Commit graph

352 commits

Author SHA1 Message Date
Zheng Xu
b4c04093cf Restart the tree state in tree related DPQuery for streaming data: a general abstract class and an instance of restarting every a few rounds.
PiperOrigin-RevId: 390244330
2021-08-11 16:29:18 -07:00
Galen Andrew
f44dcb8760 Add tensorflow and tensorflow-datasets to setup/requirements.
PiperOrigin-RevId: 390171562
2021-08-11 10:54:46 -07:00
Galen Andrew
c447a1a3c2 Bump version number.
PiperOrigin-RevId: 389959093
2021-08-10 13:08:24 -07:00
Ken Liu
f3af24b00e Adds central discrete Gaussian DPQuery.
PiperOrigin-RevId: 389467360
2021-08-08 03:43:23 -07:00
A. Unique TensorFlower
aa3f841893 In TreeRangeSumQuery.preprocess_record, move the reshaping operation before applying inner_query.preprocess_record. The change is due to the newly checked-in DistributedDiscreteGaussianSumQuery whose preprocess_record requires explicit shape information during tracing.
PiperOrigin-RevId: 389392878
2021-08-07 11:21:32 -07:00
A. Unique TensorFlower
11900acf9b Fixed the previous bug that get_noised_result does not map inner_query's get_noised_result to the input record and updates global_state.
PiperOrigin-RevId: 388153296
2021-08-01 23:13:20 -07:00
A. Unique TensorFlower
2672559471 (1) Merge CentralTreeSumQuery and DistributedTreeSumQuery into one DPQuery to modularize things. The new query takes in an inner_query argument. Depending on the behavior of inner query, the query will follow central DP or distributed DP.
(2) Remove the hard-coded L1 clipping and replace with norm bound checking in the inner query. This design allows us to use whatever clipping factory we want outside the DPQuery.

PiperOrigin-RevId: 387398741
2021-07-28 11:40:15 -07:00
Keith Rush
eef5810d94 Automated rollback of commit 4d335d1b69
PiperOrigin-RevId: 387254617
2021-07-27 20:04:28 -07:00
A. Unique TensorFlower
4d335d1b69 (1) Merge CentralTreeSumQuery and DistributedTreeSumQuery into one DPQuery to modularize things. The new query takes in an inner_query argument. Depending on the behavior of inner query, the query will follow central DP or distributed DP.
(2) Remove the hard-coded L1 clipping and replace with norm bound checking in the inner query. This design allows us to use whatever clipping factory we want outside the DPQuery.

PiperOrigin-RevId: 387236482
2021-07-27 17:42:37 -07:00
Ken Liu
e7e11d14d9 Adds discrete Gaussian (sampler and distributed DPQuery) to public TF Privacy.
PiperOrigin-RevId: 387232449
2021-07-27 17:18:16 -07:00
Steve Chien
2f862eba9b Move TensorFlow v1 imports to their own __init__.py file in a new subdirectory.
PiperOrigin-RevId: 387156295
2021-07-27 11:28:42 -07:00
A. Unique TensorFlower
2cafe28d8d The previous version uses tf.nest.map_structure to apply add_noise to a tf.RaggedTensor. This causes a bug when used in tensorflow federated because tf.nest.map_structure will also map add_noise to the tensor for shape information in tf.RaggedTensor. This causes failure when tff conducts automatic type conversion.
Also use fixed random seed to avoid flaky timeouts and testing failures.

