-
Notifications
You must be signed in to change notification settings - Fork 11
/
pubfig65_fingerprint_vggface.py
145 lines (106 loc) · 4.43 KB
/
pubfig65_fingerprint_vggface.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Date : 2018-08-07 10:16:40
# @Author : Bolun Wang ([email protected])
# @Link : http://cs.ucsb.edu/~bolunwang
import os
import time
import numpy as np
import keras.backend as K
K.set_learning_phase(0)
from keras.models import Model
from mimic_penalty_dssim import MimicPenaltyDSSIM
import random
random.seed(1234)
from keras.models import load_model
import utils_translearn
##############################
# PARAMETERS #
##############################
# parameters about the model
NB_CLASSES = 65
IMG_ROW = 224
IMG_COL = 224
IMG_COLOR = 3
INTENSITY_RANGE = 'imagenet'
# parameters about dataset/model/result path
TEACHER_MODEL_FILE = 'models/vggface.h5'
STUDENT_MODEL_FILE = 'models/pubfig65-vggface-trans-nb-train-90.h5'
# parameters used for attack
DEVICE = '0' # which GPU to use
BATCH_SIZE = 1 # number of images being processed simultaneously, default is 1
NB_IMGS = 1 # number of fingerprinting images generated
# set to 1 here, as we do not care about how the image looks like
DSSIM_THRESHOLD = 1
CUTOFF_LAYER = 38 # ID of bottleneck layer
INITIAL_CONST = 1e10 # Penalty coefficient. Controls how tight the bound is
LR = 1 # Learning rate of the optimizer
MAX_ITER = 2000 # maximul number of iteration
##############################
# END PARAMETERS #
##############################
def load_and_build_models(student_model_file=STUDENT_MODEL_FILE,
teacher_model_file=TEACHER_MODEL_FILE,
cutoff_layer=CUTOFF_LAYER):
# load the student model
print('loading student model')
student_model = load_model(student_model_file)
print('loading teacher model')
teacher_model = load_model(teacher_model_file)
# load the bottleneck model
print('building bottleneck model')
bottleneck_model = Model(teacher_model.input,
teacher_model.layers[cutoff_layer - 1].output)
bottleneck_model.compile(loss='categorical_crossentropy',
optimizer='adam',
metrics=['accuracy'])
return bottleneck_model, student_model
def pubfig65_fingerprint_vggface():
os.environ["CUDA_VISIBLE_DEVICES"] = DEVICE
sess = utils_translearn.fix_gpu_memory()
bottleneck_model, student_model = load_and_build_models()
# form attacker class
# setting mimic_img to False, since we are mimicking a specific vector
print('loading attacker')
attacker = MimicPenaltyDSSIM(sess,
bottleneck_model,
mimic_img=False,
batch_size=BATCH_SIZE,
intensity_range=INTENSITY_RANGE,
initial_const=INITIAL_CONST,
learning_rate=LR,
max_iterations=MAX_ITER,
l_threshold=DSSIM_THRESHOLD,
verbose=1)
print('building fingerprinting input')
# initializing input with random noise
X_source_raw = np.random.random((NB_IMGS, IMG_ROW, IMG_COL, IMG_COLOR))
X_source_raw *= 255.0
X_source = utils_translearn.preprocess(X_source_raw, INTENSITY_RANGE)
# build target bottleneck neuron vector as all-zero vector
bottleneck_shape = (
[X_source.shape[0]] +
list(bottleneck_model.layers[-1].output_shape[1:]))
X_target_bottleneck = np.zeros(bottleneck_shape)
# build fingerprinting input
X_adv = attacker.attack(X_source, X_target_bottleneck)
print('testing fingerprint image on student')
gini_list = []
max_conf_list = []
Y_pred = student_model.predict(X_adv)
Y_conf = np.max(Y_pred, axis=1)
for idx in xrange(NB_IMGS):
gini_list.append(utils_translearn.gini(Y_pred[idx]))
max_conf_list.append(Y_conf[idx])
# Low gini index means fingerprinting is successful, the correct teacher
# is found. You can also infer this from maximum confidence. If max_conf
# is low (similar to 1 / NB_CLASSES), then fingerprinting is successful.
avg_gini = np.mean(gini_list)
avg_max_conf = np.mean(max_conf_list)
print('INFO: avg_gini: %f, avg_max_conf: %f' % (avg_gini, avg_max_conf))
pass
if __name__ == '__main__':
start_time = time.time()
pubfig65_fingerprint_vggface()
elapsed_time = time.time() - start_time
print('elapsed time %f s' % (elapsed_time))