In [None]:
import nbformat

nb = nbformat.v4.new_notebook()
nb.metadata.kernelspec = {
    "display_name": "Python (with torch)",
    "language": "python",
    "name": "torch_env"
}
nb.cells = [
    nbformat.v4.new_markdown_cell("# Model Inversion on MNIST using Label-only Attack\n\n"
        "This notebook demonstrates how to reconstruct MNIST images using four types of model inversion attacks:\n"
        "- **Label-only**\n"
        "- **Vector-based**\n"
        "- **Score-based**\n"
        "- **One-hot**\n\n"
        "We follow the steps from the paper *Label-only Model Inversion Attack: The Attack that Requires the Least*."
    ),
    nbformat.v4.new_markdown_cell("## Step 1: Install Dependencies\n"
        "Run this cell once to install required packages."
    ),
    nbformat.v4.new_code_cell("""!pip install torch torchvision matplotlib scipy tqdm ipykernel"""),
    nbformat.v4.new_markdown_cell("## Step 2: Setup Kernel and Imports"),
    nbformat.v4.new_code_cell("""import sys
import os
sys.path.append(os.getcwd())

import torch
from torch.utils.data import DataLoader, Subset
from torchvision import datasets, transforms
import torch.nn as nn
import torch.optim as optim

# Project modules
from data_loader import load_mnist_data
from utils import add_gaussian_noise, compute_error_rate, compute_mse, plot_comparison
from phase1_vector_recovery import generate_confidence_vectors
from phase2_train_attack_model import train_attack_model
from phase3_reconstruct import reconstruct_images
from phase4_evaluation import evaluate_reconstructions

# Attack-specific imports
from attacks.label_only_attack import train_shadow_model, recover_confidence_vector
from attacks.vector_based_attack import get_confidence_vector
from attacks.score_based_attack import get_score_based_vector
from attacks.one_hot_attack import get_one_hot_vector

print("Imports successful.")"""),
    nbformat.v4.new_markdown_cell("## Step 3: Load MNIST Dataset"),
    nbformat.v4.new_code_cell("""# Load MNIST
train_set, test_set = load_mnist_data()
print(f"Train samples: {len(train_set)}, Test samples: {len(test_set)}")"""),
    nbformat.v4.new_markdown_cell("## Step 4: Prepare Data Loaders and Sets"),
    nbformat.v4.new_code_cell("""# Define auxiliary fraction
aux_frac = 0.02
n_aux = int(len(train_set) * aux_frac)
aux_indices = list(range(n_aux))
aux_set = Subset(train_set, aux_indices)
rest_indices = list(range(n_aux, len(train_set)))
rest_set = Subset(train_set, rest_indices)

batch_size = 128
loader_rest = DataLoader(rest_set, batch_size=batch_size, shuffle=True)
loader_aux = DataLoader(aux_set, batch_size=n_aux, shuffle=False)
loader_test = DataLoader(test_set, batch_size=10000, shuffle=False)

print(f"Aux set size = {len(aux_set)}, Rest set size = {len(rest_set)}")"""),
    nbformat.v4.new_markdown_cell("## Step 5: Define and Train Target CNN"),
    nbformat.v4.new_code_cell("""# Target CNN architecture
class TargetCNN(nn.Module):
    def __init__(self, num_classes=10):
        super().__init__()
        self.features = nn.Sequential(
            nn.Conv2d(1,32,3,padding=1), nn.BatchNorm2d(32), nn.ReLU(), nn.MaxPool2d(2),
            nn.Conv2d(32,64,3,padding=1), nn.BatchNorm2d(64), nn.ReLU(), nn.MaxPool2d(2),
            nn.Conv2d(64,128,3,padding=1), nn.BatchNorm2d(128), nn.ReLU(), nn.MaxPool2d(2)
        )
        self.classifier = nn.Sequential(
            nn.Flatten(),
            nn.Linear(128*3*3,256), nn.ReLU(),
            nn.Linear(256,num_classes)
        )
    def forward(self, x):
        x = self.features(x)
        return self.classifier(x)

device = 'cuda' if torch.cuda.is_available() else 'cpu'
target_model = TargetCNN().to(device)

