In [2]:
import os
os.environ['CUDA_VISIBLE_DEVICES'] = '0'
import argparse
import time
import random
import time
import math
import numpy as np
from runx.logx import logx
import pandas as pd
import torch
import torch.nn as nn
import torch.optim as optim
from torchvision import datasets, transforms
from torch.utils.data import DataLoader
import torch.nn.functional as F
#from models import ResNet18
from classifier import CNN
from utils import load_dataset, init_func, Rand_Augment
from deeplearning import train_target_model, test_target_model, train_shadow_model, test_shadow_model
from attack import AdversaryOne_Feature, AdversaryOne_evaluation, AdversaryTwo_HopSkipJump, AdversaryTwo_QEBA,AdversaryTwo_SaltandPepperNoise
from cert_radius.certify import certify


action = -1

import torch.nn as nn

# 定义Net类 (定义网络)

N_ACTIONS = 2               
N_STATES = 20

BATCH_SIZE = 32                                 # 样本数量
LR = 0.01                                       # 学习率
EPSILON = 0.99                                   # greedy policy
GAMMA = 0.9                                     # reward discount
TARGET_REPLACE_ITER = 100                       # 目标网络更新频率
MEMORY_CAPACITY = 2000                          # 记忆库容量

class Net(nn.Module):
    def __init__(self):                                                         # 定义Net的一系列属性
        # nn.Module的子类函数必须在构造函数中执行父类的构造函数
        super(Net, self).__init__()                                             # 等价与nn.Module.__init__()

        self.fc1 = nn.Linear(N_STATES, 50)                                      # 设置第一个全连接层(输入层到隐藏层): 状态数个神经元到50个神经元
        self.fc1.weight.data.normal_(0, 0.1)                                    # 权重初始化 (均值为0，方差为0.1的正态分布)
        self.out = nn.Linear(50, N_ACTIONS)                                     # 设置第二个全连接层(隐藏层到输出层): 50个神经元到动作数个神经元
        self.out.weight.data.normal_(0, 0.1)                                    # 权重初始化 (均值为0，方差为0.1的正态分布)

    def forward(self, x):                                                       # 定义forward函数 (x为状态)
        x = F.relu(self.fc1(x))                                                 # 连接输入层到隐藏层，且使用激励函数ReLU来处理经过隐藏层后的值
        actions_value = self.out(x)                                             # 连接隐藏层到输出层，获得最终的输出值 (即动作值)
        return actions_value 
    
class DQN(object):
    def __init__(self):                                                         # 定义DQN的一系列属性
        self.eval_net, self.target_net = Net(), Net()                           # 利用Net创建两个神经网络:评估网络和目标网络
        self.learn_step_counter = 0                                             # for target updating
        self.memory_counter = 0                                                 # for storing memory
        self.memory = np.zeros((MEMORY_CAPACITY, N_STATES * 2 +2 ))             # 初始化记忆库，一行代表一个transition
        self.optimizer = torch.optim.Adam(self.eval_net.parameters(), lr=LR)    # 使用Adam优化器(输入为评估网络的参数和学习率)
        self.loss_func = nn.MSELoss()                                           # 使用均方损失函数 (loss(xi, yi)=(xi-yi)^2)

    def choose_action(self, x):                                                 # 定义动作选择函数 (x为状态)
        x = torch.unsqueeze(torch.FloatTensor(x), 0)                            # 将x转换成32-bit floating point形式，并在dim=0增加维数为1的维度
        if np.random.uniform() < EPSILON:                                       # 生成一个在[0, 1)内的随机数，如果小于EPSILON，选择最优动作
            actions_value = self.eval_net.forward(x)                            # 通过对评估网络输入状态x，前向传播获得动作值
            action = torch.max(actions_value, 1)[1].data.numpy()                # 输出每一行最大值的索引，并转化为numpy ndarray形式
            action = action[0]                                                  # 输出action的第一个数
        else:                                                                   # 随机选择动作
            action = np.random.randint(0, N_ACTIONS)                            # 这里action随机等于0或1 (N_ACTIONS = 2)
        return action                                                           # 返回选择的动作 (0或1)

    def store_transition(self, s, a, r, s_):                                    # 定义记忆存储函数 (这里输入为一个transition)
        transition = np.hstack((s, [a, r], s_))                                 # 在水平方向上拼接数组
        # 如果记忆库满了，便覆盖旧的数据
        index = self.memory_counter % MEMORY_CAPACITY                           # 获取transition要置入的行数
        self.memory[index, :] = transition                                      # 置入transition
        self.memory_counter += 1                                                # memory_counter自加1

    def learn(self):                                                            # 定义学习函数(记忆库已满后便开始学习)
        # 目标网络参数更新
        if self.learn_step_counter % TARGET_REPLACE_ITER == 0:                  # 一开始触发，然后每100步触发
            self.target_net.load_state_dict(self.eval_net.state_dict())         # 将评估网络的参数赋给目标网络
        self.learn_step_counter += 1                                            # 学习步数自加1

