aiml.surrogate_model package

Submodules

aiml.surrogate_model.create_surrogate_model module

create_surrogate_model.py

This module creates surrogate models for black-box attacks.

aiml.surrogate_model.create_surrogate_model.create_substitute(dataloader_train, num_classes)[source]

Create a substitute model based on the training dataloader.

Parameters:

  • dataloader_train (torch.utils.data.DataLoader) – The training dataloader.

  • num_classes (int) – The number of classes in the dataset.

Returns:

The created substitute model.

Return type:

nn.Module

aiml.surrogate_model.create_surrogate_model.create_surrogate_model(model, dataloader_train, dataloader_test)[source]

Create and train a surrogate model using PyTorch Lightning.

Parameters:

  • model (nn.Module) – The black-box model to create a surrogate for.

  • dataloader_train (torch.utils.data.DataLoader) – The training dataloader.

  • dataloader_test (torch.utils.data.DataLoader) – The testing dataloader.

Returns:

The trained surrogate model.

Return type:

pytorch_lightning.LightningModule

aiml.surrogate_model.create_surrogate_model.get_num_classes(dataloader)[source]

Get the number of classes from a dataloader.

Parameters:

dataloader (torch.utils.data.DataLoader) – The dataloader containing the dataset.

Returns:

The number of classes in the dataset.

Return type:

int

aiml.surrogate_model.models module

models.py

This module contains utility functions and PyTorch Lightning modules for working with the CIFAR-10 dataset. The VGG16 BN model is used as a substitute for the black box model. This functions and classes in this file are used in the “create_surrogate_model.py” file.

class aiml.surrogate_model.models.LogSoftmaxModule(model)[source]

Bases: LightningModule

A PyTorch Lightning module that wraps a model and applies LogSoftmax to its output.

This module is designed to enhance the functionality of an existing neural network model by applying LogSoftmax to its output. It can be used for various machine learning tasks such as classification.

model

The underlying model to wrap with LogSoftmax.

Type:

nn.Module

forward(x)[source]

Same as torch.nn.Module.forward().

Parameters:

  • *args – Whatever you decide to pass into the forward method.

  • **kwargs – Keyword arguments are also possible.

Returns:

Your model’s output

predict_step(batch, batch_idx, dataloader_idx=0)[source]

Step function called during predict(). By default, it calls forward(). Override to add any processing logic.

The predict_step() is used to scale inference on multi-devices.

To prevent an OOM error, it is possible to use BasePredictionWriter callback to write the predictions to disk or database after each batch or on epoch end.

The BasePredictionWriter should be used while using a spawn based accelerator. This happens for Trainer(strategy="ddp_spawn") or training on 8 TPU cores with Trainer(accelerator="tpu", devices=8) as predictions won’t be returned.

Example

class MyModel(LightningModule):

    def predict_step(self, batch, batch_idx, dataloader_idx=0):
        return self(batch)

dm = ...
model = MyModel()
trainer = Trainer(accelerator="gpu", devices=2)
predictions = trainer.predict(model, dm)
Parameters:

  • batch – Current batch.

  • batch_idx – Index of current batch.

  • dataloader_idx – Index of the current dataloader.

Returns:

Predicted output

class aiml.surrogate_model.models.Surrogate(lr, num_training_batches, oracle, substitute, loss_fn, num_classes, softmax=True)[source]

Bases: LightningModule

A PyTorch Lightning module representing a surrogate model.

This surrogate model is designed to mimic the behavior of an oracle model.

oracle

The oracle model for reference.

Type:

nn.Module

substitute

The surrogate model to be trained.

Type:

nn.Module

loss_fn

The loss function for surrogate training.

Type:

Callable

accuracy

A metric for computing accuracy during training/validation.

Type:

Accuracy

configure_optimizers()[source]

Choose what optimizers and learning-rate schedulers to use in your optimization. Normally you’d need one. But in the case of GANs or similar you might have multiple. Optimization with multiple optimizers only works in the manual optimization mode.

Returns:

Any of these 6 options.

  • Single optimizer.

  • List or Tuple of optimizers.

  • Two lists - The first list has multiple optimizers, and the second has multiple LR schedulers (or multiple lr_scheduler_config).

