Closed chris-prenode closed 1 year ago
Hi @chris-prenode I will try the experiment with your ResNet model and get back to you.
I forgot important information: My pre-trained ResNet model was created by TensorFlow version 2.4!
This could lead to the error. I used the following code: https://github.com/sayakpaul/Sharpness-Aware-Minimization-TensorFlow/blob/main/resnet_cifar10.py To create my ResNet20 model.
I have the same problem. But I was trying to load pytorch tried model which had been converted to keras model.
File "/home/yang/gan/118/ml_privacy_meter/attackdc.py", line 1, in
import numpy as np File "/home/yang/gan/118/ml_privacy_meter/ml_privacy_meter/attack/meminf.py", line 168, in init self.create_attack_components(layers) File "/home/yang/gan/118/ml_privacy_meter/ml_privacy_meter/attack/meminf.py", line 278, in create_attack_components self.create_gradient_components(model, layers) File "/home/yang/gan/118/ml_privacy_meter/ml_privacy_meter/attack/meminf.py", line 254, in create_gradient_components module = cnn_for_fcn_gradients(shape) File "/home/yang/gan/118/ml_privacy_meter/ml_privacy_meter/attack/meminf_modules/create_cnn.py", line 12, in cnn_for_fcn_gradients dim2 = int(input_shape[1]) File "/home/yang/tools/anaconda3/envs/datacond/lib/python3.7/site-packages/tensorflow/python/framework/tensor_shape.py", line 887, in getitem return self._dims[key].value IndexError: list index out of range
I tried to reduce the value of 'gradients_to_exploit' to 1 and it worked. I just notice that in 'cnn_for_fcn_gradients' it treat the variables in model as 2 or 3 dimentions. Actually, in my model, it just only 1 dimention. Only the first layer has 4 dimentions so I change 'gradients_to_exploit' to 1.
Hi all, we have released a new version of our tool which works with the newer versions of TensorFlow and PyTorch. Hopefully this should resolve the gradient issue reported here.
Hi all,
I'll try to attack my pre-trained [ResNet20.zip] https://github.com/privacytrustlab/ml_privacy_meter/files/6685533/ResNet20.zip) model with the following model architecture: ResNet20_architecture.txt
For training, I used the same procedure as in the tutorial suggested. To attack the model I use the tutorial file attack_alexnet.py with the following config:
Attacking the model without the gradient_to_exploit parameter works:
Epoch 0 over :Attack test accuracy: 0.499799907207489, Best accuracy : 0.499799907207489
But if I try to exploit the gradients of the first conv2d (Conv2D) layer with Output Shape: (None, 32, 32, 16) that have 448 params and is connected to input_1[0][0] which is referred by the index 1 of gradients_to_exploit=[1] this error occurs:
Or if I try to exploit the gradients of the second conv2d_2 (Conv2D) layer with Output Shape: (None, 32, 32, 16) that have 272 params and is connected to re_lu[0][0] which is referred to the index 1 of gradients_to_exploit=[1] this error occurs:
I don't know if im missing a important thing or I'll execute ml_privacy_meter in a wrong way.
Sunny greetings from Karlsruhe Chris