Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce shadow model training for inference attacks #1395

Merged
merged 17 commits into from
Nov 9, 2021
Merged

Introduce shadow model training for inference attacks #1395

merged 17 commits into from
Nov 9, 2021

Conversation

beat-buesser
Copy link
Collaborator

Description

This pull request introduces shadow model training for inference attacks. This PR is a continuation of #1345 to adress review comments.

Type of change

Please check all relevant options.

  • Improvement (non-breaking)
  • Bug fix (non-breaking)
  • New feature (non-breaking)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

GalHorowitz and others added 14 commits September 12, 2021 15:31
@GalHorowitz
Fix clone_for_refitting, set_params
b2e3e55 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Allow MembershipInferenceBlackBox to accept existing predictions in i…
a6f6b53 
…ts fit method

Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Add shadow model and hill climibing data generation utility
6404682 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Add notebook demonstrating use of shadow models for MI
4548f9b 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Add tests for shadow model training and synthetic data generation
c0f6c99 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Add nb_classes setter to ClassifierMixin and fix up usages
4755788 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Merge branch 'dev_1.8.1' of https://github.com/Trusted-AI/adversarial…
29c9a33 
…-robustness-toolbox into shadow_model_training

� Conflicts:
�	art/attacks/inference/membership_inference/black_box.py
�	art/estimators/classification/classifier.py
�	art/estimators/classification/scikitlearn.py
�	notebooks/README.md
@GalHorowitz
Type fixes for shadow models utility
4d4429f 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Use a property setter if present in set_params
6e10185 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Number of classes should be 2 in test_pe_malware_attack.py
0d3ce0d 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Remove nb_classes check from getter
6e836da 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@GalHorowitz
Use nb_classes setter in detectors
f8a1af4 
Signed-off-by: GalHorowitz <gal@galhorowitz.com>
@beat-buesser
Merge branch 'dev_1.9.0' into shadow_model_training
1b39d28
@beat-buesser
Merge pull request #1345 from GalHorowitz/shadow_model_training
25c3d8a 
Shadow model training
@beat-buesser beat-buesser self-assigned this Nov 4, 2021
@beat-buesser beat-buesser added the enhancement New feature or request label Nov 4, 2021
@beat-buesser beat-buesser added this to Pull request open in ART 1.9.0 via automation Nov 4, 2021
@beat-buesser beat-buesser added this to the ART 1.9.0 milestone Nov 4, 2021
@codecov-commenter
Copy link

codecov-commenter commented Nov 4, 2021
edited
Loading

Codecov Report

Merging #1395 (48a59b0) into dev_1.9.0 (98627f8) will increase coverage by 0.13%.
The diff coverage is 90.54%.

Impacted file tree graph

@@              Coverage Diff              @@
##           dev_1.9.0    #1395      +/-   ##
=============================================
+ Coverage      90.43%   90.57%   +0.13%     
=============================================
  Files            232      233       +1     
  Lines          18885    19002     +117     
  Branches        3089     3111      +22     
=============================================
+ Hits           17079    17211     +132     
+ Misses          1042     1030      -12     
+ Partials         764      761       -3
Impacted Files Coverage Δ
art/estimators/classification/catboost.py 91.30% <50.00%> (-4.16%) ⬇️
art/estimators/classification/classifier.py 96.49% <60.00%> (-3.51%) ⬇️
...ks/inference/membership_inference/shadow_models.py 90.56% <90.56%> (ø)
...attacks/inference/membership_inference/__init__.py 100.00% <100.00%> (ø)
...ttacks/inference/membership_inference/black_box.py 96.57% <100.00%> (+0.08%) ⬆️
art/defences/detector/evasion/detector.py 74.02% <100.00%> (+1.18%) ⬆️
...fences/detector/evasion/subsetscanning/detector.py 83.80% <100.00%> (+0.63%) ⬆️
...mators/certification/randomized_smoothing/numpy.py 87.09% <100.00%> (ø)
art/estimators/classification/GPy.py 89.09% <100.00%> (ø)
art/estimators/classification/blackbox.py 98.00% <100.00%> (ø)
... and 16 more

Beat Buesser and others added 3 commits November 4, 2021 11:51
Updates for review comments
a743f96 
Signed-off-by: Beat Buesser <beat.buesser@ie.ibm.com>
Account for None in shadow models
52f1748 
Signed-off-by: Beat Buesser <beat.buesser@ie.ibm.com>
@beat-buesser
Merge branch 'dev_1.9.0' into shadow_model_training
48a59b0
@beat-buesser beat-buesser merged commit 1a8b1cf into dev_1.9.0 Nov 9, 2021
ART 1.9.0 automation moved this from Pull request open to Pull request done Nov 9, 2021
@beat-buesser beat-buesser deleted the shadow_model_training branch November 9, 2021 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abigailgold abigailgold Awaiting requested review from abigailgold

Assignees

@beat-buesser beat-buesser

Labels
enhancement New feature or request
Projects
No open projects
ART 1.9.0
  
Pull request done
Milestone
ART 1.9.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@beat-buesser @codecov-commenter @GalHorowitz