In [1]:
# Uncomment the following if need GPU
# import tensorflow as tf
# device_name = tf.test.gpu_device_name()
# if device_name != '/device:GPU:0':
#   raise SystemError('GPU device not found')
# print('Found GPU at: {}'.format(device_name))

import random
import numpy as np
import math
import matplotlib.pyplot as plt

# tensorflow
import tensorflow as tf
print(tf.__version__)

# pytorch
import torch
from torch import nn
print(torch.__version__)

# keras
import keras
from keras.layers import Input, Dense, Conv2D, Dropout, Activation, Flatten, Reshape, Softmax, MaxPooling2D
from keras.models import Model, Sequential, clone_model

# scikit-learn
import sklearn
from sklearn import cluster, decomposition, manifold, metrics
import pandas as pd

import scipy
from scipy.stats import entropy
from scipy.stats import dirichlet

from os.path import exists
# access google file system
# from google.colab import drive
# drive.mount('/content/drive')
cwd = ''

2.5.0
1.9.0


### Utilities

In [2]:
from typing import List, Tuple

class Example(object):
    """
    Wrapper class for a single (natural language, logical form) input/output (x/y) pair
    Attributes:
        x: the natural language as one string
        x_tok: tokenized natural language as a list of strings
        x_indexed: indexed tokens, a list of ints
        y: the raw logical form as a string
        y_tok: tokenized logical form, a list of strings
        y_indexed: indexed logical form, a list of ints
    """
    def __init__(self, x: str, x_tok: List[str], x_indexed: List[int], y, y_tok, y_indexed):
        self.x = x
        self.x_tok = x_tok
        self.x_indexed = x_indexed
        self.y = y
        self.y_tok = y_tok
        self.y_indexed = y_indexed

    def __repr__(self):
        return " ".join(self.x_tok) + " => " + " ".join(self.y_tok) + "\n   indexed as: " + repr(self.x_indexed) + " => " + repr(self.y_indexed)

    def __str__(self):
        return self.__repr__()

class Derivation(object):
    """
    Wrapper for a possible solution returned by the model associated with an Example. Note that y_toks here is a
    predicted y_toks, and the Example itself contains the gold y_toks.
    Attributes:
          example: The underlying Example we're predicting on
          p: the probabilities associated with this prediction
          y_toks: the tokenized output prediction
    """
    def __init__(self, example: Example, p, y_toks):
        self.example = example
        self.p = p
        self.y_toks = y_toks

    def __str__(self):
        return "%s (%s)" % (self.y_toks, self.p)

    def __repr__(self):
        return self.__str__()


PAD_SYMBOL = "<PAD>"
UNK_SYMBOL = "<UNK>"
SOS_SYMBOL = "<SOS>"
EOS_SYMBOL = "<EOS>"

class Indexer(object):
    """
    Bijection between objects and integers starting at 0. Useful for mapping
    labels, features, etc. into coordinates of a vector space.

    Attributes:
        objs_to_ints
        ints_to_objs
    """
    def __init__(self):
        self.objs_to_ints = {}
        self.ints_to_objs = {}

    def __repr__(self):
        return str([str(self.get_object(i)) for i in range(0, len(self))])

    def __str__(self):
        return self.__repr__()

    def __len__(self):
        return len(self.objs_to_ints)

    def get_object(self, index):
        """
        :param index: integer index to look up
        :return: Returns the object corresponding to the particular index or None if not found
        """
        if (index not in self.ints_to_objs):
            return None
        else:
            return self.ints_to_objs[index]

    def contains(self, object):
        """
        :param object: object to look up
        :return: Returns True if it is in the Indexer, False otherwise
        """
        return self.index_of(object) != -1

    def index_of(self, object):
        """
        :param object: object to look up
        :return: Returns -1 if the object isn't present, index otherwise
        """
        if (object not in self.objs_to_ints):
            return -1
        else:
            return self.objs_to_ints[object]

    def add_and_get_index(self, object, add=True):
        """
        Adds the object to the index if it isn't present, always returns a nonnegative index
        :param object: object to look up or add
        :param add: True by default, False if we shouldn't add the object. If False, equivalent to index_of.
        :return: The index of the object
        """
        if not add:
            return self.index_of(object)
        if (object not in self.objs_to_ints):
            new_idx = len(self.objs_to_ints)
            self.objs_to_ints[object] = new_idx
            self.ints_to_objs[new_idx] = object
        return self.objs_to_ints[object]

def make_padded_input_tensor(exs: List[Example], input_indexer: Indexer, max_len: int, reverse_input=False) -> np.ndarray:
    """
    Takes the given Examples and their input indexer and turns them into a numpy array by padding them out to max_len.
    Optionally reverses them.
    :param exs: examples to tensor-ify
    :param input_indexer: Indexer over input symbols; needed to get the index of the pad symbol
    :param max_len: max input len to use (pad/truncate to this length)
    :param reverse_input: True if we should reverse the inputs (useful if doing a unidirectional LSTM encoder)
    :return: A [num example, max_len]-size array of indices of the input tokens
    """
    if reverse_input:
        return np.array(
            [[ex.x_indexed[len(ex.x_indexed) - 1 - i] if i < len(ex.x_indexed) else input_indexer.index_of(PAD_SYMBOL)
              for i in range(0, max_len)]
             for ex in exs])
    else:
        return np.array([[ex.x_indexed[i] if i < len(ex.x_indexed) else input_indexer.index_of(PAD_SYMBOL)
                          for i in range(0, max_len)]
                         for ex in exs])

def make_padded_output_tensor(exs, output_indexer, max_len):
    """
    Similar to make_padded_input_tensor, but does it on the outputs without the option to reverse input
    :param exs:
    :param output_indexer:
    :param max_len:
    :return: A [num example, max_len]-size array of indices of the output tokens
    """
    return np.array([[ex.y_indexed[i] if i < len(ex.y_indexed) else output_indexer.index_of(PAD_SYMBOL) for i in range(0, max_len)] for ex in exs])


