In [1]:
import os
import numpy as np
import random
import torch
import torch.nn as nn
import torch.nn.functional as F
import argparse
from reinforcment_based.model.classifier import VGG16
from reinforcment_based.model.evaluator import FaceNet
from reinforcment_based.model.SAC import Agent
from reinforcment_based.model.gan import Generator
from reinforcment_based.utils.mi_attack import inversion_dcgan
from reinforcment_based.utils.file_utils import load_my_state_dict, low2high, seed_everything
import pickle
import warnings
import time

In [2]:
MODEL_NAME = "VGG16"
MAX_EPISODES = 40000
MAX_STEP = 1
SEED = 42
ALPHA = 0
N_CLASSES = 1000
Z_DIM = 100
N_TARGET = 100

### load if generator should be stylegan2 trained on faces (ffhq)

In [3]:
# print(f"Target Model: {MODEL_NAME}")
# with open ('../checkpoints/gan/GeneratorStyleffhq.pkl', 'rb') as f:
#     G = pickle.load(f)['G_ema'].cuda()

G = Generator(Z_DIM)
path_G = "checkpoints/gan/Generatorceleba.tar"
G = torch.nn.DataParallel(G).cuda()
G.load_state_dict(torch.load(path_G)['state_dict'], strict=False)
G.eval()

DataParallel(
  (module): Generator(
    (l1): Sequential(
      (0): Linear(in_features=100, out_features=8192, bias=False)
      (1): BatchNorm1d(8192, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (2): ReLU()
    )
    (l2_5): Sequential(
      (0): Sequential(
        (0): ConvTranspose2d(512, 256, kernel_size=(5, 5), stride=(2, 2), padding=(2, 2), output_padding=(1, 1), bias=False)
        (1): BatchNorm2d(256, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (2): ReLU()
      )
      (1): Sequential(
        (0): ConvTranspose2d(256, 128, kernel_size=(5, 5), stride=(2, 2), padding=(2, 2), output_padding=(1, 1), bias=False)
        (1): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (2): ReLU()
      )
      (2): Sequential(
        (0): ConvTranspose2d(128, 64, kernel_size=(5, 5), stride=(2, 2), padding=(2, 2), output_padding=(1, 1), bias=False)
        (1): BatchNorm2d(64, eps=1e-05, momentu

### load target model

In [4]:
T = VGG16(N_CLASSES)
path_T = "checkpoints/VGG16/nn_VGG16celeba.tar"
T = torch.nn.DataParallel(T).cuda()
T.load_state_dict(torch.load(path_T)['state_dict'], strict=False)
T.eval()



DataParallel(
  (module): VGG16(
    (feature): Sequential(
      (0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (2): ReLU(inplace=True)
      (3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (4): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (5): ReLU(inplace=True)
      (6): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
      (7): Conv2d(64, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (8): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (9): ReLU(inplace=True)
      (10): Conv2d(128, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (11): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (12): ReLU(inplace=True)
      (13): MaxPool2d(kernel_size=2, stride=2, padding=

### load evaluator model

In [5]:
# E = FaceNet(N_CLASSES)
# path_E = 'checkpoints/VGG16/Evalceleba.tar'
# E = torch.nn.DataParallel(E).cuda()
# E.load_state_dict(torch.load(path_E)['state_dict'], strict=False)
# E.eval()

E = VGG16(N_CLASSES)
path_E = "checkpoints/VGG16/nn_VGG16celeba.tar"
E = torch.nn.DataParallel(E).cuda()
E.load_state_dict(torch.load(path_E)['state_dict'], strict=False)
E.eval()

DataParallel(
  (module): VGG16(
    (feature): Sequential(
      (0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (2): ReLU(inplace=True)
      (3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (4): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (5): ReLU(inplace=True)
      (6): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
      (7): Conv2d(64, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (8): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (9): ReLU(inplace=True)
      (10): Conv2d(128, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (11): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (12): ReLU(inplace=True)
      (13): MaxPool2d(kernel_size=2, stride=2, padding=

In [6]:
seed_everything(seed=SEED)

In [7]:
total = 0
cnt = 0
cnt5 = 0

identities = range(N_CLASSES)
# targets = random.sample(identities, N_TARGET)
targets = [0]
os.makedirs("attack_results/reinforcment_celeba/images", exist_ok=True)
os.makedirs("attack_results/reinforcment_celeba/models", exist_ok=True)

### Attack Loop

In [8]:
for i in targets:
        start = time.time()
        agent = Agent(state_size=100, action_size=100, random_seed=SEED, hidden_size=256, action_prior="uniform")
        recon_image = inversion_dcgan(agent, G, T, ALPHA, z_dim=100, max_episodes=MAX_EPISODES, max_step=MAX_STEP, label=i, model_name=MODEL_NAME)
        # output= E(low2high(recon_image))
        output = E(recon_image)
        # eval_prob = F.softmax(output[0], dim=-1)
        eval_prob = F.softmax(output[1], dim=1)
        top_idx = torch.argmax(eval_prob)
        _, top5_idx = torch.topk(eval_prob, 5)

        total += 1
        if top_idx == i:
            cnt += 1
        if i in top5_idx:
            cnt5 += 1

        acc = cnt / total
        acc5 = cnt5 / total
        print("Classes {}/{}, Accuracy : {:.3f}, Top-5 Accuracy : {:.3f}".format(total, N_TARGET, acc, acc5))
        end = time.time()
        total_time = end-start
        print(f"duration for {MAX_EPISODES} episodes: {total_time:.2f}")

Target Label : 0
Episodes 10000/40000, Confidence score for the target model : 0.9982
Episodes 20000/40000, Confidence score for the target model : 0.9984
Episodes 30000/40000, Confidence score for the target model : 0.9989
Episodes 40000/40000, Confidence score for the target model : 0.9994
Classes 1/100, Accuracy : 1.000, Top-5 Accuracy : 1.000
duration for 40000 episodes: 964.68