PiperOrigin-RevId: 384573740
2021-07-13 16:14:15 -07:00
Galen Andrew
7f44b02456 Increment version number.
PiperOrigin-RevId: 384507585
2021-07-13 11:14:18 -07:00
A. Unique TensorFlower
caf6f36b80 (1) add CentralTreeSumQuery and DistributedTreeSumQuery to tree_aggregation_query.py. (2) move build_tree_from_leaf to tree_aggregation_query.py together with CentralTreeSumQuery.
PiperOrigin-RevId: 383511025
2021-07-07 15:55:22 -07:00
Kuangyuan Chen
d6aa796684 Automated rollback of commit 4326014a0e
PiperOrigin-RevId: 383505647
2021-07-07 15:26:23 -07:00
Steve Chien
4326014a0e Move TensorFlow v1 imports to their own __init__.py file in a new subdirectory.
PiperOrigin-RevId: 383485268
2021-07-07 13:45:38 -07:00
Steve Chien
beed219d20 Update docstring for DPModel class.
PiperOrigin-RevId: 382855055
2021-07-02 20:04:25 -07:00
Steve Chien
45c935832a Update docstrings for all DP optimizer classes.
PiperOrigin-RevId: 382811363
2021-07-02 14:18:44 -07:00
Zheng Xu
c192a4166b Add a TODO comment for replacing noise saving with seed saving for tree aggregation.
PiperOrigin-RevId: 382338346
2021-06-30 10:46:13 -07:00
Shuang Song
3055f4ad52 Add header and some minor comments to secret sharer colab.
PiperOrigin-RevId: 382225535
2021-06-29 21:26:29 -07:00
A. Unique TensorFlower
2396098b94 Add build_tree function which takes in a histogram and builds a tree on top of it. The function will be used in CentralTreeSumQuery and DistributedTreeSumQuery in a following CL.
For more details about `CentralTreeSumQuery` and `DistributedTreeSumQuery`, please refer to the implementation design section in the following design doc: https://docs.google.com/document/d/14LL94yZx3MdorCEOE0QZNhyIx7P_3voyrl4Nlt2HF7k/edit?resourcekey=0-X3xeTk6w-fkYFezl5fxmCQ#

PiperOrigin-RevId: 382199971
2021-06-29 17:31:21 -07:00
Steve Chien
34249f464b Update version to 0.6.1 to prepare for new release.
PiperOrigin-RevId: 382196622
2021-06-29 17:08:44 -07:00
Shuang Song
b92aeaedee Add init file for privacy_tests.
PiperOrigin-RevId: 382195968
2021-06-29 17:04:54 -07:00
Shuang Song
0caa10f674 Internal change.
PiperOrigin-RevId: 382171367
2021-06-29 14:54:27 -07:00
A. Unique TensorFlower
392c506c62 Implementation of Differentially Private Logistic Regression.
PiperOrigin-RevId: 381904153
2021-06-28 11:08:44 -07:00
Galen Andrew
af87581387 Remove test where nested record and query mismatch on type because a change to tree made it fail.
PiperOrigin-RevId: 380883991
2021-06-22 13:46:03 -07:00
Galen Andrew
5f07198b66 Improving docstrings for DPQueries.
PiperOrigin-RevId: 378956777
2021-06-11 15:00:03 -07:00
A. Unique TensorFlower
4b09172c31 Merge pull request #167 from luckyos-code:fix_max_auc_summary
PiperOrigin-RevId: 378632912
2021-06-10 05:59:37 -07:00
Lucas Lange
042a33a008
fix max_auc for summary without slices
Before: shows the AUC of the result with the max attacker advantage
Expected and fixed: shows the AUC of the result with max AUC
2021-06-10 11:09:53 +02:00
Vadym Doroshenko
c12a7acd9d Moving membership_inference_attack to privacy_tests/membership_inference_attack
PiperOrigin-RevId: 377860420
2021-06-07 01:11:54 -07:00
Steve Chien
eaf9fbf969 Changes for API docstrings for TF.org:
(1) Hide documentation for superclass methods in DPModel.
(2) Make compute_dp_sgd_privacy visible.

PiperOrigin-RevId: 377553548
2021-06-04 11:31:21 -07:00
A. Unique TensorFlower
385fefc85e Merge pull request #158 from jeremy43:improved_gaussian_subsample
PiperOrigin-RevId: 377344012
2021-06-03 12:13:28 -07:00
Galen Andrew
6b19862529 Bump version number.
PiperOrigin-RevId: 377136883
2021-06-02 13:52:00 -07:00
Zheng Xu
944dcd0e17 Implement the tree aggregation query in TFP.
The core `tree_aggregation` algorithm is from https://github.com/google-research/federated/tree/master/dp_ftrl.

The tree_aggregation_query is partially developed by Monica Ribero Diaz when she was a student researcher at Google.

PiperOrigin-RevId: 376953302
2021-06-01 17:27:02 -07:00
A. Unique TensorFlower
a03374be6c Fix Keras DP optimizer when num_microbatches == None.
Optimizer should not save TF tensors into class members, otherwise code may not work in some cases with tf.function.