### Load data

In [3]:
from collections import Counter

def load_datasets(train_paths:Tuple[str,str], dev_paths:Tuple[str,str]) -> (List[Tuple[str,str]], List[Tuple[str,str]]):
    """
    Reads the training, dev, and test data from the corresponding files.
    :param train_path:
    :param dev_path:
    :param test_path:
    :param domain: Ignore this parameter
    :return:
    """
    train_raw = load_dataset(train_paths[0], train_paths[1])
    dev_raw = load_dataset(dev_paths[0], dev_paths[1])
    return train_raw, dev_raw

def translation_preprocess(dataset, x_set, x, y):
    if not (x in x_set):
        y = y.replace('\u202f', ' ')
        x_set.add(x)
        mydict = {}
        for i in string.punctuation:
            mydict[ord(i)] = None
        x = x.translate(mydict)
        y = y.translate(mydict) + ' <EOS>'
        dataset.append((x, y))

def load_dataset(x_filename:str, y_filename:str):
    x_dataset = []
    y_dataset = []
    with open(x_filename) as f:
        for line in f:
            x_dataset.append(line.rstrip('\n'))
    with open(y_filename) as f:
        for line in f:
            y_dataset.append(line.rstrip('\n') + ' <EOS>')

    dataset = []
    for i in range(len(x_dataset)):
        dataset.append((x_dataset[i], y_dataset[i]))
    return dataset

def tokenize(x) -> List[str]:
    """
    :param x: string to tokenize
    :return: x tokenized with whitespace tokenization
    """
    return x.split()


def index(x_tok: List[str], indexer: Indexer) -> List[int]:
    return [indexer.index_of(xi) if indexer.index_of(xi) >= 0 else indexer.index_of(UNK_SYMBOL) for xi in x_tok]


def index_data(data, input_indexer: Indexer, output_indexer: Indexer, example_len_limit):
    """
    Indexes the given data
    :param data:
    :param input_indexer:
    :param output_indexer:
    :param example_len_limit:
    :return:
    """
    data_indexed = []
    for (x, y) in data:
        x_tok = tokenize(x)
        y_tok = tokenize(y)[0:example_len_limit]
        data_indexed.append(Example(x, x_tok, index(x_tok, input_indexer), y, y_tok,
                                          index(y_tok, output_indexer) + [output_indexer.index_of(EOS_SYMBOL)]))
    return data_indexed


def index_datasets(train_data, dev_data, example_len_limit, unk_threshold=0.0) -> (List[Example], List[Example], Indexer, Indexer):
    """
    Indexes train and test datasets where all words occurring less than or equal to unk_threshold times are
    replaced by UNK tokens.
    :param train_data:
    :param dev_data:
    :param test_data:
    :param example_len_limit:
    :param unk_threshold: threshold below which words are replaced with unks. If 0.0, the model doesn't see any
    UNKs at train time
    :return:
    """
    input_word_counts = Counter()
    # Count words and build the indexers
    for (x, y) in train_data:
        for word in tokenize(x):
            input_word_counts[word] += 1.0
    input_indexer = Indexer()
    output_indexer = Indexer()
    # Reserve 0 for the pad symbol for convenience
    input_indexer.add_and_get_index(PAD_SYMBOL)
    input_indexer.add_and_get_index(UNK_SYMBOL)
    input_indexer.add_and_get_index(SOS_SYMBOL)
    output_indexer.add_and_get_index(PAD_SYMBOL)
    output_indexer.add_and_get_index(SOS_SYMBOL)
    output_indexer.add_and_get_index(EOS_SYMBOL)
    # Index all input words above the UNK threshold
    for word in input_word_counts.keys():
        if input_word_counts[word] > unk_threshold + 0.5:
            input_indexer.add_and_get_index(word)
    # Index all output tokens in train
    for (x, y) in train_data:
        for y_tok in tokenize(y):
            output_indexer.add_and_get_index(y_tok)
    # Index things
    train_data_indexed = index_data(train_data, input_indexer, output_indexer, example_len_limit)
    dev_data_indexed = index_data(dev_data, input_indexer, output_indexer, example_len_limit)
    return train_data_indexed, dev_data_indexed, input_indexer, output_indexer

In [4]:
train, dev = load_datasets((cwd+'data/trans_train.en', cwd+'data/trans_train.fr'),
                           (cwd+'data/trans_test.en', cwd+'data/trans_test.fr'))
train_data_indexed, dev_data_indexed, input_indexer, output_indexer = index_datasets(train, dev, 65)

