Skip to content
master
Go to file
Code

README.md

privacy-vs-robustness

About

This code accompanies the paper "Privacy Risks of Securing Machine Learning Models against Adversarial Examples", accepted by ACM CCS 2019 https://arxiv.org/abs/1905.10291.

We perform membership inference attacks against machine learning models which are trained to be robust against adversarial examples.
In total, we evaluate the privacy leakage introduced by six state-of-the-art robust training algorithms: PGD-based adversarial training, distributional adversarial training, difference-based adversarial training, duality-based verification, abstract interpretation-based verification, interval bound propagation-based verification.
We find out that robust training algorithms tend to increase the membership information leakage of trained models, compared to the natural training algorithm.

Overview of the code

inference_utils.py: defined function of membership inference based on prediction confidence
utils.py: defined function to prepare Yale Face dataset
membership_inference_results.ipynb: lists membership inference results

  • Inside the folder of each robust training method
    output_utils.py: defined function to obtain predictions of training and test data, in both benign and adversarial settings
    README.md: instructions on how to train a robust (or natural) classifier
    • Inside the subfolder of each dataset
      output_performance.ipynb: obtains model predictions

Dependecies

Tensorflow-1.12; Pytorch-0.4

About

Privacy Risks of Securing Machine Learning Models against Adversarial Examples

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.