In [8]:
import os
import numpy as np
import math 
import scipy
import sys
from inference_utils import *

In [9]:
def inference_attack_from_npz_file(file_path, verification_file=False):
    if verification_file == False:
        output_data = np.load( file_path )
        output_train_benign = output_data['output_train_benign']
        output_test_benign = output_data['output_test_benign']
        output_train_adversarial = output_data['output_train_adversarial']
        output_test_adversarial = output_data['output_test_adversarial']
        train_label = output_data['train_label']
        test_label = output_data['test_label']
        print('-------with benign inputs-------')
        inference_via_confidence(output_train_benign, output_test_benign, train_label, test_label)
        print('-------with adversarial inputs-------')
        inference_via_confidence(output_train_adversarial, output_test_adversarial, train_label, test_label)
        print()

datasets = ['Yale','FMNIST', 'CIFAR10']
defense_methods = ['PGD', 'Difference',
                   'Distributional', 'Duality verification',
                   'Abstract verification', 'IBP verification']

for dataset in datasets:
    print('************************* For '+dataset+' dataset **************************************')
    # 正常模型
    print('########### when naturally train the model ##############')
    file_path = os.path.join('PGD', os.path.join(dataset, 'output_results/model_natural.npz'))
    inference_attack_from_npz_file(file_path, verification_file=False)
    # 有对抗样本防御训练过的模型
    for defense in defense_methods:
        if ('verification' in defense) and (dataset == 'CIFAR10'):
            continue
        print('########### when ' + defense + ' is adopted ##############')
        file_path = os.path.join(defense, os.path.join(dataset, 'output_results/model_robust.npz'))
        inference_attack_from_npz_file(file_path, verification_file=False)
    print()

************************* For Yale dataset **************************************
########### when naturally train the model ##############
-------with benign inputs-------
model accuracy for training and test- (1.0, 0.9824902723735408)
membership inference accuracy is: 0.5585306164243293
-------with adversarial inputs-------
model accuracy for training and test- (0.045263157894736845, 0.029182879377431907)
membership inference accuracy is: 0.5427329510546794

########### when PGD is adopted ##############
-------with benign inputs-------
model accuracy for training and test- (0.9989473684210526, 0.9669260700389105)
membership inference accuracy is: 0.6168687282408356
-------with adversarial inputs-------
model accuracy for training and test- (0.99, 0.7762645914396887)
membership inference accuracy is: 0.6882561949621135

########### when Difference is adopted ##############
-------with benign inputs-------
model accuracy for training and test- (0.9952631578947368, 0.9377431906614786)
