In [1]:
import torch
import torch.nn as nn
import torch.nn.functional as F
import torch.optim as optim
import numpy as np

from art.attacks.evasion import FastGradientMethod
from art.estimators.classification import PyTorchClassifier
from art.utils import load_dataset
from art import metrics
from torch import Tensor
import matplotlib.pyplot as plt
import torchvision
from torchvision import models, transforms

  from .autonotebook import tqdm as notebook_tqdm


In [2]:
(x_train, y_train), (x_test, y_test), min_pixel_value, max_pixel_value = load_dataset('cifar10')
x_train = np.transpose(x_train, (0, 3, 1, 2)).astype(np.float32)
x_test = np.transpose(x_test, (0, 3, 1, 2)).astype(np.float32)


In [3]:
class Net(nn.Module):
    def __init__(self):
        super().__init__()
        self.conv1 = nn.Conv2d(3, 6, 5)
        self.pool = nn.MaxPool2d(2, 2)
        self.conv2 = nn.Conv2d(6, 16, 5)
        self.fc1 = nn.Linear(16 * 5 * 5, 120)
        self.fc2 = nn.Linear(120, 84)
        self.fc3 = nn.Linear(84, 10)

    def forward(self, x):
        x = self.pool(F.relu(self.conv1(x)))
        x = self.pool(F.relu(self.conv2(x)))
        x = torch.flatten(x, 1) # flatten all dimensions except batch
        x = F.relu(self.fc1(x))
        x = F.relu(self.fc2(x))
        x = self.fc3(x)
        return x

model = Net()
# set traning
criterion = nn.CrossEntropyLoss()
optimizer = optim.SGD(model.parameters(), lr=0.001, momentum=0.9)

In [4]:
classifier = PyTorchClassifier(
    model=model,
    clip_values=(min_pixel_value, max_pixel_value),
    loss=criterion,
    optimizer=optimizer,
    input_shape=(3, 32, 32),
    nb_classes=10,
    device_type='cpu'
)
classifier.fit(x_train, y_train, batch_size=200, nb_epochs=10)
# An extra (unfitted) model of the same type is needed for the PDTP metric to fit alternative models and compare 
classifier_extra = PyTorchClassifier(
    model=model,
    clip_values=(min_pixel_value, max_pixel_value),
    loss=criterion,
    optimizer=optimizer,
    input_shape=(3, 32, 32),
    nb_classes=10,
    device_type='cpu'
)

In [5]:
from art.metrics import PDTP, SHAPr

this training process is time consuming

In [8]:
SHAPr_leakage = SHAPr(classifier, x_train, y_train, x_test, y_test)
print("Average SHAPr leakage random forest: ", np.average(SHAPr_leakage))
print("Max SHAPr leakage random forest: ", np.max(SHAPr_leakage))

Average SHAPr leakage random forest:  0.2556
Max SHAPr leakage random forest:  12.9713335


In [7]:
# We will run the PDTP metric only on a subset of the training samples, since it is quite slow
num_samples = 1

indexes = np.array(range(num_samples))
leakage, _, _ = PDTP(classifier, classifier_extra, x_train, y_train, indexes=indexes)

print("Average PDTP leakage: ", np.average(leakage))
print("Max PDTP leakage ", np.max(leakage))

Average PDTP leakage:  68.8
Max PDTP leakage  68.8
