str(evaluation_size)+"_"+str(model_name)+".npy"
        data_name = "./expdata/expdata/all_info_non_member_lastlayergradient0_0.0_0_0.0_0_" + naming_str
        
        gradient_data = np.load(data_name)
        
        print (gradient_data.shape)
        
        true_label = np.concatenate((np.ones(evaluation_size),np.zeros(evaluation_size))).astype(np.int64)
        
        for user in range(1):
            this_data = gradient_data[user,:,:,:]
            this_data = np.reshape(this_data,(2*evaluation_size,100,256,1))
            
            train_index = np.random.choice(len(true_label),int(1/2*len(true_label)),replace=False)
            test_index = np.setdiff1d(np.arange(len(true_label)),train_index)
            
            this_train_data = this_data[train_index]
            this_test_data = this_data[test_index]
            this_train_label = true_label[train_index]
            this_test_label = true_label[test_index]
            
            
            this_train_dataset = part_pytorch_dataset(x=this_train_data,y=this_train_label,transform=None)
            this_train_data_loader = torch.utils.data.DataLoader(this_train_dataset, batch_size=attack_batch_size,shuffle=True, num_workers=1)
            
            this_test_dataset = part_pytorch_dataset(x=this_test_data,y=this_test_label,transform=None)
            this_test_data_loader = torch.utils.data.DataLoader(this_test_dataset, batch_size=attack_batch_size,shuffle=True, num_workers=1)
            
            model = oakland_whitebox_attacknet_fcgradient([this_data.shape[1],this_data.shape[2]])
            
            device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
            criterion = nn.CrossEntropyLoss().to(device)
            optimizer = torch.optim.SGD(model.parameters(), lr=attack_learning_rate, momentum=0.9, weight_decay=1e-6)
            
            for attack_training_epoch in range(attack_training_epochs):
                model.train()
                
                for images,labels,_ in this_train_data_loader:
                    images, labels = images.to(device), labels.to(device)
                    print (images.size())
                    model.zero_grad()
                    log_probs = model(images)
                    loss = criterion(log_probs, labels)
                    loss.backward()
                    optimizer.step()
            
            
                correct = 0.0
                total = 0.0
                model.eval()
                for images, labels,_ in this_train_data_loader:
                    images = images.to(device)
                    outputs = model(images)
                    labels = labels.to(device)
                    _, predicted = torch.max(outputs.data, 1)
                    total += labels.size(0)
                    correct += (predicted == labels).sum()
                acc = correct.item()
                acc = acc / total
                acc = acc * 100.0
                
                print("epoch %d, training accuracy %.2f" %(attack_training_epochs,acc))
                
            
            correct = 0.0
            total = 0.0
            model.eval()
            for images, labels,_ in this_test_data_loader:
                images = images.to(device)
                outputs = model(images)
                labels = labels.to(device)
                _, predicted = torch.max(outputs.data, 1)
                total += labels.size(0)
                correct += (predicted == labels).sum()
            acc = correct.item()
            acc = acc / total
            acc = acc * 100.0
            
            print ("final testing accuracy %.2f " %(acc))
            
        
    return 

In [16]:
gradient_analysis(dataset_name='cifar100',model_name='alexnet',training_size=5000,evaluation_size=500,epochs=[50,100,150])

(3, 1000, 100, 256)
torch.Size([100, 100, 256, 1])


RuntimeError: Given groups=1, weight of size 100 1 1 256, expected input[100, 100, 256, 1] to have 1 channels, but got 100 channels instead