### RNN Model

In [None]:
import torch.nn.functional as F

class EmbeddingLayer(nn.Module):
    """
    Embedding layer that has a lookup table of symbols that is [full_dict_size x input_dim]. Includes dropout.
    Works for both non-batched and batched inputs
    """
    def __init__(self, input_dim: int, full_dict_size: int, embedding_dropout_rate: float):
        """
        :param input_dim: dimensionality of the word vectors
        :param full_dict_size: number of words in the vocabulary
        :param embedding_dropout_rate: dropout rate to apply
        """
        super(EmbeddingLayer, self).__init__()
        self.dropout = nn.Dropout(embedding_dropout_rate)
        self.word_embedding = nn.Embedding(full_dict_size, input_dim)

    def forward(self, inputs):
        """
        :param input: either a non-batched input [sent len x voc size] or a batched input
        [batch size x sent len x voc size]
        :return: embedded form of the input words (last coordinate replaced by input_dim)
        """
        embedded_words = self.word_embedding(inputs)
        final_embeddings = self.dropout(embedded_words)
        return final_embeddings

class Encoder(nn.Module):
    def __init__(self, vocab_size, emb_dim, embedding_dropout, hidden_size: int, bidirect: bool):
        """
        :param emb_dim: size of word embeddings output by embedding layer
        :param hidden_size: hidden size for the LSTM
        :param bidirect: True if bidirectional, false otherwise
        """
        super(Encoder, self).__init__()
        self.embedding = EmbeddingLayer(emb_dim, vocab_size, embedding_dropout)
        self.bidirect = bidirect
        self.hidden_size = hidden_size
        self.reduce_h_W = nn.Linear(hidden_size * 2, hidden_size, bias=True)
        self.reduce_c_W = nn.Linear(hidden_size * 2, hidden_size, bias=True)
        self.rnn = nn.LSTM(emb_dim, hidden_size, num_layers=1, batch_first=True,
                               dropout=0., bidirectional=self.bidirect)
        self.init_weight()

    def init_weight(self):
        """
        Initializes weight matrices using Xavier initialization
        :return:
        """
        nn.init.xavier_uniform_(self.rnn.weight_hh_l0, gain=1)
        nn.init.xavier_uniform_(self.rnn.weight_ih_l0, gain=1)
        if self.bidirect:
            nn.init.xavier_uniform_(self.rnn.weight_hh_l0_reverse, gain=1)
            nn.init.xavier_uniform_(self.rnn.weight_ih_l0_reverse, gain=1)
        nn.init.constant_(self.rnn.bias_hh_l0, 0)
        nn.init.constant_(self.rnn.bias_ih_l0, 0)
        if self.bidirect:
            nn.init.constant_(self.rnn.bias_hh_l0_reverse, 0)
            nn.init.constant_(self.rnn.bias_ih_l0_reverse, 0)

    def forward(self, x_tensor, input_lens):
        embedded_words = self.embedding.forward(x_tensor)
        packed_embedding = nn.utils.rnn.pack_padded_sequence(embedded_words, input_lens, batch_first=True, enforce_sorted=False)
        output, hn = self.rnn(packed_embedding)
        output, sent_lens = nn.utils.rnn.pad_packed_sequence(output)
        max_length = torch.max(input_lens).item()

        if self.bidirect:
            h, c = hn[0], hn[1]
            h_, c_ = torch.cat((h[0], h[1]), dim=1), torch.cat((c[0], c[1]), dim=1)
            new_h = self.reduce_h_W(h_)
            new_c = self.reduce_c_W(c_)
            h_t = (new_h, new_c)
        else:
            h, c = hn[0][0], hn[1][0]
            h_t = (h, c)
        return (output, h_t)

class Decoder(nn.Module):
    def __init__(self, indexer, emb_dim, embedding_dropout, hidden_size: int, 
                 bidirect: bool, attention: bool):
        """
        :param emb_dim: size of word embeddings output by embedding layer
        :param hidden_size: hidden size for the LSTM
        :param bidirect: True if bidirectional, false otherwise
        """
        super(Decoder, self).__init__()
        self.indexer = indexer
        self.embedding = EmbeddingLayer(emb_dim, len(indexer), embedding_dropout)
        self.hidden_size = hidden_size
        self.bidirect = bidirect
        self.attention = attention
        self.rnn = nn.LSTM(emb_dim, hidden_size, num_layers=1, batch_first=True,
                           dropout=0., bidirectional=False)
        self.reduce_h_W = nn.Linear(2 * hidden_size, hidden_size)
        coef = 2 if attention else 1
        self.h2o = nn.Linear(coef * hidden_size, len(indexer))
        self.softmax = nn.LogSoftmax(dim=1)
        self.loss = nn.NLLLoss()
        self.init_weight()

    def init_weight(self):
        """
        Initializes weight matrices using Xavier initialization
        :return:
        """
        nn.init.xavier_uniform_(self.rnn.weight_hh_l0, gain=1)
        nn.init.xavier_uniform_(self.rnn.weight_ih_l0, gain=1)
        nn.init.constant_(self.rnn.bias_hh_l0, 0)
        nn.init.constant_(self.rnn.bias_ih_l0, 0)

