mia_on_model_distillation/lira-pytorch
2024-12-02 17:58:01 -07:00
..
figures Pytorch version of lira 2024-11-29 17:16:09 -07:00
.gitignore Torchlira: update gitignore 2024-11-29 17:39:44 -07:00
env.yml Pytorch version of lira 2024-11-29 17:16:09 -07:00
inference.py fixed to use student model 2024-12-02 17:58:01 -07:00
LICENSE Pytorch version of lira 2024-11-29 17:16:09 -07:00
plot.py Pytorch version of lira 2024-11-29 17:16:09 -07:00
README.md Pytorch version of lira 2024-11-29 17:16:09 -07:00
run.sh Pytorch version of lira 2024-11-29 17:16:09 -07:00
run_distilled.sh fixed to use student model 2024-12-02 17:58:01 -07:00
score.py Pytorch version of lira 2024-11-29 17:16:09 -07:00
student_model.py fixed to use student model 2024-12-02 17:58:01 -07:00
student_shadow_train.py fixed to use student model 2024-12-02 17:58:01 -07:00
train.py Torchlira: add additional networks 2024-11-30 13:34:05 -07:00
wide_resnet.py Pytorch version of lira 2024-11-29 17:16:09 -07:00

Likelihood Ration Attack (LiRA) in PyTorch

Implementation of the original LiRA using PyTorch. To run the code, first create an environment with the env.yml file. Then run the following command to train the models and run the LiRA attack:

./run.sh

The output will generate and store a log-scale FPR-TPR curve as ./fprtpr.png with the TPR@0.1%FPR in the output log.

Results on CIFAR10

Using 16 shadow models trained with ResNet18 and 2 augmented queries:

roc

Attack Ours (online)
   AUC 0.6548, Accuracy 0.6015, TPR@0.1%FPR of 0.0068
Attack Ours (online, fixed variance)
   AUC 0.6700, Accuracy 0.6042, TPR@0.1%FPR of 0.0464
Attack Ours (offline)
   AUC 0.5250, Accuracy 0.5353, TPR@0.1%FPR of 0.0041
Attack Ours (offline, fixed variance)
   AUC 0.5270, Accuracy 0.5380, TPR@0.1%FPR of 0.0192
Attack Global threshold
   AUC 0.5948, Accuracy 0.5869, TPR@0.1%FPR of 0.0006

Using 16 shadow models trained with WideResNet28-10 and 2 augmented queries:

roc

Attack Ours (online)
   AUC 0.6834, Accuracy 0.6152, TPR@0.1%FPR of 0.0240
Attack Ours (online, fixed variance)
   AUC 0.7017, Accuracy 0.6240, TPR@0.1%FPR of 0.0704
Attack Ours (offline)
   AUC 0.5621, Accuracy 0.5649, TPR@0.1%FPR of 0.0140
Attack Ours (offline, fixed variance)
   AUC 0.5698, Accuracy 0.5628, TPR@0.1%FPR of 0.0370
Attack Global threshold
   AUC 0.6016, Accuracy 0.5977, TPR@0.1%FPR of 0.0013