Implementation of memebership inference and model inversion attacks, extracting training data information from an ML model. Benchmarking attacks and defenses.
Switch branches/tags
Nothing to show
Clone or download
MaAleBarr Merge pull request #58 from zhampel/master
Improve some docstrings. Accepts major flake8 checks of api base-code.
Latest commit 057e23a Dec 6, 2018


Here are tools and software you can use to replicate our work.


We are focusing on two different areas of research:

  • Model inversion attack is the process of either the model parameters or the data used to train the data.
  • Adversarial Attacks and Defense: an adversary makes small perturbations to an input image which can cause a classifier to produce the wrong label.

The below is created by our visualization software. The actual PDF has links to the arxiv papers. For inverting neural networks, the following wording is of relevance: Model Inversion For fooling neural networks, this is the following papers and relevant work: Model Fooling

Environment and Software


$ git clone
$ cd cyphercat
$ virtualenv cyphercat_virtualenv
$ source cyphercat_virtualenv/bin/activate
$ pip install -r requirements.txt
$ ipython kernel install --user --name=cyphercat_virtualenv

Select cyphercat_virtualenv kernel when running Jupyter.


Attack_baselines/ - Baselines for various attack types.

Classification_baselines/ - Baselines for various model architectures on popular datasets.

Utils/ - Contains model definitions, training and evaluation scripts.

Visualizations/ - Scripts for generating taxonomy graphs.


We are using GraphViz for our research in order to get a handle on the papers in the space, as well as describe our research. You can view some of that here. To install visualization tools via Mac, use:

brew install graphviz
pip install graphviz


  1. Salem, Ahmed, et al. "ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models." arXiv preprint arXiv:1806.01246 (2018). Link