TrajectoryMIA

Code for CCS 2022 "Membership Inference Attacks by Exploiting Loss Trajectory".

Environmment

• Linux with Python 3.8

• PyTorch>=1.10.0

Usage

🎾 First step: Train target model and shadow model

• Target model

python main.py --mode target

• Shadow model

python main.py --mode shadow

The shadow model is trained to mimic the behavior of the target model.

🎸 Second Step: Distill target model and shadow model

• Distill target model

python main.py --mode distill_target

• Distill shadow model

python main.py --mode distill_shadow

Here although we can get the loss trajectory from the original training processs of the shadow model, we still distill it in order to better align with the scenario for the target model. More explanations can be found in our paper.

🐶 Third step: Prepare the dataset for attack model

• Get attack model training data

python main.py --action 1 --mode shadow --mia_type build-dataset

• Get attack model testing data

python main.py --action 1 --mode target --mia_type build-dataset

From this step, we obtain the loss trajectory for each data sample.

🍉 Fourth step: Train and test attack model

python main.py --action 1 --mia_type black-box

The loss trajectory will be the input to train and test the attack model.

Note

• The trained models and generated data are saved to './networks/{seed}/{mode}/{data}_{model}'.
• The code above uses the default settings (ResNet-56 trained on CIFAR-100 with 100 epochs), you can change them with the corresponding arguments.

Citation

For technical details and full experimental results, please refer to the paper.

@inproceedings{LZBZ22,
author = {Yiyong Liu and Zhengyu Zhao and Michael Backes and Yang Zhang},
title = {{Membership Inference Attacks by Exploiting Loss Trajectory}},
booktitle = {{ACM SIGSAC Conference on Computer and Communications Security (CCS)}},
pages = {2085-2098},
publisher = {ACM},
year = {2022}
}

Contact

Feel free to contact yiyong.liu@cispa.de if you have any question on the codes. Enjoy!