1.1.6. aijack.attack.membership package#

1.1.6.1. Submodules#

1.1.6.2. aijack.attack.membership.membership_inference module#

class aijack.attack.membership.membership_inference.ShadowMembershipInferenceAttack(target_model, shadow_models, attack_models)[source]#

Bases: aijack.attack.base_attack.BaseAttacker

attack(x, y, proba=False)[source]#

Attack victim model

Parameters

  • x – target datasets which the attacker wants to classify

  • y – target labels which the attacker wants to classify

  • proba – the format of the output

fit(X, y)[source]#
predict(pred, label)[source]#

Predict whether the given prediction came from training data or not

Parameters

  • pred (torch.Tensor) – predicted probabilities on the data

  • label (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

predicted binaru labels

predict_proba(pred, label)[source]#
get probabilities of whether the given prediction came from

training data or not

Parameters

  • pred (torch.Tensor) – predicted probabilities on the data

  • label (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

predicted probabilities

train_attacker()[source]#

Train attacker models

train_shadow(X, y)[source]#

train shadow models

Parameters

  • X (np.array) – training data for shadow models

  • y (np.array) – training label for shadow models

1.1.6.3. aijack.attack.membership.utils module#

class aijack.attack.membership.utils.AttackerModel(models)[source]#

Bases: object

fit(shadow_result)[source]#

train an attacl model with the result of shadow models

Parameters

shadow_result (dict) – key is each class value is (shadow_data, shadow_label)

predict(y_pred_prob, y_labels)[source]#

predict whether the given prediction came from training data or not

Parameters

  • y_pred_prob (torch.Tensor) – predicted probabilities on the data

  • y_labels (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

result of attack

each element should be one or zero

Return type

in_out_pred (np.array)

predict_proba(y_pred_prob, y_labels)[source]#
get probabilities of whether the given prediction came from

training data or not

Parameters

  • y_pred_prob (torch.Tensor) – predicted probabilities on the data

  • y_labels (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

result of attack

each element expresses the possibility

Return type

in_out_pred (np.array)

class aijack.attack.membership.utils.ShadowModels(models)[source]#

Bases: object

Train shadow models for membership inference

reference https://arxiv.org/abs/1610.05820

Args

models : torch models for shadow

fit_transform(X, y)[source]#
Trains shadow models and get prediction of shadow models

and membership label of each prediction for each class

Parameters

  • X (np.array) – target data

  • y (np.array) – target label

Returns

key is each class

value is (shadow_data, shadow_label)

Return type

result_dict (dict)

1.1.6.4. Module contents#

Subpackage for membership inference attack, which reveals the confidential information about whether the target data is in the training dataset or not.

class aijack.attack.membership.ShadowMembershipInferenceAttack(target_model, shadow_models, attack_models)[source]#

Bases: aijack.attack.base_attack.BaseAttacker

attack(x, y, proba=False)[source]#

Attack victim model

Parameters

  • x – target datasets which the attacker wants to classify

  • y – target labels which the attacker wants to classify

  • proba – the format of the output

fit(X, y)[source]#
predict(pred, label)[source]#

Predict whether the given prediction came from training data or not

Parameters

  • pred (torch.Tensor) – predicted probabilities on the data

  • label (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

predicted binaru labels

predict_proba(pred, label)[source]#
get probabilities of whether the given prediction came from

training data or not

Parameters

  • pred (torch.Tensor) – predicted probabilities on the data

  • label (torch.Tensor) – true label of the data which y_pred_prob is predicted on

Returns

predicted probabilities

train_attacker()[source]#

Train attacker models

train_shadow(X, y)[source]#

train shadow models

Parameters

  • X (np.array) – training data for shadow models

  • y (np.array) – training label for shadow models