Invert and Defend: Model-based Approximate Inversion of Generative Adversarial Network For Secure Inference
- Install pyenv from https://github.com/pyenv/pyenv#installation
- Create a directory for InvGAN:
mkdir <path-to-invgan>
cd <path-to-invgan>
git clone git@github.com:yogeshbalaji/InvGAN.git invgan
cd invgan
Now you should be in the project root directory.- Run the setup script
./setup.sh
- Download datasets:
python download_dataset.py mnist
python download_dataset.py f-mnist
python download_dataset.py cifar-10
Download the pre-trained gans and classifiers from the following links into the root directory:
Classifiers: https://drive.google.com/file/d/1wws8pvE2slWXGIcQt5QYlH4N78yNZ8lw/view?usp=sharing
MNIST: https://drive.google.com/file/d/1L_U8A_aKvmuLNo9hdz4IgEK7UQ8d5t10/view?usp=sharing
FMNIST: https://drive.google.com/file/d/1NkktHH7VDMk8A2pMz2XSDQwf2dFX59o0/view?usp=sharing
CIFAR10: https://drive.google.com/file/d/1NkktHH7VDMk8A2pMz2XSDQwf2dFX59o0/view?usp=sharing
Put the *.tar.gz
files in the root directory and run:
tar -xzvf classifiers.tar.gz
tar -xzvf mnist.tar.gz
tar -xzvf fmnist.tar.gz
tar -xzvf cifar10.tar.gz
These should create an output/
and classifiers/model
directories.
python train.py --cfg experiments/cfgs/gans_inv_notrain/mnist.yml --save_ds
python train.py --cfg experiments/cfgs/gans_inv_notrain/fmnist.yml --save_ds
python train.py --cfg experiments/cfgs/gans_inv_notrain/cifar_resnet.yml --save_ds
These scripts will normalize the datasets and save them in pickle files.
To reproduce the results of Table 2 run:
python whitebox.py --cfg experiments/cfgs/gans_inv_notrain/{mnist,fmnist,cifar_resnet}.yml \
--results_dir whitebox \
--attack_type {fgsm,cw,bpda,bpda-l2} \
--model A \
--load_classifier \
--defense_type defense_gan \
--rec_iters 1000 \
--debug
The defense_type is intentionally defense_gan
, the config file instructs the code
to use InvGAN. This will be fixed for the camera ready version.
python whitebox.py --cfg experiments/cfgs/gans/{mnist,fmnist,cifar10_hinge_resnet}.yml \
--results_dir whitebox \
--attack_type {fgsm,cw,bpda,bpda-l2} \
--model A \
--load_classifier \
--defense_type defense_gan \
--debug
After running the whitebox experiments, the ROC results can be produced:
python plots/plot_ROC.py \
--pkl_file_adv results/gans_inv_notrain/{mnist,fmnist,cifar_resnet}/whitebox/0_model=A_orig_Iter=1000_RR=1_LR=0.0100_defense_ganattack={fgsm,cw,bpda,bpda-l2}_roc.pkl \
--pkl_file_clean results/gans_inv_notrain/{mnist,fmnist,cifar_resnet,celeba_resnet}/whitebox/0_model=A_orig_Iter=1000_RR=1_LR=0.0100_defense_ganattack={fgsm,cw,bpda,bpda-l2}_roc_clean.pkl
python plots/plot_ROC.py \
--pkl_file_adv results/gans/{mnist,fmnist,cifar10_hinge_resnet}/whitebox/0_model=A_orig_Iter=200_RR=10_LR=10.0000_defense_ganattack={fgsm,cw,bpda,bpda-l2}_roc.pkl \
--pkl_file_clean results/gans/{mnist,fmnist,cifar10_hinge_resnet}/whitebox/0_model=A_orig_Iter=200_RR=10_LR=10.0000_defense_ganattack={fgsm,cw,bpda,bpda-l2}_roc_clean.pkl
To train the inverter and the pre-trained models instead of the provided pre-trained models:
python train.py --cfg experiments/cfgs/gans_inv_notrain/{mnist,fmnist,cifar_resnet}.yml \
--is_train
The code for attacks are in whitebox.py
and blackbox.py
.
The code for the inverter is in model/gan_v2.py
.