Skip to content
Go to file



This code accompanies the paper "Privacy Risks of Securing Machine Learning Models against Adversarial Examples", accepted by ACM CCS 2019

We perform membership inference attacks against machine learning models which are trained to be robust against adversarial examples.
In total, we evaluate the privacy leakage introduced by six state-of-the-art robust training algorithms: PGD-based adversarial training, distributional adversarial training, difference-based adversarial training, duality-based verification, abstract interpretation-based verification, interval bound propagation-based verification.
We find out that robust training algorithms tend to increase the membership information leakage of trained models, compared to the natural training algorithm.

Overview of the code defined function of membership inference based on prediction confidence defined function to prepare Yale Face dataset
membership_inference_results.ipynb: lists membership inference results

  • Inside the folder of each robust training method defined function to obtain predictions of training and test data, in both benign and adversarial settings instructions on how to train a robust (or natural) classifier
    • Inside the subfolder of each dataset
      output_performance.ipynb: obtains model predictions


Tensorflow-1.12; Pytorch-0.4


Privacy Risks of Securing Machine Learning Models against Adversarial Examples



No releases published


No packages published
You can’t perform that action at this time.