    def forward(self, x_tensor, hidden, encoder_outputs):
        '''
        hidden: (1 * batch * hid_size, 1 * batch * hid_size)
        encoder_outputs: batch * 1 * vocab_size
        '''
        embedded_words = self.embedding.forward(x_tensor)
        if self.bidirect:
            encoder_outputs = self.reduce_h_W(encoder_outputs)
        output, hn = self.rnn(embedded_words, hidden)
        h, c = hn[0][0], hn[1][0] # h, c: batch * hid_size
        if self.attention:
            hid = h.unsqueeze(1) # batch * 1 * hid_size
            enc_out = torch.swapaxes(encoder_outputs, 1, 2) # batch * hid_size * seq_len
            attn_dot_product = torch.matmul(hid, enc_out).squeeze(1)
            # attn_dot_product: batch * seq_len
            attn_weight = F.softmax(attn_dot_product, dim=1)
            # attn_weight: batch * seq_len
            context = torch.matmul(attn_weight.unsqueeze(1), encoder_outputs).squeeze(1)
            # context: batch * hid_size
            out = torch.cat([h, context], dim=1)
            # out: batch * (2 * hid_size)
            output = self.softmax(self.h2o(out)).unsqueeze(1)
        else:
            output = self.softmax(self.h2o(output))

        h_t = (h, c)
        return (output, h_t)

class Seq2Seq_Model(nn.Module):
    def __init__(self, input_indexer, output_indexer, emb_dim, hidden_size, 
                 attention=False, embedding_dropout=0.2, bidirect=True, 
                 reverse_input=False, out_max_length=65, k=0, lambda2=0):
        super(Seq2Seq_Model, self).__init__()
        self.input_indexer = input_indexer
        self.out_max_length = out_max_length
        self.encoder = Encoder(len(input_indexer), emb_dim, embedding_dropout, 
                               hidden_size, bidirect)
        self.decoder = Decoder(output_indexer, emb_dim, embedding_dropout, 
                               hidden_size, bidirect, attention)
        self.loss = nn.NLLLoss()
        self.lambda2 = lambda2
        self.k = k

    def sent_lens_to_mask(self, lens, max_length):
        return torch.from_numpy(np.asarray([[1 if j < lens.data[i].item() else 0 for j in range(0, max_length)] for i in range(0, lens.shape[0])]))

    def mask(self, vector, context_mask, seq_idx):
        for i in range(len(context_mask)):
            vector[i] *= context_mask[i, seq_idx]
        return vector

    def encode_input(self, x_tensor, inp_lens_tensor):
        (enc_output_each_word, enc_final_states) = self.encoder.forward(x_tensor, inp_lens_tensor)
        enc_final_states_reshaped = (enc_final_states[0].unsqueeze(0), enc_final_states[1].unsqueeze(0))
        return (enc_output_each_word, enc_final_states_reshaped)

    def dirichlet_dist(self, probs):
        # apply dirichlet distribution to the probabilities
        if self.k == 0:
            return probs
        probs = probs.detach().numpy()
        for i in range(len(probs)):
            for j in range(len(probs[0])):
                alpha = np.exp(probs[i, j]) * self.k
                rv = dirichlet.rvs(alpha, size=1, random_state=None)[0]
                probs[i, j] = rv
        return torch.Tensor(probs)

    def forward(self, x_tensor, inp_lens_tensor, y_tensor, out_lens_tensor):
        """
        :param x_tensor/y_tensor: either a non-batched input/output [sent len x voc size] or a batched input/output
        [batch size x sent len x voc size]
        :param inp_lens_tensor/out_lens_tensor: either a vecor of input/output length [batch size] or a single integer.
        lengths aren't needed if you don't batchify the training.
        :return: loss of the batch
        """
        max_length = torch.max(out_lens_tensor).item()
        context_mask = self.sent_lens_to_mask(out_lens_tensor, max_length)
        # context_mask: batch * max_seq_len
        loss = 0
        enc_output_each_word, state = self.encode_input(x_tensor, inp_lens_tensor)
        # max_seq_len * batch * hid_size, batch * max_seq_len, batch * hid_size
        enc_output_each_word = torch.swapaxes(enc_output_each_word, 0, 1)

        word_idx = self.decoder.indexer.index_of(SOS_SYMBOL)
        word = torch.ones(len(x_tensor), 1, dtype=torch.int) * word_idx
        for i in range(max_length):
            output, state = self.decoder(word, state, enc_output_each_word)
            # output: batch * 1 * vocab_size
            output = self.mask(output.clone(), context_mask, i)
            labels = y_tensor[:, i]
            loss += self.loss(output.squeeze(1), labels)
            word = labels.unsqueeze(1)
            state = (state[0].unsqueeze(0), state[1].unsqueeze(0))
        # L2 Regularization
        l2_regularization = 0
        if self.lambda2 > 0:
            all_linear_params = torch.cat([x.view(-1) for x in self.decoder.rnn.parameters()])
            l2_regularization = self.lambda2 * torch.norm(all_linear_params, 2)
        return loss + l2_regularization

    def decode(self, test_data: List[Example]) -> List[List[Derivation]]:
        derivations = []
        max_length = np.max(np.array([len(ex.x_indexed) for ex in test_data]))
        input_data = make_padded_input_tensor(test_data, self.input_indexer, max_length)
        for i in range(len(test_data)):
            ex = test_data[i]
            x_tensor = torch.from_numpy(input_data[i]).unsqueeze(0)
            inp_lens_tensor = torch.from_numpy(np.array(len(test_data[i].x_indexed))).unsqueeze(0)
            # encode the data
            enc_outputs, state = self.encode_input(x_tensor, inp_lens_tensor)
            # enc_outputs: 1 * batch * hid_size, state: 1 * hid_size
            enc_outputs = torch.swapaxes(enc_outputs, 0, 1)

            word = torch.ones(len(state[0]), 1, dtype=torch.int) * self.decoder.indexer.index_of(SOS_SYMBOL)
            word_idx = self.decoder.indexer.index_of(SOS_SYMBOL)
            length = 0
            y_toks = []
            probability_list = []
            while length < self.out_max_length:
                output, state = self.decoder(word, state, enc_outputs)
                output = self.dirichlet_dist(output)
                # output: 1 * 1 * vocab_size
                word_idx = torch.argmax(output[0][0])
                probability_list.append(output[0][0].detach().numpy())

