In [None]:
from google.colab import drive
drive.mount('/content/drive')

Mounted at /content/drive


In [None]:
# cd to where you put resnet.py
%cd /content/drive/MyDrive

/content/drive/MyDrive


In [None]:
import torch
import torch.nn as nn
import torch.optim as optim
import torch.nn.functional as F
import torch.backends.cudnn as cudnn

import torchvision
import torchvision.transforms as transforms

import os
import argparse
import matplotlib.pyplot as plt
import numpy as np

from resnet import *


In [None]:
device = 'cuda' if torch.cuda.is_available() else 'cpu'
lr = 0.1

In [None]:
# torch.tensor(target_trainset_x).permute(0,3,1,2).shape

torch.Size([14000, 3, 32, 32])

# Prepare Data

In [None]:
from torch.utils.data import Dataset, TensorDataset
print('==> Preparing data..')
transform_train = transforms.Compose([
    transforms.RandomCrop(32, padding=4),
    transforms.RandomHorizontalFlip(),
    transforms.ToTensor(),
    transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

transform_test = transforms.Compose([
    transforms.ToTensor(),
    transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)),
])

trainset = torchvision.datasets.CIFAR10(
    root='./data', train=True, download=True, transform=transform_train)

target_trainset_x = trainset.data[:14000]
target_tarinset_y = trainset.targets[:14000]
target_tarinset = TensorDataset(torch.tensor(target_trainset_x,dtype=torch.float).permute(0,3,1,2),torch.tensor(target_tarinset_y))
target_trainloader = torch.utils.data.DataLoader(target_tarinset, batch_size=128, shuffle=True, num_workers=2)

shadow1_trainset_x = trainset.data[14000:23000]
shadow1_tarinset_y = trainset.targets[14000:23000]

shadow1_tarinset = TensorDataset(torch.tensor(shadow1_trainset_x,dtype=torch.float).permute(0,3,1,2),torch.tensor(shadow1_tarinset_y))
shadow1_trainloader = torch.utils.data.DataLoader(
    shadow1_tarinset, batch_size=128, shuffle=True, num_workers=2)

shadow1_testset_x = trainset.data[23000:32000]
shadow1_testset_y = trainset.targets[23000:32000]
shadow1_testset_x = torch.tensor(shadow1_testset_x,device=device,dtype=torch.float).permute(0,3,1,2)
shadow1_testset_y = torch.tensor(shadow1_testset_y,device=device)

shadow1_testset = TensorDataset(shadow1_testset_x,shadow1_testset_y)
shadow1_testloader = torch.utils.data.DataLoader(
    shadow1_testset, batch_size=128, shuffle=True)

shadow2_trainset_x = trainset.data[32000:41000]
shadow2_tarinset_y = trainset.targets[32000:41000]
shadow2_tarinset = TensorDataset(torch.tensor(shadow2_trainset_x,dtype=torch.float).permute(0,3,1,2),torch.tensor(shadow2_tarinset_y))
shadow2_trainloader = torch.utils.data.DataLoader(
    shadow2_tarinset, batch_size=128, shuffle=True, num_workers=2)


shadow2_testset_x = trainset.data[41000:50000]
shadow2_testset_y = trainset.targets[41000:50000]
shadow2_testset_x = torch.tensor(shadow2_testset_x, device=device,dtype=torch.float).permute(0,3,1,2)
shadow2_testset_y = torch.tensor(shadow2_testset_y, device=device)

shadow2_testset = TensorDataset(shadow2_testset_x,shadow2_testset_y)
shadow2_testloader = torch.utils.data.DataLoader(
    shadow2_testset, batch_size=128, shuffle=True)

# target_trainloader = torch.utils.data.DataLoader(
#     trainset, batch_size=128, shuffle=True, num_workers=2)

testset = torchvision.datasets.CIFAR10(
    root='./data', train=False, download=True, transform=transform_test)
testloader = torch.utils.data.DataLoader(
    testset, batch_size=100, shuffle=False, num_workers=2)


# imgloader = torch.utils.data.DataLoader(
#     testset, batch_size=100, shuffle=False, num_workers=2)

target_testset_x = testset.data
target_testset_y = testset.targets
classes = ('plane', 'car', 'bird', 'cat', 'deer',
           'dog', 'frog', 'horse', 'ship', 'truck')

# Model



==> Preparing data..
Files already downloaded and verified
Files already downloaded and verified


