forked from 626_privacy/tensorflow_privacy
add comments to privacy risk scores
This commit is contained in:
parent
bf65f55382
commit
d1dcf56c44
1 changed files with 11 additions and 3 deletions
|
@ -532,7 +532,7 @@ class SingleAttackResult:
|
||||||
@dataclass
|
@dataclass
|
||||||
class SingleRiskScoreResult:
|
class SingleRiskScoreResult:
|
||||||
"""Results from computing privacy risk scores.
|
"""Results from computing privacy risk scores.
|
||||||
this part is quite preliminary: it shows how to leverage privacy risk score to perform attacks with thresholding on risk score
|
this part shows how to leverage privacy risk score to perform attacks with thresholding on risk score
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Data slice this result was calculated for.
|
# Data slice this result was calculated for.
|
||||||
|
@ -543,6 +543,10 @@ class SingleRiskScoreResult:
|
||||||
test_risk_scores: np.ndarray
|
test_risk_scores: np.ndarray
|
||||||
|
|
||||||
def attack_with_varied_thresholds(self, threshold_list):
|
def attack_with_varied_thresholds(self, threshold_list):
|
||||||
|
""" For each threshold value, we count how many training and test samples with privacy risk scores larger than the threshold
|
||||||
|
and further compute precision and recall values.
|
||||||
|
We skip the threshold value if it is larger than every sample's privacy risk score.
|
||||||
|
"""
|
||||||
precision_list = []
|
precision_list = []
|
||||||
recall_list = []
|
recall_list = []
|
||||||
meaningful_threshold_list = []
|
meaningful_threshold_list = []
|
||||||
|
@ -553,9 +557,13 @@ class SingleRiskScoreResult:
|
||||||
meaningful_threshold_list.append(threshold)
|
meaningful_threshold_list.append(threshold)
|
||||||
precision_list.append(true_positive_normalized/(true_positive_normalized+false_positive_normalized+0.0))
|
precision_list.append(true_positive_normalized/(true_positive_normalized+false_positive_normalized+0.0))
|
||||||
recall_list.append(true_positive_normalized)
|
recall_list.append(true_positive_normalized)
|
||||||
return meaningful_threshold_list, precision_list, recall_list
|
return np.array(meaningful_threshold_list), np.array(precision_list), np.array(recall_list)
|
||||||
|
|
||||||
def print_results(self, threshold_list=[1,0.9,0.8,0.7,0.6,0.5]):
|
def print_results(self, threshold_list=np.array([1,0.9,0.8,0.7,0.6,0.5])):
|
||||||
|
""" The privacy risk score (from 0 to 1) represents each sample's probability of being in the training set.
|
||||||
|
Here, we choose a list of threshold values from 0.5 (uncertain of training or test) to 1 (100% certain of training)
|
||||||
|
to compute corresponding attack precision and recall.
|
||||||
|
"""
|
||||||
meaningful_threshold_list, precision_list, recall_list = self.attack_with_varied_thresholds(threshold_list)
|
meaningful_threshold_list, precision_list, recall_list = self.attack_with_varied_thresholds(threshold_list)
|
||||||
for i in range(len(meaningful_threshold_list)):
|
for i in range(len(meaningful_threshold_list)):
|
||||||
print(f"with {meaningful_threshold_list[i]} as the threshold on privacy risk score, the precision-recall pair is {(precision_list[i], recall_list[i])}")
|
print(f"with {meaningful_threshold_list[i]} as the threshold on privacy risk score, the precision-recall pair is {(precision_list[i], recall_list[i])}")
|
||||||
|
|
Loading…
Reference in a new issue