forked from 626_privacy/tensorflow_privacy
update attack code
This commit is contained in:
parent
b5b18de284
commit
3f40b8c465
1 changed files with 0 additions and 49 deletions
|
@ -30,7 +30,6 @@ from tensorflow_privacy.privacy.membership_inference_attack.data_structures impo
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import \
|
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import \
|
||||||
PrivacyReportMetadata
|
PrivacyReportMetadata
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import RocCurve
|
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import RocCurve
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import Seq2SeqAttackInputData
|
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SingleAttackResult
|
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SingleAttackResult
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SingleSliceSpec
|
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SingleSliceSpec
|
||||||
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SlicingSpec
|
from tensorflow_privacy.privacy.membership_inference_attack.data_structures import SlicingSpec
|
||||||
|
@ -175,54 +174,6 @@ def run_attacks(attack_input: AttackInputData,
|
||||||
privacy_report_metadata=privacy_report_metadata)
|
privacy_report_metadata=privacy_report_metadata)
|
||||||
|
|
||||||
|
|
||||||
def run_seq2seq_attack(attack_input: Seq2SeqAttackInputData,
|
|
||||||
unused_report_metadata: PrivacyReportMetadata = None,
|
|
||||||
balance_attacker_training: bool = True) -> AttackResults:
|
|
||||||
"""Runs membership inference attacks on a seq2seq model.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
attack_input: input data for running an attack
|
|
||||||
unused_report_metadata: the metadata of the model under attack.
|
|
||||||
balance_attacker_training: Whether the training and test sets for the
|
|
||||||
membership inference attacker should have a balanced (roughly equal)
|
|
||||||
number of samples from the training and test sets used to develop the
|
|
||||||
model under attack.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
the attack result.
|
|
||||||
"""
|
|
||||||
attack_input.validate()
|
|
||||||
|
|
||||||
# The attacker uses the average rank (a single number) of a seq2seq dataset
|
|
||||||
# record to determine membership. So only Logistic Regression is supported,
|
|
||||||
# as it makes the most sense for single-number features.
|
|
||||||
attacker = models.LogisticRegressionAttacker()
|
|
||||||
|
|
||||||
prepared_attacker_data = models.create_seq2seq_attacker_data(
|
|
||||||
attack_input, balance=balance_attacker_training)
|
|
||||||
|
|
||||||
attacker.train_model(prepared_attacker_data.features_train,
|
|
||||||
prepared_attacker_data.is_training_labels_train)
|
|
||||||
|
|
||||||
# Run the attacker on (permuted) test examples.
|
|
||||||
predictions_test = attacker.predict(prepared_attacker_data.features_test)
|
|
||||||
|
|
||||||
# Generate ROC curves with predictions.
|
|
||||||
fpr, tpr, thresholds = metrics.roc_curve(
|
|
||||||
prepared_attacker_data.is_training_labels_test, predictions_test)
|
|
||||||
|
|
||||||
roc_curve = RocCurve(tpr=tpr, fpr=fpr, thresholds=thresholds)
|
|
||||||
|
|
||||||
attack_results = [
|
|
||||||
SingleAttackResult(
|
|
||||||
slice_spec=SingleSliceSpec(),
|
|
||||||
attack_type=AttackType.LOGISTIC_REGRESSION,
|
|
||||||
roc_curve=roc_curve)
|
|
||||||
]
|
|
||||||
|
|
||||||
return AttackResults(single_attack_results=attack_results)
|
|
||||||
|
|
||||||
|
|
||||||
def _compute_privacy_risk_score(attack_input: AttackInputData,
|
def _compute_privacy_risk_score(attack_input: AttackInputData,
|
||||||
num_bins: int = 15) -> SingleRiskScoreResult:
|
num_bins: int = 15) -> SingleRiskScoreResult:
|
||||||
"""compute each individual point's likelihood of being a member (https://arxiv.org/abs/2003.10595)
|
"""compute each individual point's likelihood of being a member (https://arxiv.org/abs/2003.10595)
|
||||||
|
|
Loading…
Reference in a new issue