# Train the Target model and Shadow Models

In [None]:
# Training
def train(epoch,dataloader,net,criterion,optimizer):
    print('\nEpoch: %d' % epoch)
    net.train()
    train_loss = 0
    correct = 0
    total = 0
    for batch_idx, (inputs, targets) in enumerate(dataloader):
        inputs, targets = inputs.to(device), targets.to(device)
        # print(inputs.shape,targets.shape)
        optimizer.zero_grad()
        outputs = net(inputs)
        loss = criterion(outputs, targets)
        loss.backward()
        optimizer.step()

        train_loss += loss.item()
        _, predicted = outputs.max(1)
        total += targets.size(0)
        correct += predicted.eq(targets).sum().item()
    return train_loss


def test(epoch,dataloader,net,criterion):
    global acc
    net.eval()
    test_loss = 0
    correct = 0
    total = 0
    with torch.no_grad():
        for batch_idx, (inputs, targets) in enumerate(dataloader):
            inputs, targets = inputs.to(device), targets.to(device)
            outputs = net(inputs)
            loss = criterion(outputs, targets)

            test_loss += loss.item()
            _, predicted = outputs.max(1)
            total += targets.size(0)
            correct += predicted.eq(targets).sum().item()
            # print(predicted)
            # print(targets)
    acc = 100 * correct / total
    return test_loss


In [None]:
print('==> Building model..')
target_net = ResNet18()
target_net = target_net.to(device)
if device == 'cuda':
    target_net = torch.nn.DataParallel(target_net)
    cudnn.benchmark = True

target_criterion = nn.CrossEntropyLoss()
target_optimizer = optim.SGD(target_net.parameters(), lr=lr,
                      momentum=0.9, weight_decay=5e-4)
target_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(target_optimizer, T_max=200)


shadow1_net = ResNet18()
shadow1_net = shadow1_net.to(device)
if device == 'cuda':
    shadow1_net = torch.nn.DataParallel(shadow1_net)
    cudnn.benchmark = True

shadow1_criterion = nn.CrossEntropyLoss()
shadow1_optimizer = optim.SGD(shadow1_net.parameters(), lr=lr,
                      momentum=0.9, weight_decay=5e-4)
shadow1_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(shadow1_optimizer, T_max=200)



shadow2_net = ResNet18()
shadow2_net = shadow2_net.to(device)
if device == 'cuda':
    shadow2_net = torch.nn.DataParallel(shadow2_net)
    cudnn.benchmark = True

shadow2_criterion = nn.CrossEntropyLoss()
shadow2_optimizer = optim.SGD(shadow2_net.parameters(), lr=lr,
                      momentum=0.9, weight_decay=5e-4)
shadow2_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(shadow2_optimizer, T_max=200)


# train_losses = []
# test_losses = []

for epoch in range(0,40):
    trl = train(epoch,target_trainloader,target_net,target_criterion,target_optimizer)
    # train_losses.append(trl)
    tstl = test(epoch,testloader,target_net,target_criterion)
    print(acc,trl)
    # test_losses.append(tstl)
    target_scheduler.step()
print('Accuracy of the network on the test images: %d %%' % (acc))

for epoch in range(0,40):
    trl = train(epoch,shadow1_trainloader,shadow1_net,shadow1_criterion,shadow1_optimizer)
    # train_losses.append(trl)
    tstl = test(epoch,shadow1_testloader,shadow1_net,shadow1_criterion)
    print(acc,trl)
    # test_losses.append(tstl)
    shadow1_scheduler.step()
print('Accuracy of the network on the test images: %d %%' % (acc))

for epoch in range(0,40):
    trl = train(epoch,shadow2_trainloader,shadow2_net,shadow2_criterion,shadow2_optimizer)
    # train_losses.append(trl)
    tstl = test(epoch,shadow2_testloader,shadow2_net,shadow2_criterion)
    print(acc,trl)
    # test_losses.append(tstl)
    shadow2_scheduler.step()
print('Accuracy of the network on the test images: %d %%' % (acc))

==> Building model..