        # 抽取记忆库中的批数据
        sample_index = np.random.choice(MEMORY_CAPACITY, BATCH_SIZE)            # 在[0, 2000)内随机抽取32个数，可能会重复
        b_memory = self.memory[sample_index, :]                                 # 抽取32个索引对应的32个transition，存入b_memory
        b_s = torch.FloatTensor(b_memory[:, :N_STATES])
        # 将32个s抽出，转为32-bit floating point形式，并存储到b_s中，b_s为32行4列
        b_a = torch.LongTensor(b_memory[:, N_STATES:N_STATES+1].astype(int))
        # 将32个a抽出，转为64-bit integer (signed)形式，并存储到b_a中 (之所以为LongTensor类型，是为了方便后面torch.gather的使用)，b_a为32行1列
        b_r = torch.FloatTensor(b_memory[:, N_STATES+1:N_STATES+2])
        # 将32个r抽出，转为32-bit floating point形式，并存储到b_s中，b_r为32行1列
        b_s_ = torch.FloatTensor(b_memory[:, -N_STATES:])
        # 将32个s_抽出，转为32-bit floating point形式，并存储到b_s中，b_s_为32行4列

        # 获取32个transition的评估值和目标值，并利用损失函数和优化器进行评估网络参数更新
        q_eval = self.eval_net(b_s).gather(1, b_a)
        # eval_net(b_s)通过评估网络输出32行每个b_s对应的一系列动作值，然后.gather(1, b_a)代表对每行对应索引b_a的Q值提取进行聚合
        q_next = self.target_net(b_s_).detach()
        # q_next不进行反向传递误差，所以detach；q_next表示通过目标网络输出32行每个b_s_对应的一系列动作值
        q_target = b_r + GAMMA * q_next.max(1)[0].view(BATCH_SIZE, 1)
        # q_next.max(1)[0]表示只返回每一行的最大值，不返回索引(长度为32的一维张量)；.view()表示把前面所得到的一维张量变成(BATCH_SIZE, 1)的形状；最终通过公式得到目标值
        loss = self.loss_func(q_eval, q_target)
        # 输入32个评估值和32个目标值，使用均方损失函数
        self.optimizer.zero_grad()                                      # 清空上一步的残余更新参数值
        loss.backward()                                                 # 误差反向传播, 计算参数更新值
        self.optimizer.step()
        
def Train_Target_Model(args):
    split_size = args.Split_Size[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]
    for idx, cluster in enumerate(split_size):
        torch.cuda.empty_cache() 
        logx.initialize(logdir=args.logdir + '/target/' + str(cluster), coolname=False, tensorboard=False)
        train_loader, test_loader = load_dataset(args, dataset, cluster, mode=args.mode_type)
        targetmodel = CNN('CNN7', dataset)
        targetmodel.apply(init_func)
        targetmodel = nn.DataParallel(targetmodel.cuda())
        optimizer = optim.Adam(targetmodel.parameters(), lr=args.lr)
        logx.msg('======================Train_Target_Model {} ===================='.format(cluster))
        for epoch in range(1, args.epochs + 1):
            train_target_model(args, targetmodel, train_loader, optimizer, epoch)
            test_target_model(args, targetmodel, test_loader, epoch, save=True)


def Train_Shadow_Model(args):
    split_size = args.Split_Size[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]
    save=True
    for idx, cluster in enumerate(split_size):
        torch.cuda.empty_cache()
        train_loader = load_dataset(args, dataset, cluster, mode=args.mode_type)
        #train_loader, test_loader = load_dataset(args, dataset, cluster, mode=args.mode_type)
        targetmodel = CNN('CNN7', dataset)
        shadowmodel = CNN('CNN7', dataset)
        
