ml_privacy_meter icon indicating copy to clipboard operation
ml_privacy_meter copied to clipboard

Published 20 hours ago verified publisher icon privacytrustlab

Attack S and Attack P cant be reproduced

Open xjc1234567 opened this issue 1 year ago • 3 comments

Hi, I noticed that the detailed implementation of attack S and attack P was not given in the source code of Enhanced MIA, how can I find them?

xjc1234567 avatar May 18 '23 09:05 xjc1234567

Hi @xjc1234567 ,

The attacks S and P are incorporated in the shadow_metric and population_metric function respectively in the privacy meter (see here). To get more details of how these attacks are executed, please consult the files shadow_metric.ipynb and population_metric.ipynb.

changhongyan123 avatar May 18 '23 13:05 changhongyan123

Thank you for your answer, but I have one more question here. I did not find the training details of the target model for attack S,P,R,D such as hyperparameters because the paper provided at the conference did not include appendix. arXiv provided the paper with the training details but the data is quite different from the conference version. Can you provide me more training details about the target model to reproduce your attack?

xjc1234567 avatar May 22 '23 12:05 xjc1234567

Hi @xjc1234567, the hyperparameters for training the shadow models in attack S are the same as the hyperparameters for reference models in attack R. Additionally, an example for replicating attack P on cifar-10 in the table of the paper can be found here https://github.com/privacytrustlab/ml_privacy_meter/tree/master/benchmark

yuan74 avatar Jun 20 '23 18:06 yuan74