In [1]:
import os
import numpy as np
import random
import torch
import torch.nn as nn
import torch.nn.functional as F
import argparse
from model.classifier import VGG16
from model.evaluator import FaceNet
from model.SAC import Agent
from model.gan import Generator
from utils.mi_attack import inversion
from utils.file_utils import load_my_state_dict, low2high, seed_everything
import pickle
import warnings

In [2]:
MODEL_NAME = "VGG16"
MAX_EPISODES = 40000
MAX_STEP = 1
SEED = 42
ALPHA = 0.9
N_CLASSES = 1000
Z_DIM = 100
N_TARGET = 100

### load if generator should be stylegan2 trained on faces (ffhq)

In [3]:
print(f"Target Model: {MODEL_NAME}")
with open ('data/model_data/attack/ffhq.pkl', 'rb') as f:
    G = pickle.load(f)['G_ema'].cuda()

Target Model: VGG16


### load if generator should be DCGAN trained on MNIST

In [3]:
G = Generator(Z_DIM)
path_G = "../training/data/model_data/gan/GeneratorMNISTDCGAN.tar"
G = torch.nn.DataParallel(G).cuda()
G.load_state_dict(torch.load(path_G)['state_dict'], strict=False)

<All keys matched successfully>

### load target model

In [4]:
T = VGG16(N_CLASSES)
path_T = "data/model_data/attack/VGG16_orig.tar"
T = torch.nn.DataParallel(T).cuda()
T.load_state_dict(torch.load(path_T)['state_dict'], strict=False)
T.eval()



DataParallel(
  (module): VGG16(
    (feature): Sequential(
      (0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (2): ReLU(inplace=True)
      (3): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (4): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (5): ReLU(inplace=True)
      (6): MaxPool2d(kernel_size=2, stride=2, padding=0, dilation=1, ceil_mode=False)
      (7): Conv2d(64, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (8): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (9): ReLU(inplace=True)
      (10): Conv2d(128, 128, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1))
      (11): BatchNorm2d(128, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      (12): ReLU(inplace=True)
      (13): MaxPool2d(kernel_size=2, stride=2, padding=

### load evaluator model

In [5]:
E = FaceNet(N_CLASSES)
path_E = 'data/model_data/attack/Eval.tar'
E = torch.nn.DataParallel(E).cuda()
E.load_state_dict(torch.load(path_E)['state_dict'], strict=False)
E.eval()

DataParallel(
  (module): FaceNet(
    (feature): Backbone112(
      (input_layer): Sequential(
        (0): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (2): PReLU(num_parameters=64)
      )
      (output_layer): Sequential(
        (0): BatchNorm2d(512, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (1): Dropout(p=0.5, inplace=False)
        (2): Flatten()
        (3): Linear(in_features=25088, out_features=512, bias=True)
        (4): BatchNorm1d(512, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
      )
      (body): Sequential(
        (0): bottleneck_IR(
          (shortcut_layer): MaxPool2d(kernel_size=1, stride=2, padding=0, dilation=1, ceil_mode=False)
          (res_layer): Sequential(
            (0): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
            (1): Conv2

In [6]:
seed_everything(seed=SEED)

In [7]:
total = 0
cnt = 0
cnt5 = 0

identities = range(N_CLASSES)
targets = random.sample(identities, N_TARGET)

### Attack Loop

In [8]:
for i in targets:
        agent = Agent(state_size=G.z_dim, action_size=G.z_dim, random_seed=SEED, hidden_size=256, action_prior="uniform")
        recon_image = inversion(agent, G, T, ALPHA, z_dim=G.z_dim, max_episodes=MAX_EPISODES, max_step=MAX_STEP, label=i, model_name=MODEL_NAME)
        output= E(low2high(recon_image))
        eval_prob = F.softmax(output[0], dim=-1)
        top_idx = torch.argmax(eval_prob)
        _, top5_idx = torch.topk(eval_prob, 5)

        total += 1
        if top_idx == i:
            cnt += 1
        if i in top5_idx:
            cnt5 += 1

        acc = cnt / total
        acc5 = cnt5 / total
        print("Classes {}/{}, Accuracy : {:.3f}, Top-5 Accuracy : {:.3f}".format(total, N_TARGET, acc, acc5))

Target Label : 654
Setting up PyTorch plugin "bias_act_plugin"... Done.
Setting up PyTorch plugin "upfirdn2d_plugin"... Done.
Episodes 10000/40000, Confidence score for the target model : 0.0014
Episodes 20000/40000, Confidence score for the target model : 0.0028
Episodes 30000/40000, Confidence score for the target model : 0.0028
Episodes 40000/40000, Confidence score for the target model : 0.0028
Classes 1/100, Accuracy : 0.000, Top-5 Accuracy : 0.000
Target Label : 114
Episodes 10000/40000, Confidence score for the target model : 0.0035
Episodes 20000/40000, Confidence score for the target model : 0.0063
Episodes 30000/40000, Confidence score for the target model : 0.0121
Episodes 40000/40000, Confidence score for the target model : 0.0121
Classes 2/100, Accuracy : 0.000, Top-5 Accuracy : 0.000
Target Label : 25
Episodes 10000/40000, Confidence score for the target model : 0.1204
Episodes 20000/40000, Confidence score for the target model : 0.1204
Episodes 30000/40000, Confidence sc

KeyboardInterrupt: 