Epoch: 0
10.0 295.63627111911774

Epoch: 1
11.63 199.70415616035461

Epoch: 2
10.0 177.46166276931763

Epoch: 3
10.0 163.27161347866058

Epoch: 4
10.0 153.20780849456787

Epoch: 5
10.0 144.48625481128693

Epoch: 6
10.0 131.7255699634552

Epoch: 7
10.0 121.97856956720352

Epoch: 8
10.0 109.23577743768692

Epoch: 9
10.0 98.92697823047638

Epoch: 10
10.0 88.81610161066055

Epoch: 11
10.0 75.81395465135574

Epoch: 12
10.0 66.0685542523861

Epoch: 13
10.0 54.404149025678635

Epoch: 14
10.0 43.59173208475113

Epoch: 15
10.0 37.255193158984184

Epoch: 16
10.0 29.247623071074486

Epoch: 17
10.0 21.051703594624996

Epoch: 18
10.0 21.86254958063364

Epoch: 19
10.0 17.832267984747887

Epoch: 20
10.0 15.103025671094656

Epoch: 21
10.0 19.483031541109085

Epoch: 22
10.0 12.448987916111946

Epoch: 23
10.0 12.905217785388231

Epoch: 24
10.0 12.565899081528187

Epoch: 25
10.34 10.721862893551588

Epoch: 26
10.0 8.646217165514827

Epoch: 27
10.0 10.609366903081536

Epoch: 28
10.0 

# Performance of Target Model and Shadow Models

In [None]:


tstl = test(epoch,testloader,target_net,target_criterion)
print('Accuracy of the network on the test images: %d %%' % (acc))

tstl = test(epoch,shadow1_testloader,shadow1_net,shadow1_criterion)
print('Accuracy of the network on the test images: %d %%' % (acc))

tstl = test(epoch,shadow2_testloader,shadow2_net,shadow2_criterion)
print('Accuracy of the network on the test images: %d %%' % (acc))

Accuracy of the network on the test images: 10 %
Accuracy of the network on the test images: 68 %
Accuracy of the network on the test images: 65 %


# Saving models

In [None]:
torch.save({
            'epoch': epoch,
            'model_state_dict': target_net.state_dict(),
            'optimizer_state_dict': target_optimizer.state_dict(),
            'loss': target_criterion,
            }, 'mlsec_hw4_q6_target')

torch.save({
            'epoch': epoch,
            'model_state_dict': shadow1_net.state_dict(),
            'optimizer_state_dict': shadow1_optimizer.state_dict(),
            'loss': shadow1_criterion,
            }, 'mlsec_hw4_q6_shadow1')

torch.save({
            'epoch': epoch,
            'model_state_dict': shadow2_net.state_dict(),
            'optimizer_state_dict': shadow2_optimizer.state_dict(),
            'loss': shadow2_criterion,
            }, 'mlsec_hw4_q6_shadow2')

# Load

In [None]:
target_net = ResNet18()
target_net = target_net.to(device)
if device == 'cuda':
    target_net = torch.nn.DataParallel(target_net)
    cudnn.benchmark = True

target_optimizer =optim.SGD(target_net.parameters(), lr=lr,momentum=0.9, weight_decay=5e-4)
target_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(target_optimizer, T_max=200)

checkpoint = torch.load('mlsec_hw4_q6_target')
target_net.load_state_dict(checkpoint['model_state_dict'])
target_optimizer.load_state_dict(checkpoint['optimizer_state_dict'])
epoch = checkpoint['epoch']
target_criterion = checkpoint['loss']

target_net.eval()


shadow1_net = ResNet18()
shadow1_net = shadow1_net.to(device)
if device == 'cuda':
    shadow1_net = torch.nn.DataParallel(shadow1_net)
    cudnn.benchmark = True

shadow1_optimizer =optim.SGD(shadow1_net.parameters(), lr=lr,momentum=0.9, weight_decay=5e-4)
shadow1_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(shadow1_optimizer, T_max=200)

checkpoint = torch.load('mlsec_hw4_q6_shadow1')
shadow1_net.load_state_dict(checkpoint['model_state_dict'])
shadow1_optimizer.load_state_dict(checkpoint['optimizer_state_dict'])
epoch = checkpoint['epoch']
shadow1_criterion = checkpoint['loss']

shadow1_net.eval()


shadow2_net = ResNet18()
shadow2_net = shadow2_net.to(device)
if device == 'cuda':
    shadow2_net = torch.nn.DataParallel(shadow2_net)
    cudnn.benchmark = True

shadow2_optimizer =optim.SGD(shadow2_net.parameters(), lr=lr,momentum=0.9, weight_decay=5e-4)
shadow2_scheduler = torch.optim.lr_scheduler.CosineAnnealingLR(shadow2_optimizer, T_max=200)

checkpoint = torch.load('mlsec_hw4_q6_shadow2')
shadow2_net.load_state_dict(checkpoint['model_state_dict'])
shadow2_optimizer.load_state_dict(checkpoint['optimizer_state_dict'])
epoch = checkpoint['epoch']
shadow2_criterion = checkpoint['loss']

shadow2_net.eval()