        targetmodel.apply(init_func)
        shadowmodel.apply(init_func)
        targetmodel = nn.DataParallel(targetmodel.cuda())
        shadowmodel = nn.DataParallel(shadowmodel.cuda())
        
        state_dict, _ =  logx.load_model(path=args.logdir + '/target/' + str(cluster) + '/best_checkpoint_ep.pth')
        targetmodel.load_state_dict(state_dict)
        dqn=DQN()
        state_list=[]
        action_list=[]
        reward_list=[]
        for i in range(20):
            state_list.append(1)
            
        logx.initialize(logdir=args.logdir + '/shadow/'+ str(cluster), coolname=False, tensorboard=False)
        optimizer = optim.Adam(shadowmodel.parameters(), lr=args.lr)
        logx.msg('======================Train_Shadow_Model {} ===================='.format(cluster))
        
        j=0
        accuracy1=[]
        num_pred=0
        for epoch in range(1, args.epochs + 1):
            
            if j<=20:
                action_list.append(1)
            else:
                action_list.append(dqn.choose_action(state_list[j]))
            #train_shadow_model(args, targetmodel, shadowmodel, train_loader, optimizer, epoch)

            targetmodel.eval()
            shadowmodel.train()
                               
            for batch_idx, (data, _) in enumerate(train_loader):
                data = data.cuda()
                output = targetmodel(data)
                _, target = output.max(1)
                optimizer.zero_grad()
                output = shadowmodel(data)
                loss = F.cross_entropy(output, target)
                loss.backward()
                optimizer.step()
                if batch_idx % args.log_interval == 0:
                    logx.msg('ShadowModel Train Epoch: {} [{}/{} ({:.0f}%)]\tLoss: {:.6f}'.format(
                        epoch,
                        batch_idx * len(data),
                        len(train_loader.dataset),
                        100. * batch_idx / len(train_loader),
                        loss.item()))
            #test_shadow_model(args, targetmodel, shadowmodel, train_loader, epoch, save=True)
            targetmodel.eval()
            shadowmodel.eval()
            test_loss = 0
            correct = 0
            with torch.no_grad():
                for batch_idx, (data, _) in enumerate(train_loader):
                    data = data.cuda()
                    output = targetmodel(data)
                    _, target = output.max(1)

                    output = shadowmodel(data)
                    test_loss += F.cross_entropy(output, target).item()
                    pred = output.max(1, keepdim=True)[1]
                    #print(pred)
                     
                    reference_tensor = pred
                    
                    if action_list[j]==1:
                         # generate random array of size [128, 1] with integer values between 0 and 9
                        random_array = np.random.randint(0, 10, size=(128, 1))
                        #random_int = random.randint(0, 10)
                        # convert the array to a PyTorch tensor
                        pred = torch.from_numpy(random_array).cuda()
                        pred = pred[:reference_tensor.shape[0]]
                        for k in range(len(target)):
                            target = torch.cat([target[:k], target[k+1:]], dim=0)
                            pred=torch.cat([pred[:k], pred[k+1:]], dim=0)
                    correct += pred.eq(target.view_as(pred)).sum().item()
                    accuracy1.append(correct/len(pred))
                    num_pred+=len(pred)
            test_loss /= len(train_loader.dataset)
            #accuracy = 100. * correct / len(train_loader.dataset)
            #print(accuracy1)
            #print(len(accuracy1))
            accuracy= sum(accuracy1) / len(accuracy1)
         
            #logx.msg('\nShadowModel Test: Average loss: {:.4f}, Accuracy: {}/{} ({:.0f}%)\n'.format(
             #   test_loss, correct, len(train_loader.dataset), accuracy))
            logx.msg('\nShadowModel Test: Average loss: {:.4f}, Accuracy: {}/{} ({:.0f}%)\n'.format(
                test_loss, correct, num_pred, accuracy))
                # save model
            if save:
                save_dict = {
                    'epoch': epoch + 1,
                    'state_dict': shadowmodel.state_dict(),
                    'accuracy': accuracy}
                logx.save_model(
                    save_dict,
                    metric=accuracy,
                    epoch='',
                higher_better=True)
            print(action_list)
            print(reward_list)
            if action_list[j]==1:
                state_list.append(1)
                reward_list.append(5)
            else:
                state_list.append(0)
                reward_list.append(-5)
                