PiperOrigin-RevId: 374976737
2021-05-20 16:46:57 -07:00
Galen Andrew
e5848656ed Remove GaussianAverageQuery. Users can simply wrap GaussianSumQuery with a NormalizedQuery.
PiperOrigin-RevId: 374784618
2021-05-19 20:20:00 -07:00
Galen Andrew
1de7e4dde4 Remove QuantileAdaptiveClipAverageQuery. Users can simply wrap QuantileAdaptiveClipSumQuery with a NormalizedQuery.
PiperOrigin-RevId: 374770867
2021-05-19 18:10:51 -07:00
Yuqing
9d13376707 resolve space issues 2021-05-11 00:19:52 -07:00
Yuqing
09270afed6 Resolve comments and add more tests 2021-05-07 00:16:59 -07:00
David Marn
eb5c99d484 Internal change.
PiperOrigin-RevId: 372339098
2021-05-06 07:30:29 -07:00
Mark Daoust
bd69c70965 Add a skeleton g3doc directory.
Move notebook files to g3doc.
  - Some style and code fixes for notebooks.
Add api-reference generation script.

PiperOrigin-RevId: 372233296
2021-05-05 16:41:40 -07:00
Steve Chien
755ed26671 Update keras optimizers (both traditional and vectorized) to handle case of num_microbatches=None.
PiperOrigin-RevId: 369497296
2021-04-20 12:35:23 -07:00
Steve Chien
41530f4426 More docstring updates in preparation for api docs generation.
PiperOrigin-RevId: 368667796
2021-04-15 10:31:04 -07:00
David Marn
ca347b8995 Trained attackers no longer fail when labels are missing.
PiperOrigin-RevId: 368598111
2021-04-15 02:18:55 -07:00
Steve Chien
edd9c44269 Add __init__.py files for estimators.
PiperOrigin-RevId: 368148645
2021-04-12 22:17:08 -07:00
Steve Chien
685ef25e00 Expand __init__.py and update version to 0.5.2 in preparation for new pip release.
PiperOrigin-RevId: 367727715
2021-04-09 16:49:12 -07:00
Steve Chien
53ddbf81a0 Add explicit package names to class __doc__ strings in optimizers directory.
PiperOrigin-RevId: 367516282
2021-04-08 15:11:38 -07:00
Steve Chien
3c64cce796 Update per-class descriptions for DP Keras Model classes.
PiperOrigin-RevId: 367515250
2021-04-08 15:06:39 -07:00
Steve Chien
121982deb1 Add explicit package names to class __doc__ strings for DNNClassifier classes.
PiperOrigin-RevId: 367512322
2021-04-08 14:52:20 -07:00
Steve Chien
c53a96184b Internal change.
PiperOrigin-RevId: 367484243
2021-04-08 12:32:21 -07:00
Steve Chien
c8b1c97b47 Small updates in preparation for auto-generating documentation.
PiperOrigin-RevId: 367073829
2021-04-06 13:29:41 -07:00
Yilei Yang
693dd666c3 Remove no-op pylint disable comments.
PiperOrigin-RevId: 364330068
2021-03-22 09:04:33 -07:00
Yuqing
736520b0eb remove unnecessary files 2021-03-12 14:00:53 -08:00
Yuqing
c0d3431eb2 add rdp for subsample without replacement 2021-03-12 13:56:52 -08:00
A. Unique TensorFlower
5524409cbd Merge pull request #143 from jagielski:master
PiperOrigin-RevId: 358924580
2021-02-22 16:01:24 -08:00
David Marn
85bdb9f819 Adds instructions on installing the latest version and links to blog posts.
PiperOrigin-RevId: 356221955
2021-02-08 02:39:41 -08:00
Steve Chien
1860ee1c27 Tests for dp_keras_model.py.
PiperOrigin-RevId: 353698907
2021-01-25 12:02:04 -08:00
Matthew Jagielski
e468af41dd address schien comments 2021-01-19 13:16:55 -05:00
A. Unique TensorFlower
aed49d0087 Merge pull request #147 from TheSalon:master
PiperOrigin-RevId: 351680116
2021-01-13 15:42:04 -08:00
pranav subramani
78ec3fa58a update dp keras model 2021-01-08 00:24:52 -07:00
pranav subramani
13b3a04a3e update keras model 2021-01-08 00:23:32 -07:00
pranav subramani
6982e027b5 update dp keras model 2021-01-08 00:22:44 -07:00
David Marn
3011855967 Moves advanced usage to the main README.
PiperOrigin-RevId: 350544144
2021-01-07 06:02:37 -08:00
Nicholas Vadivelu
7dad2d18e8 Update privacy/keras_models. 2021-01-05 17:42:10 -05:00
pranav subramani
7a00a1cfef adding keras vectorized model initial commit 2021-01-05 13:13:00 -07:00
pranav subramani
574718706d creating keras models directory 2021-01-04 19:32:53 -07:00
A. Unique TensorFlower
be8175bfac Improved conversion from Renyi DP to approx DP
PiperOrigin-RevId: 349557544
2020-12-30 07:43:07 -08:00
Shuang Song
8d53d8cc59 Write to Tensorboard in Keras under TF2.
PiperOrigin-RevId: 349446504
2020-12-29 11:18:09 -08:00
Shuang Song
c8a26ce7be Add number of examples in the attack result.
PiperOrigin-RevId: 348812773
2020-12-23 10:14:36 -08:00
Steve Chien
6460c3feb8 Vectorized version of DP Keras optimizers.
PiperOrigin-RevId: 348551659
2020-12-21 17:06:51 -08:00
Galen Andrew
e4f9794542 Fix numerical instability in computing A(alpha) for very large integer alpha.
Tested that new implementation agrees with existing implementation on all small integers but also scales to 10^6.