# - or -
# model.train()

DataParallel(
  (module): ResNet(
    (conv1): Conv2d(3, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
    (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
    (layer1): Sequential(
      (0): BasicBlock(
        (conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn2): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (shortcut): Sequential()
      )
      (1): BasicBlock(
        (conv1): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
        (bn1): BatchNorm2d(64, eps=1e-05, momentum=0.1, affine=True, track_running_stats=True)
        (conv2): Conv2d(64, 64, kernel_size=(3, 3), stride=(1, 1), padding=(1, 1), bias=False)
       

# ِData for attack model

In [None]:
def get_ouput(dataloader,net):
    net.eval()
    output = []
    with torch.no_grad():
        for batch_idx, (inputs, targets) in enumerate(dataloader):
            inputs, targets = inputs.to(device), targets.to(device)
            outputs = net(inputs)
            output.extend(outputs.cpu().detach().numpy())
    return output


In [None]:

pred1_test = get_ouput(shadow1_testloader, shadow1_net)
np.shape(pred1_test)
pred1_test = np.concatenate([pred1_test,shadow1_testset_y.cpu().detach().numpy().reshape(-1,1)],axis=1)
np.shape(pred1_test)
inout_test = np.zeros((len(pred1_test)))


pred1_train = get_ouput(shadow1_trainloader, shadow1_net)
np.shape(pred1_train)
pred1_train = np.concatenate([pred1_train,np.array(shadow1_tarinset_y).reshape(-1,1)],axis=1)
np.shape(pred1_train)
inout_train = np.ones((len(pred1_train)))

x1 =  np.concatenate([pred1_train,pred1_test],axis=0)
y1 =  np.concatenate([inout_train,inout_test],axis=0)

In [None]:

pred2_test = get_ouput(shadow2_testloader, shadow2_net)
np.shape(pred2_test)
pred2_test = np.concatenate([pred2_test,shadow2_testset_y.cpu().detach().numpy().reshape(-1,1)],axis=1)
np.shape(pred2_test)
inout_test = np.zeros((len(pred2_test)))


pred2_train = get_ouput(shadow2_trainloader, shadow2_net)
np.shape(pred2_train)
pred2_train = np.concatenate([pred2_train,np.array(shadow2_tarinset_y).reshape(-1,1)],axis=1)
np.shape(pred2_train)
inout_train = np.ones((len(pred2_train)))

x2 =  np.concatenate([pred2_train,pred2_test],axis=0)
y2 =  np.concatenate([inout_train,inout_test],axis=0)

In [None]:
x =  np.concatenate([x1,x2],axis=0)
y =  np.concatenate([y1,y2],axis=0)

# Train Attack Model

In [None]:
from sklearn.neural_network import MLPClassifier
from sklearn.datasets import make_classification
from sklearn.model_selection import train_test_split

clf = MLPClassifier(random_state=1, max_iter=300).fit(x, y)

In [None]:

target_test = get_ouput(testloader, target_net)
# print(np.shape(target_test),np.shape(target_testset_y))
target_test = np.concatenate([target_test,np.array(target_testset_y).reshape(-1,1)],axis=1)
np.shape(target_test)
inout_test = np.zeros((len(target_test)))


target_train = get_ouput(target_trainloader, target_net)
np.shape(target_train)
target_train = np.concatenate([target_train,np.array(target_tarinset_y).reshape(-1,1)],axis=1)
np.shape(target_train)
inout_train = np.ones((len(target_train)))

x_test =  np.concatenate([target_train[:10000],target_test[:10000]],axis=0)
y_test =  np.concatenate([inout_train[:10000],inout_test[:10000]],axis=0)

In [None]:
pred = clf.predict_proba(x_test)

np.shape(pred)

(20000, 2)

# Evaluate The Inference Attack

## Accuracy of Attack

In [None]:
predicted_classes = np.argmax(pred,axis=1)
from sklearn.metrics import accuracy_score
accuracy_score(y_test,predicted_classes)

0.77625

## Confusion Matrix

In [None]:
from sklearn.metrics import confusion_matrix
confusion_matrix(y_test, predicted_classes)

array([[10000,     0],
       [ 4475,  5525]])