            #print(state_list[0:20])
            #print(state_list[1:21])
            
            dqn.store_transition(state_list[0:20],action_list[j],reward_list[j],state_list[1:21])
            dqn.learn()
            state_list.pop(0)
            j=j+1

def Train_Shadow_Model_ChangeDataSize(args):
    dataset = 'CIFAR100'
    split_size = [42000, 35000, 30000, 20000, 15000, 10000, 7000, 6000, 5000] 
    Nets = ['CNN3', 'CNN4', 'CNN5', 'CNN6', 'CNN7', 'CNN8', 'CNN9', 'CNN10', 'CNN11'] 
    targetmodel = CNN('CNN7', dataset)
    targetmodel = nn.DataParallel(targetmodel.cuda())
    state_dict, _ =  logx.load_model(path=args.logdir + '/target/7000/best_checkpoint_ep.pth')
    targetmodel.load_state_dict(state_dict)
    for net in Nets:
        for _, cluster in enumerate(split_size):
            torch.cuda.empty_cache()
            train_loader = load_dataset(args, dataset, cluster, mode='ChangeDataSize')
            shadowmodel = CNN(net, dataset)
            shadowmodel.apply(init_func)
            shadowmodel = nn.DataParallel(shadowmodel.cuda())
            logx.initialize(logdir=args.logdir + '/ChangeDataSize/' + net + '/' + str(cluster), coolname=False, tensorboard=False)
            optimizer = optim.Adam(shadowmodel.parameters(), lr=args.lr)
            logx.msg('======================Train_Shadow_Model_ChangeDataSize Size: {}  Nets: {}===================='.format(cluster, net))
            for epoch in range(1, args.epochs + 1):
                train_shadow_model(args, targetmodel, shadowmodel, train_loader, optimizer, epoch)
                test_shadow_model(args, targetmodel, shadowmodel, train_loader, epoch, save=True)

# def AdversaryOne(args): ## loss or entropy or maximum
#     logx.initialize(logdir=args.logdir + '/adversaryOne', coolname=False, tensorboard=False)
#     split_size = args.Split_Size[args.dataset_ID]
#     dataset = args.datasets[args.dataset_ID]
#     AUC_Loss, AUC_Entropy, AUC_Maximum = [], [], []
#     Distribution_Loss = []
    
#     for cluster in split_size:
#         torch.cuda.empty_cache()
#         args.batch_size = 1
#         data_loader = load_dataset(args, dataset, cluster, mode='adversary', max_num=2000)

#         targetmodel = CNN('CNN7', dataset)
#         targetmodel.apply(init_func)
#         targetmodel = nn.DataParallel(targetmodel.cuda())
#         shadowmodel = CNN('CNN7', dataset)
#         shadowmodel.apply(init_func)
#         shadowmodel = nn.DataParallel(shadowmodel.cuda())

#         state_dict, _ =  logx.load_model(path=args.logdir + '/target/' + str(cluster) + '/best_checkpoint_ep.pth')
#         targetmodel.load_state_dict(state_dict)
#         targetmodel.eval()
#         state_dict, _ =  logx.load_model(path=args.logdir + '/shadow/' + str(cluster) + '/best_checkpoint_ep.pth')
#         shadowmodel.load_state_dict(state_dict)
#         shadowmodel.eval()

#         if args.advOne_metric == 'AUC':
#             logx.msg('======================AdversaryOne AUC of Loss, Entropy, Maximum respectively cluster:{} ==================='.format(cluster))
#             AUC_Loss, AUC_Entropy, AUC_Maximum = AdversaryOne_evaluation(args, targetmodel, shadowmodel, data_loader, cluster, AUC_Loss, AUC_Entropy, AUC_Maximum)
#         elif args.advOne_metric == 'Loss_visual':
#             Distribution_Loss = AdversaryOne_Feature(args, shadowmodel, data_loader, cluster, Distribution_Loss)
  
#     df = pd.DataFrame()
#     if args.advOne_metric == 'AUC':
#         AUC_Loss = df.append(AUC_Loss, ignore_index=True)
#         AUC_Entropy = df.append(AUC_Entropy, ignore_index=True)
#         AUC_Maximum = df.append(AUC_Maximum, ignore_index=True)
#         AUC_Loss.to_csv(args.logdir + '/adversaryOne/AUC_Loss.csv')
#         AUC_Entropy.to_csv(args.logdir + '/adversaryOne/AUC_Entropy.csv')
#         AUC_Maximum.to_csv(args.logdir + '/adversaryOne/AUC_Maximum.csv')
#     else:
#         Distribution_Loss = df.append(Distribution_Loss, ignore_index=True)
#         Distribution_Loss.to_csv(args.logdir + '/adversaryOne/Distribution_Loss.csv')
#     # Load the AUC data from the CSV files
#     AUC_Loss = pd.read_csv(args.logdir + '/adversaryOne/AUC_Loss.csv')
#     AUC_Entropy = pd.read_csv(args.logdir + '/adversaryOne/AUC_Entropy.csv')
#     AUC_Maximum = pd.read_csv(args.logdir + '/adversaryOne/AUC_Maximum.csv')