                # stop when hit the EOS token
                if word_idx == self.decoder.indexer.index_of(EOS_SYMBOL):
                    break
                y_toks.append(self.decoder.indexer.get_object(word_idx.item()))
                word = torch.tensor([word_idx]).unsqueeze(1)
                state = (state[0].unsqueeze(0), state[1].unsqueeze(0))
                length += 1
            derivations.append(Derivation(ex, np.array(probability_list), y_toks))
        return derivations

### Traning RNN Model

In [None]:
HIDDEN_SIZE = 200
EMBEDDING_DIM = 150
LR = 0.001
BATCH_SIZE = 25
DROPOUT = 0
MAX_LEN = 65

def count_parameters(model):
    return sum(p.numel() for p in model.parameters() if p.requires_grad)

def train_model(train_data: List[Example], input_indexer, output_indexer,
                name='ml_model', epochs=20, k=0, lambda2=0, seed=0):
    EPOCH = epochs
#     torch.manual_seed(seed)
    if exists(cwd+'models/'+name):
        return torch.load(cwd+'models/'+name)

    model = Seq2Seq_Model(input_indexer, output_indexer, EMBEDDING_DIM, HIDDEN_SIZE, 
                          attention=True, embedding_dropout=DROPOUT, k=k, lambda2=lambda2)
    # print(count_parameters(model))
    # return
    optimizer = torch.optim.Adam(model.parameters(), lr=LR)
    for i in range(EPOCH):
        random.shuffle(train_data)
        total_loss = 0
        for j in range(0, len(train_data), BATCH_SIZE):
            model.zero_grad()
            batch_exs = train_data[j: j+BATCH_SIZE]

            x_inp_len, y_inp_len = [],[]
            for ex in batch_exs:
                x_inp_len.append(len(ex.x_tok))
                y_inp_len.append(len(ex.y_tok)+1) # include EOS
            x_tensor = make_padded_input_tensor(batch_exs, input_indexer, max(x_inp_len), reverse_input=False)
            y_tensor = make_padded_output_tensor(batch_exs, output_indexer, max(y_inp_len))
            x_inp_len, y_inp_len = torch.tensor(x_inp_len), torch.tensor(y_inp_len)

            loss = model.forward(torch.tensor(x_tensor), x_inp_len, torch.tensor(y_tensor), y_inp_len)
            total_loss += loss

            torch.nn.utils.clip_grad_norm_(model.parameters(), 0.1)
            loss.backward()
            optimizer.step()
        print('Epoch ', i+1, total_loss)
    torch.save(model, cwd+'models/'+name)
    return model

In [None]:
shadow_model = train_model(train_data_indexed[:5000], input_indexer, output_indexer, name='ml_model', epochs=20)
# target_model = train_model(train_data_indexed[:5000], input_indexer, output_indexer, 'ml_target')

Epoch  1 tensor(2058.9829, grad_fn=<AddBackward0>)
Epoch  2 tensor(1498.0057, grad_fn=<AddBackward0>)
Epoch  3 tensor(1357.8638, grad_fn=<AddBackward0>)
Epoch  4 tensor(1242.9484, grad_fn=<AddBackward0>)
Epoch  5 tensor(1134.5123, grad_fn=<AddBackward0>)
Epoch  6 tensor(1037.9434, grad_fn=<AddBackward0>)
Epoch  7 tensor(956.4129, grad_fn=<AddBackward0>)
Epoch  8 tensor(873.2903, grad_fn=<AddBackward0>)
Epoch  9 tensor(798.5353, grad_fn=<AddBackward0>)
Epoch  10 tensor(723.4243, grad_fn=<AddBackward0>)
Epoch  11 tensor(647.9341, grad_fn=<AddBackward0>)
Epoch  12 tensor(578.6802, grad_fn=<AddBackward0>)
Epoch  13 tensor(507.8611, grad_fn=<AddBackward0>)
Epoch  14 tensor(453.5694, grad_fn=<AddBackward0>)
Epoch  15 tensor(395.0979, grad_fn=<AddBackward0>)
Epoch  16 tensor(337.7388, grad_fn=<AddBackward0>)
Epoch  17 tensor(302.7875, grad_fn=<AddBackward0>)
Epoch  18 tensor(263.0762, grad_fn=<AddBackward0>)
Epoch  19 tensor(235.0412, grad_fn=<AddBackward0>)
Epoch  20 tensor(202.1002, grad_fn

