forked from 626_privacy/tensorflow_privacy
Internal
PiperOrigin-RevId: 424922009
This commit is contained in:
parent
7396ad62da
commit
07230a161a
4 changed files with 31 additions and 36 deletions
|
@ -11,11 +11,11 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
"""Tests for tensorflow_privacy.privacy.logistic_regression.multinomial_logistic."""
|
|
||||||
|
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from absl.testing import parameterized
|
from absl.testing import parameterized
|
||||||
from tensorflow_privacy.privacy.analysis.compute_dp_sgd_privacy import compute_dp_sgd_privacy
|
from tensorflow_privacy.privacy.analysis import compute_dp_sgd_privacy_lib
|
||||||
from tensorflow_privacy.privacy.logistic_regression import datasets
|
from tensorflow_privacy.privacy.logistic_regression import datasets
|
||||||
from tensorflow_privacy.privacy.logistic_regression import multinomial_logistic
|
from tensorflow_privacy.privacy.logistic_regression import multinomial_logistic
|
||||||
|
|
||||||
|
@ -49,12 +49,10 @@ class MultinomialLogisticRegressionTest(parameterized.TestCase):
|
||||||
epochs, batch_size, tolerance):
|
epochs, batch_size, tolerance):
|
||||||
noise_multiplier = multinomial_logistic.compute_dpsgd_noise_multiplier(
|
noise_multiplier = multinomial_logistic.compute_dpsgd_noise_multiplier(
|
||||||
num_train, epsilon, delta, epochs, batch_size, tolerance)
|
num_train, epsilon, delta, epochs, batch_size, tolerance)
|
||||||
epsilon_lower_bound = compute_dp_sgd_privacy(num_train, batch_size,
|
epsilon_lower_bound = compute_dp_sgd_privacy_lib.compute_dp_sgd_privacy(
|
||||||
noise_multiplier + tolerance,
|
num_train, batch_size, noise_multiplier + tolerance, epochs, delta)[0]
|
||||||
epochs, delta)[0]
|
epsilon_upper_bound = compute_dp_sgd_privacy_lib.compute_dp_sgd_privacy(
|
||||||
epsilon_upper_bound = compute_dp_sgd_privacy(num_train, batch_size,
|
num_train, batch_size, noise_multiplier - tolerance, epochs, delta)[0]
|
||||||
noise_multiplier - tolerance,
|
|
||||||
epochs, delta)[0]
|
|
||||||
self.assertLess(epsilon_lower_bound, epsilon)
|
self.assertLess(epsilon_lower_bound, epsilon)
|
||||||
self.assertLess(epsilon, epsilon_upper_bound)
|
self.assertLess(epsilon, epsilon_upper_bound)
|
||||||
|
|
||||||
|
|
|
@ -24,12 +24,8 @@ import matplotlib.pyplot as plt
|
||||||
import numpy as np
|
import numpy as np
|
||||||
import pandas as pd
|
import pandas as pd
|
||||||
from sklearn import metrics
|
from sklearn import metrics
|
||||||
from tensorflow import keras
|
import tensorflow as tf
|
||||||
from tensorflow.keras import layers
|
|
||||||
from tensorflow.keras.utils import to_categorical
|
|
||||||
|
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack import membership_inference_attack as mia
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack import membership_inference_attack as mia
|
||||||
|
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackInputData
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackInputData
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResults
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResults
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsCollection
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsCollection
|
||||||
|
@ -91,31 +87,32 @@ num_clusters = int(round(np.max(training_labels))) + 1
|
||||||
|
|
||||||
# Hint: play with the number of layers to achieve different level of
|
# Hint: play with the number of layers to achieve different level of
|
||||||
# over-fitting and observe its effects on membership inference performance.
|
# over-fitting and observe its effects on membership inference performance.
|
||||||
three_layer_model = keras.models.Sequential([
|
three_layer_model = tf.keras.Sequential([
|
||||||
layers.Dense(300, activation="relu"),
|
tf.keras.layers.Dense(300, activation="relu"),
|
||||||
layers.Dense(300, activation="relu"),
|
tf.keras.layers.Dense(300, activation="relu"),
|
||||||
layers.Dense(300, activation="relu"),
|
tf.keras.layers.Dense(300, activation="relu"),
|
||||||
layers.Dense(num_clusters, activation="relu"),
|
tf.keras.layers.Dense(num_clusters, activation="relu"),
|
||||||
layers.Softmax()
|
tf.keras.layers.Softmax()
|
||||||
])
|
])
|
||||||
three_layer_model.compile(
|
three_layer_model.compile(
|
||||||
optimizer="adam", loss="categorical_crossentropy", metrics=["accuracy"])
|
optimizer="adam", loss="categorical_crossentropy", metrics=["accuracy"])
|
||||||
|
|
||||||
two_layer_model = keras.models.Sequential([
|
two_layer_model = tf.keras.Sequential([
|
||||||
layers.Dense(300, activation="relu"),
|
tf.keras.layers.Dense(300, activation="relu"),
|
||||||
layers.Dense(300, activation="relu"),
|
tf.keras.layers.Dense(300, activation="relu"),
|
||||||
layers.Dense(num_clusters, activation="relu"),
|
tf.keras.layers.Dense(num_clusters, activation="relu"),
|
||||||
layers.Softmax()
|
tf.keras.layers.Softmax()
|
||||||
])
|
])
|
||||||
two_layer_model.compile(
|
two_layer_model.compile(
|
||||||
optimizer="adam", loss="categorical_crossentropy", metrics=["accuracy"])
|
optimizer="adam", loss="categorical_crossentropy", metrics=["accuracy"])
|
||||||
|
|
||||||
|
|
||||||
def crossentropy(true_labels, predictions):
|
def crossentropy(true_labels, predictions):
|
||||||
return keras.backend.eval(
|
return tf.keras.backend.eval(
|
||||||
keras.losses.binary_crossentropy(
|
tf.keras.metrics.binary_crossentropy(
|
||||||
keras.backend.variable(to_categorical(true_labels, num_clusters)),
|
tf.keras.backend.variable(
|
||||||
keras.backend.variable(predictions)))
|
tf.keras.utils.to_categorical(true_labels, num_clusters)),
|
||||||
|
tf.keras.backend.variable(predictions)))
|
||||||
|
|
||||||
|
|
||||||
def main(unused_argv):
|
def main(unused_argv):
|
||||||
|
@ -131,9 +128,10 @@ def main(unused_argv):
|
||||||
for i in range(1, 6):
|
for i in range(1, 6):
|
||||||
models[model_name].fit(
|
models[model_name].fit(
|
||||||
training_features,
|
training_features,
|
||||||
to_categorical(training_labels, num_clusters),
|
tf.keras.utils.to_categorical(training_labels, num_clusters),
|
||||||
validation_data=(test_features,
|
validation_data=(test_features,
|
||||||
to_categorical(test_labels, num_clusters)),
|
tf.keras.utils.to_categorical(
|
||||||
|
test_labels, num_clusters)),
|
||||||
batch_size=64,
|
batch_size=64,
|
||||||
epochs=num_epochs,
|
epochs=num_epochs,
|
||||||
shuffle=True)
|
shuffle=True)
|
||||||
|
|
|
@ -13,10 +13,10 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
"""Plotting code for ML Privacy Reports."""