#     # Plot the AUC vs DataSize curves
#     plt.plot(AUC_Loss['DataSize'], AUC_Loss['AUC'], label='AUC Loss')
#     plt.plot(AUC_Entropy['DataSize'], AUC_Entropy['AUC'], label='AUC Entropy')
#     plt.plot(AUC_Maximum['DataSize'], AUC_Maximum['AUC'], label='AUC Maximum')
#     plt.xlabel('DataSize')
#     plt.ylabel('AUC')
#     plt.legend()
#     plt.show()
def AdversaryOne(args): ## loss or entropy or maximum
    logx.initialize(logdir=args.logdir + '/adversaryOne', coolname=False, tensorboard=False)
    split_size = args.Split_Size[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]
    AUC_Loss, AUC_Entropy, AUC_Maximum = [], [], []
    Distribution_Loss = []

    for cluster in split_size:
        torch.cuda.empty_cache()
        args.batch_size = 1
        data_loader = load_dataset(args, dataset, cluster, mode='adversary', max_num=2000)
        
        targetmodel = CNN('CNN7', dataset)
        targetmodel.apply(init_func)
        targetmodel = nn.DataParallel(targetmodel.cuda())
        shadowmodel = CNN('CNN7', dataset)
        shadowmodel.apply(init_func)
        shadowmodel = nn.DataParallel(shadowmodel.cuda())

        state_dict, _ =  logx.load_model(path=args.logdir + '/target/' + str(cluster) + '/best_checkpoint_ep.pth')
        targetmodel.load_state_dict(state_dict)
        targetmodel.eval()
        state_dict, _ =  logx.load_model(path=args.logdir + '/shadow/' + str(cluster) + '/best_checkpoint_ep.pth')
        shadowmodel.load_state_dict(state_dict)
        shadowmodel.eval()

        if args.advOne_metric == 'AUC':
            logx.msg('======================AdversaryOne AUC of Loss, Entropy, Maximum respectively cluster:{} ==================='.format(cluster))
            AUC_Loss, AUC_Entropy, AUC_Maximum = AdversaryOne_evaluation(args, targetmodel, shadowmodel, data_loader, cluster, AUC_Loss, AUC_Entropy, AUC_Maximum)
            #print('AUC_Loss: ', AUC_Loss)
            #print('AUC_Entropy: ', AUC_Entropy)
            #print('AUC_Maximum: ', AUC_Maximum)
        elif args.advOne_metric == 'Loss_visual':
            Distribution_Loss = AdversaryOne_Feature(args, shadowmodel, data_loader, cluster, Distribution_Loss)
            #print('Distribution_Loss: ', Distribution_Loss)
        print('finished')



def AdversaryOne_ChangeDataSize(args):
    split_size = [42000, 35000, 30000, 20000, 15000, 10000, 7000, 6000, 5000]
    dataset = 'CIFAR100'
    Nets = ['CNN3', 'CNN4', 'CNN5', 'CNN6', 'CNN7', 'CNN8', 'CNN9', 'CNN10', 'CNN11']
    data_loader = load_dataset(args, dataset, 7000, mode='adversary', max_num=2000)
    targetmodel = CNN('CNN7', dataset)
    targetmodel = nn.DataParallel(targetmodel.cuda())
    state_dict, _ =  logx.load_model(path=args.logdir + '/target/7000/best_checkpoint_ep.pth')
    targetmodel.load_state_dict(state_dict)
    targetmodel.eval()
    for net in Nets:
        AUC_Loss, AUC_Entropy, AUC_Maximum  = [], [], []
        for _, cluster in enumerate(split_size):
            torch.cuda.empty_cache()
            shadowmodel = CNN(net, dataset)
            shadowmodel = nn.DataParallel(shadowmodel.cuda())
            state_dict, _ =  logx.load_model(path=args.logdir + '/ChangeDataSize/' + net + '/' + str(cluster) + '/best_checkpoint_ep.pth')
            shadowmodel.load_state_dict(state_dict)
            shadowmodel.eval()
            AUC_Loss, AUC_Entropy, AUC_Maximum = AdversaryOne_evaluation(args, targetmodel, shadowmodel, data_loader, cluster, AUC_Loss, AUC_Entropy, AUC_Maximum)
        df = pd.DataFrame()
        AUC_Loss = df.append(AUC_Loss, ignore_index=True)
        AUC_Loss.to_csv(args.logdir + '/ChangeDataSize/' + net + '/AUC_Loss.csv')