### Evaluation

In [None]:
import nltk
from nltk.translate.bleu_score import sentence_bleu
from nltk.translate.bleu_score import SmoothingFunction

def bleu_score(pred, label):
    '''
    pred, label: list of strings (tokens)
    '''
    reference = [pred]
    candidate = label[:-1]
    smoothie = SmoothingFunction().method3
    score = sentence_bleu(reference, candidate, weights=(1, 0, 0, 0), smoothing_function=smoothie)
    return score

def compute_entropy(test_data: List[Example], decoder, single=False):
    entropies = []
    pred_derivations = decoder.decode(test_data)
    for derivs in pred_derivations:
        entropy = 0
        arr = np.exp(derivs.p)
        for i in arr:
            entropy += scipy.stats.entropy(i, base=len(i))
        entropies.append(entropy/len(arr))
    if single:
        return entropies
    return sum(entropies)/len(entropies)

def CrossEntropy(test_data: List[Example], decoder):
    entropies = []
    pred_derivations = decoder.decode(test_data)
    for j in range(len(pred_derivations)):
        derivs = pred_derivations[j]
        label = test_data[j].y_indexed
        entropy = 0
        arr = np.exp(derivs.p)
        leng = min(len(arr), len(label))
        for i in range(leng):
            entropy -= np.log(arr[i][label[i]])
        entropies.append(entropy/leng)
    return entropies

def evaluate_ml(test_data: List[Example], decoder):
    avg_bleu = 0
    pred_derivations = decoder.decode(test_data)
    for derivs in pred_derivations:
        label = derivs.example.y_tok
        pred = derivs.y_toks
        avg_bleu += bleu_score(pred, label)
    print('BLEU Score: ', avg_bleu/len(test_data))
    return avg_bleu/len(test_data)

def neg(arr):
    for i in range(len(arr)):
        arr[i] = False if arr[i] else True

evaluate_ml(train_data_indexed[:500], shadow_model)
evaluate_ml(dev_data_indexed, shadow_model)

In [None]:
en_train = compute_entropy(train_data_indexed[450:500], shadow_model, True)
en_test = compute_entropy(dev_data_indexed[:50], shadow_model, True)
en = np.array(en_train + en_test)

ce1 = CrossEntropy(train_data_indexed[:50], shadow_model)
ce2 = CrossEntropy(dev_data_indexed[:50], shadow_model)
ce = np.array(ce1 + ce2)

lb = [en[i]>0.2 or ce[i] > 4 for i in range(len(en))]
# lb = [preds[i][i] > 0.5 for i in range(len(en))]

plt.scatter(en[lb], ce[lb], color='red', marker='.', label='out')
neg(lb)
plt.scatter(en[lb], ce[lb], color='blue', marker='.', label='in')
plt.xlabel('RNN Entropy')
plt.ylabel('Cross Entropy Loss')
plt.legend()
plt.show()

### Privacy Budget

In [None]:
import copy
shadow_model = torch.load(cwd+'models/ml_model')
# target_model = torch.load(cwd+'models/ml_target')

# evaluate_ml(train_data_indexed[:500], shadow_model)
base = evaluate_ml(dev_data_indexed, shadow_model)

for i in [0.01, 0.03, 0.05, 0.07, 0.09, 0.11]:
    print('epsilon= ', 4.36*0.015/i, ' ')
    shadow_model = torch.load(cwd+'models/ml_model')
    model_copy = shadow_model.decoder
    for param in model_copy.state_dict():
        size = model_copy.state_dict()[param].shape
        model_copy.state_dict()[param] += torch.Tensor(np.random.normal(0, i, size))
    shadow_model.decoder = model_copy
    acc = evaluate_ml(dev_data_indexed, shadow_model)
    print('Utility loss: ', 1 - acc/base)

BLEU Score:  0.4636494832986608
epsilon=  6.54  
BLEU Score:  0.4613629352094867
Utility loss:  0.004931630836524037
epsilon=  2.18  
BLEU Score:  0.4569261786753715
Utility loss:  0.014500834931284623
epsilon=  1.3079999999999998  
BLEU Score:  0.4391119211494958
Utility loss:  0.05292265608621216
epsilon=  0.9342857142857142  
BLEU Score:  0.3943725191151318
Utility loss:  0.14941667505084666
epsilon=  0.7266666666666667  
BLEU Score:  0.35769105909325183
Utility loss:  0.228531310876401
epsilon=  0.5945454545454545  
BLEU Score:  0.23532632756226035
Utility loss:  0.492447773503342


### Sensitivity

In [None]:
shadow_model = train_model(train_data_indexed[:500], input_indexer, output_indexer, name='model_fed_1')
model2 = train_model(train_data_indexed[1:501], input_indexer, output_indexer, name='model_fed_2')

In [None]:
def sensitivity_sampler(train, sample_size, contribution=1):
    sens = []
    model_1 = train_model(train, input_indexer, output_indexer, 
                              'ml_sen', seed=0)
    for i in range(sample_size):
        D = int(np.random.uniform(0, len(train)-contribution))
        model_2 = train_model(train[:D]+train[D+contribution:], 
                              input_indexer, output_indexer, 
                              'ml_sen_'+str(D), seed=0)
        sens.append(sensitivity(model_1, model_2))
        return max(sens)

def sensitivity(model_1, model_2, norm=2):
    sen=0
    data_vec_1 = [i for i in model_1.state_dict()]
    data_vec_2 = [i for i in model_2.state_dict()]
    for i in range(len(data_vec_1)):
        n1, n2 = data_vec_1[i], data_vec_2[i]
        vec_1, vec_2 = model_1.state_dict()[n1], model_2.state_dict()[n2]
        diff = (vec_1 - vec_2).cpu().detach().numpy().flatten()
        sen += np.linalg.norm(diff, norm)
    return sen

sensitivity_sampler(train_data_indexed[1000:], 500)