PiperOrigin-RevId: 348492489
2020-12-21 10:52:12 -08:00
David Marn
276d2d74d5 Moves the example, along with the relevant part of the README file, to the codelabs subdir.
PiperOrigin-RevId: 348477215
2020-12-21 09:15:01 -08:00
A. Unique TensorFlower
a3b64fd8f5 Merge pull request #146 from lwsong:master
PiperOrigin-RevId: 348448249
2020-12-21 04:36:33 -08:00
Yurii Sushko
2c810440d9 Introduce concept of "membership scores".
PiperOrigin-RevId: 348443155
2020-12-21 03:42:55 -08:00
Liwei Song
29c66c5220 update codelab file 2020-12-17 16:17:20 -05:00
Liwei Song
abd8912e6c change risk score to membership probability 2020-12-17 15:55:46 -05:00
Liwei Song
b1993344cf update risk score analysis 2020-12-17 15:18:02 -05:00
Liwei Song
fd0ae811a6 update privacy risk score codelab 2020-12-16 16:56:01 -05:00
Liwei Song
b7f7fe07e7 update privacy risk score codelab 2020-12-16 16:50:45 -05:00
Liwei Song
59bccb3a82 update privacy risk score code 2020-12-16 16:01:29 -05:00
Liwei Song
a4d108f270 update code 2020-12-16 15:47:15 -05:00
Liwei Song
bcee3f7a09 update code 2020-12-14 15:08:04 -05:00
Liwei Song
2312192573 update test code 2020-12-14 15:02:56 -05:00
Liwei Song
d99a880422
Merge branch 'master' into master 2020-12-14 14:54:22 -05:00
Liwei Song
3f40b8c465 update attack code 2020-12-14 14:49:30 -05:00
Liwei Song
b5b18de284 Merge branch 'master' of https://github.com/lwsong/privacy 2020-12-10 18:45:42 -05:00
Liwei Song
d6d70f6211 update data_structures_test 2020-12-10 18:44:52 -05:00
Liwei Song
60f63408e9
Update privacy_risk_score_codelab.ipynb 2020-12-10 18:33:35 -05:00
Liwei Song
d0d2108ad8 update codelab file for privacy risk score 2020-12-10 18:30:19 -05:00
Liwei Song
13d1676a00 edit the summary string for privacy risk scores 2020-12-10 18:20:32 -05:00
Liwei Song
097a98dcd4 edit the summary string for privacy risk scores 2020-12-10 18:14:39 -05:00
Liwei Song
b5dd6bee71 edit the summary string for privacy risk scores 2020-12-10 18:06:08 -05:00
Liwei Song
e72ff861a1 create a summary string for privacy risk scores 2020-12-10 17:54:50 -05:00
Liwei Song
d1dcf56c44 add comments to privacy risk scores 2020-12-10 10:37:52 -05:00
A. Unique TensorFlower
b208d9deec Merge pull request #144 from amad-person:refactor-seq2seq
PiperOrigin-RevId: 346307900
2020-12-08 06:12:00 -08:00
David Marn
fcac288849 Bugfix for the case where epoch_num is 0 with an accompanying test.
PiperOrigin-RevId: 346072261
2020-12-07 05:36:42 -08:00
Liwei Song
bf65f55382 add test cases for privacy risk score 2020-12-02 21:00:44 -05:00
Liwei Song
d80df35e85 codelab for privacy risk score 2020-12-02 19:23:05 -05:00
Liwei Song
21a891c569 add privacy risk score 2020-12-02 18:57:35 -05:00
Shuang Song
e7c21abb09 Add a figure in README for membership inference attack.
PiperOrigin-RevId: 345249792
2020-12-02 09:37:43 -08:00
amad-person
31c747cdd8 Use hard-coded attack input for the metadata calculation test 2020-12-02 21:17:45 +08:00
amad-person
6c7d607e65 Move initialization for privacy_report_metadata to args 2020-11-27 18:03:18 +08:00
amad-person
981d5a95f5 Return loss, accuracy instead of updating args 2020-11-27 11:59:06 +08:00
amad-person
eb215072bc Compute and populate PrivacyReportMetadata fields 2020-11-25 16:06:37 +08:00
Vadym Doroshenko
15515cb0f4 Fix for threshold attacks when logits are not provided.
Don't try to compute number of classes when it's not needed.