  • Dictionary, with an "optimizer" key, and (optionally) a "lr_scheduler" key whose value is a single LR scheduler or lr_scheduler_config.

  • None - Fit will run without any optimizer.

The lr_scheduler_config is a dictionary which contains the scheduler and its associated configuration. The default configuration is shown below.

lr_scheduler_config = {
    # REQUIRED: The scheduler instance
    "scheduler": lr_scheduler,
    # The unit of the scheduler's step size, could also be 'step'.
    # 'epoch' updates the scheduler on epoch end whereas 'step'
    # updates it after a optimizer update.
    "interval": "epoch",
    # How many epochs/steps should pass between calls to
    # `scheduler.step()`. 1 corresponds to updating the learning
    # rate after every epoch/step.
    "frequency": 1,
    # Metric to to monitor for schedulers like `ReduceLROnPlateau`
    "monitor": "val_loss",
    # If set to `True`, will enforce that the value specified 'monitor'
    # is available when the scheduler is updated, thus stopping
    # training if not found. If set to `False`, it will only produce a warning
    "strict": True,
    # If using the `LearningRateMonitor` callback to monitor the
    # learning rate progress, this keyword can be used to specify
    # a custom logged name
    "name": None,
}

When there are schedulers in which the .step() method is conditioned on a value, such as the torch.optim.lr_scheduler.ReduceLROnPlateau scheduler, Lightning requires that the lr_scheduler_config contains the keyword "monitor" set to the metric name that the scheduler should be conditioned on.

Metrics can be made available to monitor by simply logging it using self.log('metric_to_track', metric_val) in your LightningModule.

Note

Some things to know:

  • Lightning calls .backward() and .step() automatically in case of automatic optimization.

  • If a learning rate scheduler is specified in configure_optimizers() with key "interval" (default “epoch”) in the scheduler configuration, Lightning will call the scheduler’s .step() method automatically in case of automatic optimization.

  • If you use 16-bit precision (precision=16), Lightning will automatically handle the optimizer.

  • If you use torch.optim.LBFGS, Lightning handles the closure function automatically for you.

  • If you use multiple optimizers, you will have to switch to ‘manual optimization’ mode and step them yourself.

  • If you need to control how often the optimizer steps, override the optimizer_step() hook.

forward(x)[source]

Same as torch.nn.Module.forward().

Parameters:

  • *args – Whatever you decide to pass into the forward method.

  • **kwargs – Keyword arguments are also possible.

Returns:

Your model’s output

predict_step(batch, batch_idx, dataloader_idx=0)[source]

Step function called during predict(). By default, it calls forward(). Override to add any processing logic.

The predict_step() is used to scale inference on multi-devices.

To prevent an OOM error, it is possible to use BasePredictionWriter callback to write the predictions to disk or database after each batch or on epoch end.

The BasePredictionWriter should be used while using a spawn based accelerator. This happens for Trainer(strategy="ddp_spawn") or training on 8 TPU cores with Trainer(accelerator="tpu", devices=8) as predictions won’t be returned.

Example

class MyModel(LightningModule):

    def predict_step(self, batch, batch_idx, dataloader_idx=0):
        return self(batch)

dm = ...
model = MyModel()
trainer = Trainer(accelerator="gpu", devices=2)
predictions = trainer.predict(model, dm)
Parameters:

  • batch – Current batch.

  • batch_idx – Index of current batch.

  • dataloader_idx – Index of the current dataloader.

Returns:

Predicted output

training_step(batch, batch_idx)[source]

Here you compute and return the training loss and some additional metrics for e.g. the progress bar or logger.

Parameters:

  • batch (Tensor | (Tensor, …) | [Tensor, …]) – The output of your DataLoader. A tensor, tuple or list.

  • batch_idx (int) – Integer displaying index of this batch

Returns:

Any of.

  • Tensor - The loss tensor

  • dict - A dictionary. Can include any keys, but must include the key 'loss'

  • None - Training will skip to the next batch. This is only for automatic optimization.

    This is not supported for multi-GPU, TPU, IPU, or DeepSpeed.

In this step you’d normally do the forward pass and calculate the loss for a batch. You can also do fancier things like multiple forward passes or something model specific.