def AdversaryTwo(args, Random_Data=False):
    if Random_Data:
        args.Split_Size = [[100], [2000], [100], [100]]
        img_sizes = [(3,32,32), (3,32,32), (3,64,64), (3, 128, 128)] 
    split_size = args.Split_Size[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]
    num_class = args.num_classes[args.dataset_ID]
    
    logx.initialize(logdir=args.logdir + '/adversaryTwo', coolname=False, tensorboard=False)
    if args.blackadvattack == 'HopSkipJump':
        ITER = [50] # for call HSJA evaluation [1, 5, 10, 15, 20, 30]  default 50
    elif args.blackadvattack == 'QEBA':
        ITER = [150] # for call QEBA evaluation default 150
    elif args.blackadvattack == 'SaltandPepperNoise':
        ITER = [-1] # for call SaltandPepperNoise evaluation default 150
    for maxitr in ITER:
        AUC_Dist, Distance = [], []
        for cluster in split_size:
            torch.cuda.empty_cache()
            args.batch_size = 1
            if Random_Data:
                fake_set = datasets.FakeData(size=10000, image_size=img_sizes[args.dataset_ID], num_classes=num_class, transform= transforms.Compose([Rand_Augment(), transforms.ToTensor()]))
                data_loader = DataLoader(fake_set, batch_size=args.batch_size, shuffle=False)
            else:
                data_loader = load_dataset(args, dataset, cluster, mode='adversary', max_num=200)
            targetmodel = CNN('CNN7', dataset)
            targetmodel = nn.DataParallel(targetmodel.cuda())
            
            state_dict, _ =  logx.load_model(path=args.logdir + '/target/' + str(cluster) + '/best_checkpoint_ep.pth')
            targetmodel.load_state_dict(state_dict)
            targetmodel.eval()
            
            if args.blackadvattack == 'HopSkipJump':
                AUC_Dist, Distance = AdversaryTwo_HopSkipJump(args, targetmodel, data_loader, cluster, AUC_Dist, Distance, Random_Data, maxitr)
            elif args.blackadvattack == 'QEBA':
                AUC_Dist, Distance = AdversaryTwo_QEBA(args, targetmodel, data_loader, cluster, AUC_Dist, Distance, Random_Data, maxitr)
            elif args.blackadvattack == 'SaltandPepperNoise':
                AUC_Dist, Distance = AdversaryTwo_SaltandPepperNoise(args, targetmodel, data_loader, cluster, AUC_Dist, Distance, Random_Data)

        df = pd.DataFrame()
        AUC_Dist = df.append(AUC_Dist, ignore_index=True)
        Distance = df.append(Distance, ignore_index=True)
        
        if Random_Data:
            AUC_Dist.to_csv(args.logdir + '/adversaryTwo/AUC_Dist_'+args.blackadvattack+'.csv')
            Distance.to_csv(args.logdir + '/adversaryTwo/Distance_Random_'+args.blackadvattack+'.csv')
        else:
            AUC_Dist.to_csv(args.logdir + '/adversaryTwo/AUC_Dist_'+args.blackadvattack + '.csv')
            Distance.to_csv(args.logdir + '/adversaryTwo/Distance_'+args.blackadvattack+'.csv')
        

def Decision_Radius(args):
    num_class = args.num_classes[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]
    split_size = args.Split_Size[args.dataset_ID]
    dataset = args.datasets[args.dataset_ID]

    for _, cluster in enumerate(split_size):
        torch.cuda.empty_cache()
        mem_set, non_set, transform = load_dataset(args, dataset, cluster, mode='radius')
        targetmodel = CNN('CNN7', dataset)

        targetmodel = nn.DataParallel(targetmodel.cuda())
        state_dict, _ =  logx.load_model(path=args.logdir + '/target/' + str(cluster) + '/best_checkpoint_ep.pth')
        targetmodel.load_state_dict(state_dict)
        targetmodel.eval()