PiperOrigin-RevId: 344060285
2020-11-24 08:06:11 -08:00
amad-person
46bee91cda Refactor seq2seq logic and tests into separate files 2020-11-24 14:52:12 +08:00
Matthew Jagielski
3bf78f46fe add helper for computing noise_multiplier from epsilon 2020-11-19 21:22:02 -05:00
A. Unique TensorFlower
35a8096173 Merge pull request #137 from amad-person:add_seq2seq_mia_attacks
PiperOrigin-RevId: 343047622
2020-11-18 03:26:24 -08:00
amad-person
b25808cfbe Remove call to _get_slicing_spec in run_seq2seq_attack 2020-11-14 02:13:11 +08:00
Aadyaa Maddi
641c4dd98c
Add comment to explain support for LR 2020-11-13 12:20:30 +08:00
David Marn
caf71c11bc Bugfix for logits_or_probs with an accompanying test.
PiperOrigin-RevId: 341604420
2020-11-10 06:08:21 -08:00
amad-person
bfc5ef333a Fix type annotation 2020-11-08 22:02:26 +08:00
amad-person
afe3944b1d Fix nits 2020-11-08 21:59:05 +08:00
amad-person
ed2bdcadfa Add codelab for membership inference on seq2seq models 2020-11-06 16:53:29 +08:00
amad-person
16c36e4819 Add tests for membership inference attacks on seq2seq models 2020-11-06 16:49:54 +08:00
amad-person
2355e13f44 Add tests for rank generation 2020-11-06 16:48:44 +08:00
amad-person
4db54d9485 Add tests for Seq2SeqAttackInputData 2020-11-06 16:46:57 +08:00
amad-person
d1c1746cdb Add membership inference attack for seq2seq models 2020-11-06 16:44:52 +08:00
amad-person
cd57910e5c Add rank generation code 2020-11-06 16:43:46 +08:00
amad-person
9f07f2a871 Add Seq2SeqAttackInputData data structure 2020-11-06 16:42:31 +08:00
A. Unique TensorFlower
67f7f35383 Merge pull request #131 from lwsong:master
PiperOrigin-RevId: 339012372
2020-10-26 04:24:55 -07:00
Liwei Song
6e929da966 add test case for entropy attack 2020-10-23 09:30:09 -04:00
Liwei Song
893b615d72 use logical AND 2020-10-23 08:58:49 -04:00
Liwei Song
0fa87d200c update slicing test 2020-10-21 17:07:53 -04:00
Liwei Song
a41d6aace7 add threshold-entropy attack 2020-10-21 16:41:20 -04:00
David Marn
1981ebe2f2 Adds the TF Privacy Report codelab.
PiperOrigin-RevId: 338222024
2020-10-21 01:52:53 -07:00
Vadym Doroshenko
4143957701 Fixed train/test_size calculation.
PiperOrigin-RevId: 337886488
2020-10-19 10:38:11 -07:00
Yurii Sushko
19ae5c9669 Fix broken codelab link
PiperOrigin-RevId: 337095513
2020-10-14 08:28:17 -07:00
David Marn
d1a8a6cfda Multiple small changes to the TF Privacy Report:
- Fix the legend to the bottom right
     - Manually set the size of the plot figure.
     - Fix a typo in the subplot title.