# Train target model
optimizer = optim.Adam(target_model.parameters(), lr=1e-3)
criterion = nn.CrossEntropyLoss()

for epoch in range(5):
    target_model.train()
    total_loss = 0.0
    for imgs, labels in loader_rest:
        imgs, labels = imgs.to(device), labels.to(device)
        optimizer.zero_grad()
        outputs = target_model(imgs)
        loss = criterion(outputs, labels)
        loss.backward()
        optimizer.step()
        total_loss += loss.item()*imgs.size(0)
    print(f"Epoch {epoch+1}, loss = {total_loss/len(rest_set):.4f}")"""),
    nbformat.v4.new_markdown_cell("## Step 6: Train Shadow Model and Compute mu"),
    nbformat.v4.new_code_cell("""# Load auxiliary data
aux_images, aux_labels = next(iter(loader_aux))
aux_images, aux_labels = aux_images.to(device), aux_labels.to(device)

# Add noise and compute error rate mu
sigma = 0.1
noisy_aux = add_gaussian_noise(aux_images, sigma).to(device)
mu = compute_error_rate(target_model, noisy_aux, aux_labels, device)
print(f"Computed mu = {mu:.4f}")

# Train shadow model on CPU
shadow = train_shadow_model(aux_images.cpu(), noisy_aux.cpu())
print("Shadow model trained.")"""),
    nbformat.v4.new_markdown_cell("## Step 7: Generate Confidence Vectors"),
    nbformat.v4.new_code_cell("""methods = ['label_only','vector_based','score_based','one_hot']
vectors_dict = {}
targets_dict = {}

images_cpu = aux_images.cpu()
labels_cpu = aux_labels.cpu()

for m in methods:
    if m == 'label_only':
        vecs, tars = generate_confidence_vectors(
            images_cpu, labels_cpu, target_model,
            method=m, shadow_model=shadow, mu=mu,
            num_classes=10, sigma=sigma, device=device
        )
    else:
        vecs, tars = generate_confidence_vectors(
            images_cpu, labels_cpu, target_model,
            method=m, num_classes=10, device=device
        )
    vectors_dict[m] = vecs
    targets_dict[m] = tars
    print(f"{m}: vectors {vecs.shape}, targets {tars.shape}")"""),
    nbformat.v4.new_markdown_cell("## Step 8: Train Attack Models"),
    nbformat.v4.new_code_cell("""attack_models = {}
for m in methods:
    vecs = vectors_dict[m]
    imgs = targets_dict[m]
    print(f"Training {m} attack model...")
    attack_models[m] = train_attack_model(vecs, imgs, epochs=100)
print("Attack models trained.")"""),
    nbformat.v4.new_markdown_cell("## Step 9: Reconstruct Test Images"),
    nbformat.v4.new_code_cell("""# Get first 10 test samples
test_imgs, test_lbls = next(iter(loader_test))
test_imgs = test_imgs[:10].to(device)
test_lbls = test_lbls[:10]

recon_dict = {}
for m in methods:
    vecs = []
    for i in range(10):
        x = test_imgs[i]
        if m == 'label_only':
            vec = recover_confidence_vector(shadow, mu, test_lbls[i].item(),
                                            num_classes=10, sigma=sigma)
        elif m == 'vector_based':
            vec = get_confidence_vector(target_model, x)
        elif m == 'score_based':
            vec = get_score_based_vector(target_model, x)
        else:
            vec = get_one_hot_vector(target_model, x)
        vecs.append(vec.cpu())
    vecs = torch.stack(vecs)
    recon = reconstruct_images(attack_models[m], vecs.to(device))
    recon_dict[m] = recon.cpu()
print("Reconstruction complete.")"""),
    nbformat.v4.new_markdown_cell("## Step 10: Evaluate and Plot"),
    nbformat.v4.new_code_cell("""# Ground truth for first 10
ground = test_imgs.cpu()

labels_map = {
    'label_only': 'Label-only',
    'vector_based': 'Vector-based',
    'score_based': 'Score-based',
    'one_hot': 'One-hot'
}
plot_dict = {labels_map[m]: recon_dict[m] for m in methods}

plot_comparison(ground, plot_dict, title='Inversion Comparison')""")
]

path = '/mnt/data/model_inversion_mnist_fixed.ipynb'
with open(path, 'w') as f:
    nbformat.write(nb, f)

path