        logx.initialize(logdir=args.logdir + '/radius/' + str(cluster), coolname=False, tensorboard=False)

        max_num = 200 if 200 < len(mem_set) else len(mem_set)
        logx.msg('======================Starting Decision Radius Training Dataset ====================')
        certify(targetmodel, 'cuda', mem_set, transform, num_class,
                    mode='both', start_img=0, num_img=max_num, 
                    sigma=0.25, beta=16)

        logx.msg('======================Starting Decision Radius Testing Dataset ====================')
        certify(targetmodel, 'cuda', non_set, transform, num_class,
                mode='both', start_img=0, num_img=max_num, 
                sigma=0.25, beta=16)


##############################
def main(): 
    # Training settings
    parser = argparse.ArgumentParser(description='PyTorch Decision-based Membership Inference Attack Toy Example') 
    parser.add_argument('--train', default=True, type=bool,
                        help='train or attack')
    parser.add_argument('--dataset_ID', default=False, type=int, 
                        help='CIFAR10=0, CIFAR100=1, GTSRB=2, Face=3')
    parser.add_argument('--datasets', nargs='+',
                        default=['CIFAR10', 'CIFAR100', 'GTSRB', 'Face'])
    parser.add_argument('--num_classes', nargs='+',
                        default=[10, 100, 43, 19])
    parser.add_argument('--Split-Size', nargs='+',
                        default=[[3000, 2000, 1500, 1000, 500, 100],                     #3000, 2000, 1500, 1000, 500, 100
                                [7000, 6000, 5000, 4000, 3000, 2000 ],                      #9000, 8000, 7000, 6000, 5000, 4000  # 7000, 6000, 5000, 4000, 3000, 2000
                                [600, 500, 400, 300, 200, 100  ],  #600, 500, 400, 300, 200, 100            
                                [350, 300, 250, 200, 150, 100  ],  #350, 300, 250, 200, 150, 100                
                                ]) 
    parser.add_argument('--batch-size', nargs='+', default=128, metavar='N',
                        help='input batch size for training (default: 64)')
    parser.add_argument('--epochs', type=int, default=200, metavar='N',
                        help='number of epochs to train (default: 200)')
    parser.add_argument('--lr', type=float, default=0.001, metavar='LR',
                        help='learning rate (default: 0.001 for adam; 0.1 for SGD)')
    parser.add_argument('--momentum', type=float, default=0.5, metavar='M',
                        help='SGD momentum (default: 0.5)')
    parser.add_argument('--cuda', default=True,type=bool,
                        help='disables CUDA training')
    parser.add_argument('--seed', type=int, default=1, metavar='S',
                        help='random seed (default: 1)')
    parser.add_argument('--log-interval', type=int, default=10, metavar='N',
                        help='how many batches to wait before logging training status')
    parser.add_argument('--blackadvattack', default='HopSkipJump', type=str,
                        help='adversaryTwo uses the adv attack the target Model: HopSkipJump; QEBA')
    parser.add_argument('--logdir', type=str, default='',
                        help='target log directory')
    parser.add_argument('--mode_type', type=str, default='',
                        help='the type of action referring to the load dataset')
    parser.add_argument('--advOne_metric', type=str, default='AUC', help='AUC of Loss, Entropy, Maximum respectively; or Loss_visual')
    
    args = parser.parse_args(args=[])

    for dataset_idx in [0,1]:
        args.dataset_ID = dataset_idx
        args.logdir = 'results'+'/' + args.datasets[args.dataset_ID]
        action = 3
        # train
        if action == 0:
            args.mode_type = 'target'
            Train_Target_Model(args)
        elif action == 1:
            args.mode_type = 'shadow'
            Train_Shadow_Model(args)
        elif action == 2: 
            args.logdir = 'results/CIFAR100' 
            Train_Shadow_Model_ChangeDataSize(args)
        # attack
        elif action == 3:
            AdversaryOne(args)
        elif action == 4:    
            args.logdir = 'results/CIFAR100'  
            AdversaryOne_ChangeDataSize(args)
        elif action == 5:
            AdversaryTwo(args, Random_Data=False)

        # others
        elif action == 6:
            Decision_Radius(args)

if __name__ == "__main__":
    main()


Files already downloaded and verified


RuntimeError: element 0 of tensors does not require grad and does not have a grad_fn