PiperOrigin-RevId: 337064528
2020-10-14 04:41:35 -07:00
David Marn
1281d0c63e Adds an option to balance train and test AttackInputData and stratifies the train-test split.
PiperOrigin-RevId: 336609893
2020-10-12 00:43:16 -07:00
Steve Chien
d703168de2 Add TF1-compatible version of DP canned estimators, and some small cleanup..
PiperOrigin-RevId: 335954269
2020-10-07 14:31:53 -07:00
David Marn
703cd413c6 Introduces an AttackResultsCollection class for the ML Privacy report.
PiperOrigin-RevId: 335858822
2020-10-07 06:59:26 -07:00
Peter Kairouz
e19c53a78c Add a function to compute RDP under heterogeneous applications of the subsampled Gaussian mechanism.
PiperOrigin-RevId: 335706732
2020-10-06 13:20:34 -07:00
David Marn
ab1090717c Internal change.
PiperOrigin-RevId: 335385162
2020-10-05 03:54:20 -07:00
Vadym Doroshenko
9a56402c0d Removing leftovers from the old API.
PiperOrigin-RevId: 334792006
2020-10-01 05:13:33 -07:00
A. Unique TensorFlower
a579cc4afc BUILD cleanups
PiperOrigin-RevId: 334666492
2020-09-30 13:27:37 -07:00
Shuang Song
20d0b884ba Move to new API.
PiperOrigin-RevId: 334434385
2020-09-29 12:16:06 -07:00
Shuang Song
bca2baae8d Remove old API.
PiperOrigin-RevId: 334406920
2020-09-29 10:19:37 -07:00
David Marn
78d30a0424 Refactors the pd_dataframe calculation to avoid hard-coded strings.
PiperOrigin-RevId: 334334080
2020-09-29 02:15:34 -07:00
David Marn
c30c3fcb7a Adds plots for multiple model labels to the ML Privacy Report.
PiperOrigin-RevId: 334179759
2020-09-28 09:59:37 -07:00
Steve Chien
837e014107 For DP Keras optimizers, add assertion that one of the DP-modified gradients methods has been called before apply_gradients(). In particular, this helps catch cases where the user has not yet upgraded to TF 2.4.
PiperOrigin-RevId: 333620379
2020-09-24 16:14:49 -07:00
Shuang Song
7c53757250 Option for plotting attack results in the same figure.
PiperOrigin-RevId: 333225502
2020-09-22 22:12:00 -07:00
Yurii Sushko
677b3d9e9a Quick docs fix.
PiperOrigin-RevId: 332061086
2020-09-16 12:21:44 -07:00
Yurii Sushko
78f76fac31 Add a note about API update to the docs.
PiperOrigin-RevId: 332057406
2020-09-16 12:04:27 -07:00
David Marn
942ad89da7 Adds the feedback from to the readme.
PiperOrigin-RevId: 331956759
2020-09-16 01:42:25 -07:00
David Marn
70f9585a24 Adds Privacy vs Utility charts to the Privacy Report for a single model.
PiperOrigin-RevId: 331720083
2020-09-15 01:30:21 -07:00
David Marn
fc38e3f733 Modifies Privacy Report metadata and adds an epoch chart.
PiperOrigin-RevId: 331326000
2020-09-12 09:11:45 -07:00
Vadym Doroshenko
f44b63eb78 Add probabilities to AttackInputData.
PiperOrigin-RevId: 330723370
2020-09-09 08:05:52 -07:00
A. Unique TensorFlower
6312a853d8 Merge pull request #119 from lwsong:master
PiperOrigin-RevId: 330658958
2020-09-08 22:44:06 -07:00
Vadym Doroshenko
8f3a61b50d Fixing calculating loss on logits.
PiperOrigin-RevId: 329966058
2020-09-03 12:06:29 -07:00