In [1]:
import warnings

import pandas as pd

from MLWrappers import SklearnBlackBox
from PrivacyAttacks import MiaPrivacyAttack, AloaPrivacyAttack
from MLPrivacyEvaluator import PrivacyEvaluator

warnings.simplefilter("ignore", UserWarning)

In [2]:
DS_NAME = 'gaussian'
DATA_FOLDER = f'./data/{DS_NAME}'

# we load the target black box model using our wrapper
target = SklearnBlackBox(f'./models/rf_{DS_NAME}.sav')

# We load the data used to train, test of the model, as well as the shadow data
train_set = pd.read_csv(f'{DATA_FOLDER}/{DS_NAME}_original_train_set.csv', skipinitialspace=True)[:800]
test_set = pd.read_csv(f'{DATA_FOLDER}/{DS_NAME}_original_test_set.csv', skipinitialspace=True)[:400]
shadow_set = pd.read_csv(f'{DATA_FOLDER}/{DS_NAME}_shadow_set.csv', skipinitialspace=True)[:500]

In [3]:
# We initialise the attacks, with the desired parameters for each
mia = MiaPrivacyAttack(target, n_shadow_models=5)
aloa = AloaPrivacyAttack(target, n_shadow_models=1, n_noise_samples_fit=200)
attacks = [mia, aloa]

In [4]:
# We initialise the PrivacyEvaluator object
# We pass the target model and the attacks we want to use
evaluator = PrivacyEvaluator(target, attacks)

In [5]:
# We use the fit() method to execute the attacks, starting from the shadow data
evaluator.fit(shadow_set)

100%|██████████| 500/500 [00:01<00:00, 405.99it/s]


In [6]:
# Then we can obtain the performances using the report() method
results = evaluator.report(train_set, test_set)
print(results)


100%|██████████| 1200/1200 [00:02<00:00, 499.63it/s]

{'mia_attack': {'classification_report': {'IN': {'precision': 0.678990081154193, 'recall': 0.94125, 'f1-score': 0.7888947092718702, 'support': 800}, 'OUT': {'precision': 0.4835164835164835, 'recall': 0.11, 'f1-score': 0.17922606924643583, 'support': 400}, 'accuracy': 0.6641666666666667, 'macro avg': {'precision': 0.5812532823353382, 'recall': 0.525625, 'f1-score': 0.484060389259153, 'support': 1200}, 'weighted avg': {'precision': 0.6138322152749566, 'recall': 0.6641666666666667, 'f1-score': 0.5856718292633921, 'support': 1200}}}, 'aloa_attack': {'classification_report': {'IN': {'precision': 0.6699375557537912, 'recall': 0.93875, 'f1-score': 0.7818844351900052, 'support': 800}, 'OUT': {'precision': 0.379746835443038, 'recall': 0.075, 'f1-score': 0.12526096033402923, 'support': 400}, 'accuracy': 0.6508333333333334, 'macro avg': {'precision': 0.5248421955984146, 'recall': 0.506875, 'f1-score': 0.4535726977620172, 'support': 1200}, 'weighted avg': {'precision': 0.5732073156502069, 'recall'




In [7]:
results['mia_attack']

{'classification_report': {'IN': {'precision': 0.678990081154193,
   'recall': 0.94125,
   'f1-score': 0.7888947092718702,
   'support': 800},
  'OUT': {'precision': 0.4835164835164835,
   'recall': 0.11,
   'f1-score': 0.17922606924643583,
   'support': 400},
  'accuracy': 0.6641666666666667,
  'macro avg': {'precision': 0.5812532823353382,
   'recall': 0.525625,
   'f1-score': 0.484060389259153,
   'support': 1200},
  'weighted avg': {'precision': 0.6138322152749566,
   'recall': 0.6641666666666667,
   'f1-score': 0.5856718292633921,
   'support': 1200}}}