Example:

def training_step(self, batch, batch_idx):
    x, y, z = batch
    out = self.encoder(x)
    loss = self.loss(out, x)
    return loss

To use multiple optimizers, you can switch to ‘manual optimization’ and control their stepping:

def __init__(self):
    super().__init__()
    self.automatic_optimization = False


# Multiple optimizers (e.g.: GANs)
def training_step(self, batch, batch_idx):
    opt1, opt2 = self.optimizers()

    # do training_step with encoder
    ...
    opt1.step()
    # do training_step with decoder
    ...
    opt2.step()

Note

When accumulate_grad_batches > 1, the loss returned here will be automatically normalized by accumulate_grad_batches internally.

validation_step(batch, batch_idx)[source]

Operates on a single batch of data from the validation set. In this step you’d might generate examples or calculate anything of interest like accuracy.

Parameters:

  • batch – The output of your DataLoader.

  • batch_idx – The index of this batch.

  • dataloader_idx – The index of the dataloader that produced this batch. (only if multiple val dataloaders used)

Returns:

  • Any object or value

  • None - Validation will skip to the next batch

# if you have one val dataloader:
def validation_step(self, batch, batch_idx):
    ...


# if you have multiple val dataloaders:
def validation_step(self, batch, batch_idx, dataloader_idx=0):
    ...

Examples:

# CASE 1: A single validation dataset
def validation_step(self, batch, batch_idx):
    x, y = batch

    # implement your own
    out = self(x)
    loss = self.loss(out, y)

    # log 6 example images
    # or generated text... or whatever
    sample_imgs = x[:6]
    grid = torchvision.utils.make_grid(sample_imgs)
    self.logger.experiment.add_image('example_images', grid, 0)

    # calculate acc
    labels_hat = torch.argmax(out, dim=1)
    val_acc = torch.sum(y == labels_hat).item() / (len(y) * 1.0)

    # log the outputs!
    self.log_dict({'val_loss': loss, 'val_acc': val_acc})

If you pass in multiple val dataloaders, validation_step() will have an additional argument. We recommend setting the default value of 0 so that you can quickly switch between single and multiple dataloaders.

# CASE 2: multiple validation dataloaders
def validation_step(self, batch, batch_idx, dataloader_idx=0):
    # dataloader_idx tells you which dataset this is.
    ...

Note

If you don’t need to validate you don’t need to implement this method.

Note

When the validation_step() is called, the model has been put in eval mode and PyTorch gradients have been disabled. At the end of validation, the model goes back to training mode and gradients are enabled.

aiml.surrogate_model.models.create_substitute_model(num_classes, num_channels)[source]

Create a substitute model based on the input model.

Parameters:

  • num_classes (int) – The number of output classes for the model.

  • num_channels (int) – The number of input channels.

Returns:

The created substitute model.

Return type:

nn.Module

aiml.surrogate_model.utils module

utils.py

This module contains various utility functions and configurations for working with the CIFAR-10 dataset and PyTorch Lightning-based training for creating and training a surrogate model. This file supports the “create_surrogate_model.py” file.

aiml.surrogate_model.utils.choose_dataset(dataset: Dataset, n_sample: int | float, num_workers=1) Dataset[source]

Random choose n samples from a dataset without replacement.

aiml.surrogate_model.utils.find_clip_range(dataset: Dataset) Tuple[float, float][source]

Return the range of a dataset.

WARNING: Adversarial examples should NOT use a clip range after normalization. The scale of the perturbation will be wrong.

aiml.surrogate_model.utils.get_data(dataloader: DataLoader) Tensor[source]

Extract data from a dataloader.

aiml.surrogate_model.utils.get_labels(dataloader: DataLoader) Tensor[source]

Extract labels from a dataloader.

aiml.surrogate_model.utils.get_transforms(train=True, require_normalize=False) Compose[source]

Get data transformations for CIFAR-10 dataset.

aiml.surrogate_model.utils.inverse_normalize(batch: Tensor, normalize_values: dict) Tensor[source]

Convert a tensor to their original scale.

aiml.surrogate_model.utils.load_cifar10(train=True, require_normalize=False) Dataset[source]

Return CIFAR10 dataset.

Module contents