0.011670646


### Membership Attack

In [None]:
def get_label_vector(labels, vocab_size):
    label_vectors = np.zeros((len(labels), vocab_size))
    for i in range(len(labels)):
        label_vectors[i, labels[i]] = 1
    return label_vectors

def get_att_data(in_data, out_data):
    in_label = [1.0]*len(in_data)
    out_label = [0.0]*len(out_data)
    labels = in_label + out_label
    in_data = [d for d in in_data]
    out_data = [d for d in out_data]
    data = in_data + out_data

    c = list(zip(data, labels))
    random.shuffle(c)
    data, labels = zip(*c)
    return data, labels
    # return np.array(data), np.array(labels)

def label_vectors(train_data_indexed, dev_data_indexed, model):
    labels = [ex.y_indexed for ex in train_data_indexed] + [ex.y_indexed for ex in dev_data_indexed]
    label_vec = []
    for lab in labels:
        label_vec.append(get_label_vector(lab, len(model.decoder.indexer)))

    # label_vec = np.array(label_vec)
    # label_vec = np.swapaxes(label_vec, 1, 2)
    return label_vec

def output_vectors(train_data_indexed, dev_data_indexed, model):
    data = train_data_indexed + dev_data_indexed
    derivations = model.decode(data)

    # data_vec = np.zeros((len(data), 6, len(derivations[0].p[0])))
    data_vec = []
    i = 0
    for d in derivations:
        # data_vec[i, -len(d.p[-6:]):] = d.p[-6:]
        data_vec.append(d.p)
        i += 1
    # data_vec = np.swapaxes(data_vec, 1, 2)
    # data_vec[np.isnan(data_vec)] = 0
    return data_vec

In [None]:
label_vec = label_vectors(train_data_indexed[:5000], dev_data_indexed, shadow_model)
label_vec[0].shape

(12, 3091)

In [None]:
data_vec = output_vectors(train_data_indexed[:5000], dev_data_indexed, shadow_model)
data_vec[0].shape

(11, 3091)

In [None]:
all_data = [np.concatenate([label_vec[i], data_vec[i]], axis=0) for i in range(len(label_vec))]
data, labels = get_att_data(all_data[:5000], all_data[5000:])

In [None]:
class RNN_Classifier(nn.Module):
    def __init__(self, input_dim, hidden_dim, output_dim, num_layers=1):
        super(RNN_Classifier, self).__init__()
        self.hidden_dim = hidden_dim
        self.num_layers = num_layers

        self.lstm = nn.LSTM(input_dim, hidden_dim, num_layers)
        self.hid2out = nn.Linear(hidden_dim, output_dim)
        self.softmax = nn.LogSoftmax(dim=1)
        nn.init.xavier_uniform_(self.hid2out.weight)

    def forward(self, inputs):
        state = (torch.from_numpy(np.zeros((self.num_layers, len(inputs), self.hidden_dim))).float(),
                 torch.from_numpy(np.zeros((self.num_layers, len(inputs), self.hidden_dim))).float())
        inputs = nn.utils.rnn.pad_sequence(inputs)
        hidden, (hidden_state, cell_state) = self.lstm(inputs, state)
        hidden = hidden[-1]
        output = self.softmax(self.hid2out(hidden))
        return output

def evaluate_attack(data, label, model):
    pred = []
    batch_size = 100
    for j in range(0, len(data), batch_size):
        batch_input = data[j:j+batch_size]
        batch_input = [torch.FloatTensor(ex) for ex in batch_input]
        results = model(batch_input).tolist()
        pred += [np.argmax(result) for result in results]
    return metrics.accuracy_score(label, pred)

def train_attack(data, label, valid_data, valid_label, batch_size=10, epochs=10, 
                 name='att_model', verbose=True):
    criterion = nn.CrossEntropyLoss()
    model = RNN_Classifier(data[0].shape[1], 100, 2)
    optimizer = torch.optim.Adam(model.parameters(), lr=0.01)
    cur_acc = 0
    
    for i in range(epochs):
        total_loss = 0
        for j in range(0, len(data), batch_size):
            model.zero_grad()
            batch_words = data[j: j+batch_size]
            batch_labels = label[j: j+batch_size]
            batch_words = [torch.FloatTensor(ex) for ex in batch_words]
            output = model.forward(batch_words)
            labels = torch.tensor(batch_labels, dtype=torch.long)
            loss = criterion(output, labels)
            total_loss += loss
            loss.backward()
            optimizer.step()
        acc = evaluate_attack(valid_data, valid_label, model)
        if acc > cur_acc:
            torch.save(model, cwd+'models/' + name)
            cur_acc = acc
        if verbose:
            print(i+1, total_loss, acc)
    return model

In [None]:
label_vec = label_vectors(train_data_indexed[5000:10000], dev_data_indexed, target_model)
data_vec = output_vectors(train_data_indexed[5000:10000], dev_data_indexed, target_model)
all_data = [np.concatenate([label_vec[i], data_vec[i]], axis=0) for i in range(len(label_vec))]
v_data, v_labels = get_att_data(all_data[:5000], all_data[5000:])