|
"""Plotting code for ML Privacy Reports."""
|
||||||
|
|
||||||
from typing import Iterable
|
from typing import Iterable, Sequence
|
||||||
|
|
||||||
import matplotlib.pyplot as plt
|
import matplotlib.pyplot as plt
|
||||||
import pandas as pd
|
import pandas as pd
|
||||||
|
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResults
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResults
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsCollection
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsCollection
|
||||||
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsDFColumns
|
from tensorflow_privacy.privacy.privacy_tests.membership_inference_attack.data_structures import AttackResultsDFColumns
|
||||||
|
@ -30,7 +30,7 @@ TRAIN_ACCURACY_STR = 'Train accuracy'
|
||||||
|
|
||||||
|
|
||||||
def plot_by_epochs(results: AttackResultsCollection,
|
def plot_by_epochs(results: AttackResultsCollection,
|
||||||
privacy_metrics: Iterable[PrivacyMetric]) -> plt.Figure:
|
privacy_metrics: Sequence[PrivacyMetric]) -> plt.Figure:
|
||||||
"""Plots privacy vulnerabilities vs epoch numbers.
|
"""Plots privacy vulnerabilities vs epoch numbers.
|
||||||
|
|
||||||
In case multiple privacy metrics are specified, the plot will feature
|
In case multiple privacy metrics are specified, the plot will feature
|
||||||
|
@ -55,7 +55,7 @@ def plot_by_epochs(results: AttackResultsCollection,
|
||||||
|
|
||||||
|
|
||||||
def plot_privacy_vs_accuracy(results: AttackResultsCollection,
|
def plot_privacy_vs_accuracy(results: AttackResultsCollection,
|
||||||
privacy_metrics: Iterable[PrivacyMetric]):
|
privacy_metrics: Sequence[PrivacyMetric]):
|
||||||
"""Plots privacy vulnerabilities vs accuracy plots.
|
"""Plots privacy vulnerabilities vs accuracy plots.
|
||||||
|
|
||||||
In case multiple privacy metrics are specified, the plot will feature
|
In case multiple privacy metrics are specified, the plot will feature
|
||||||
|
@ -105,7 +105,7 @@ def _calculate_combined_df_with_metadata(results: Iterable[AttackResults]):
|
||||||
|
|
||||||
def _generate_subplots(all_results_df: pd.DataFrame, x_axis_metric: str,
|
def _generate_subplots(all_results_df: pd.DataFrame, x_axis_metric: str,
|
||||||
figure_title: str,
|
figure_title: str,
|
||||||
privacy_metrics: Iterable[PrivacyMetric]):
|
privacy_metrics: Sequence[PrivacyMetric]):
|
||||||
"""Create one subplot per privacy metric for a specified x_axis_metric."""
|
"""Create one subplot per privacy metric for a specified x_axis_metric."""
|
||||||
fig, axes = plt.subplots(
|
fig, axes = plt.subplots(
|
||||||
1, len(privacy_metrics), figsize=(5 * len(privacy_metrics) + 3, 5))
|
1, len(privacy_metrics), figsize=(5 * len(privacy_metrics) + 3, 5))
|
||||||
|
|
|
@ -20,7 +20,6 @@ from absl import app
|
||||||
from absl import flags
|
from absl import flags
|
||||||
from absl import logging
|
from absl import logging
|
||||||
import tensorflow.compat.v1 as tf
|
import tensorflow.compat.v1 as tf
|
||||||
|
|
||||||
from tensorflow_privacy.privacy.analysis import compute_dp_sgd_privacy_lib
|
from tensorflow_privacy.privacy.analysis import compute_dp_sgd_privacy_lib
|
||||||
from tensorflow_privacy.privacy.optimizers import dp_optimizer
|
from tensorflow_privacy.privacy.optimizers import dp_optimizer
|
||||||
import mnist_dpsgd_tutorial_common as common
|
import mnist_dpsgd_tutorial_common as common
|
||||||
|
|
Loading…
Reference in a new issue