In [None]:
attack_model = train_attack(data, labels, v_data, v_labels, batch_size=10, epochs=20)

1 tensor(71.2521, grad_fn=<AddBackward0>) 0.492
2 tensor(70.1890, grad_fn=<AddBackward0>) 0.503
3 tensor(67.4297, grad_fn=<AddBackward0>) 0.706
4 tensor(54.0872, grad_fn=<AddBackward0>) 0.72
5 tensor(48.7388, grad_fn=<AddBackward0>) 0.721
6 tensor(43.2599, grad_fn=<AddBackward0>) 0.784
7 tensor(38.8280, grad_fn=<AddBackward0>) 0.784
8 tensor(33.1551, grad_fn=<AddBackward0>) 0.805
9 tensor(28.8777, grad_fn=<AddBackward0>) 0.792
10 tensor(26.1293, grad_fn=<AddBackward0>) 0.794
11 tensor(26.3708, grad_fn=<AddBackward0>) 0.812
12 tensor(23.6370, grad_fn=<AddBackward0>) 0.809
13 tensor(19.5084, grad_fn=<AddBackward0>) 0.805
14 tensor(18.9966, grad_fn=<AddBackward0>) 0.787
15 tensor(19.3465, grad_fn=<AddBackward0>) 0.798
16 tensor(16.8658, grad_fn=<AddBackward0>) 0.796
17 tensor(17.1696, grad_fn=<AddBackward0>) 0.81
18 tensor(14.8928, grad_fn=<AddBackward0>) 0.821
19 tensor(15.1332, grad_fn=<AddBackward0>) 0.825
20 tensor(14.4882, grad_fn=<AddBackward0>) 0.828


## Experiments

### Performance vs. Overfitting

In [None]:
models = []
for i in [5, 10, 15]:
    models.append(train_model(train_data_indexed[:5000], input_indexer, 
                              output_indexer, 'ml_'+str(i), i))
models.append(shadow_model)

Epoch  1 tensor(37167.3828, grad_fn=<AddBackward0>)
Epoch  2 tensor(26521.4648, grad_fn=<AddBackward0>)
Epoch  3 tensor(20305.6094, grad_fn=<AddBackward0>)
Epoch  4 tensor(14937.4414, grad_fn=<AddBackward0>)
Epoch  5 tensor(9953.8115, grad_fn=<AddBackward0>)
Epoch  1 tensor(37107.1016, grad_fn=<AddBackward0>)
Epoch  2 tensor(26983.3066, grad_fn=<AddBackward0>)
Epoch  3 tensor(20794.7520, grad_fn=<AddBackward0>)
Epoch  4 tensor(15074.1670, grad_fn=<AddBackward0>)
Epoch  5 tensor(10137.3984, grad_fn=<AddBackward0>)
Epoch  6 tensor(6787.7090, grad_fn=<AddBackward0>)
Epoch  7 tensor(4659.5103, grad_fn=<AddBackward0>)
Epoch  8 tensor(3267.7966, grad_fn=<AddBackward0>)
Epoch  9 tensor(2491.4827, grad_fn=<AddBackward0>)
Epoch  10 tensor(2167.6162, grad_fn=<AddBackward0>)
Epoch  1 tensor(36829.6719, grad_fn=<AddBackward0>)
Epoch  2 tensor(26350.1426, grad_fn=<AddBackward0>)
Epoch  3 tensor(20207.7832, grad_fn=<AddBackward0>)
Epoch  4 tensor(14642.1074, grad_fn=<AddBackward0>)
Epoch  5 tensor(9

In [None]:
for m in models:
    evaluate_ml(train_data_indexed[:5000], m)
    evaluate_ml(dev_data_indexed, m)
    print()

BLEU Score:  0.553578344598289
BLEU Score:  0.38220604626575294

BLEU Score:  0.8695712942568329
BLEU Score:  0.45121684809735524

BLEU Score:  0.9409331976694416
BLEU Score:  0.4519659698787222

BLEU Score:  0.9461026907862735
BLEU Score:  0.4578782334475625



#### Attack Accuracy vs. Performance

In [None]:
models = []
for i in [500, 1000, 1500, 2000]:
    models.append(train_model(train_data_indexed[:i], input_indexer, 
                              output_indexer, 'ml_ds_'+str(i), epochs=10))
    
for m in models:
    evaluate_ml(dev_data_indexed, m)
    print()

BLEU Score:  0.4129391288582746
BLEU Score:  0.43447608346284095
BLEU Score:  0.4477544261457854
BLEU Score:  0.45493126141991097


In [None]:
for m in models:
    label_vec = label_vectors(train_data_indexed[:5000], dev_data_indexed, m)
    data_vec = output_vectors(train_data_indexed[:5000], dev_data_indexed, m)
    all_data = [np.concatenate([label_vec[i], data_vec[i]], axis=0) for i in range(len(label_vec))]
    v_data, v_labels = get_att_data(all_data[:5000], all_data[5000:])
    acc = evaluate_attack(v_data, v_labels, attack_model)
    print('Attack Accuracy: ', acc)

Attack Accuracy:  0.8582
Attack Accuracy:  0.8364
Attack Accuracy:  0.8197
Attack Accuracy:  0.8103
