-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attribute inference attack and shadow model improvements #2006
Attribute inference attack and shadow model improvements #2006
Conversation
…ributeInferenceBaseline attack Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
…uteInferenceBaselineTrueLabel Signed-off-by: abigailt <abigailt@il.ibm.com>
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## dev_1.14.0 #2006 +/- ##
==============================================
+ Coverage 82.32% 85.54% +3.22%
==============================================
Files 291 291
Lines 25464 25564 +100
Branches 4590 4621 +31
==============================================
+ Hits 20963 21870 +907
+ Misses 3353 2530 -823
- Partials 1148 1164 +16
|
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
Signed-off-by: abigailt <abigailt@il.ibm.com>
@@ -59,9 +59,10 @@ def test_white_box(art_warning, decision_tree_estimator, get_iris_dataset): | |||
art_warning(e) | |||
|
|||
|
|||
def test_check_params(art_warning, image_dl_estimator_for_attack): | |||
@pytest.mark.skip_framework("dl_frameworks") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do deep learning frameworks get excluded?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This attack only works on decision trees (it's a whitebox attack).
@@ -116,9 +116,10 @@ def transform_feature(x): | |||
art_warning(e) | |||
|
|||
|
|||
def test_check_params(art_warning, image_dl_estimator_for_attack): | |||
@pytest.mark.skip_framework("dl_frameworks") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar as above, why do deep learning frameworks get excluded?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This attack only works on decision trees (it's a whitebox attack).
raise ValueError("Attack feature must be either an integer or a slice object.") | ||
if isinstance(self.attack_feature, int) and self.attack_feature < 0: | ||
raise ValueError("Attack feature index must be positive.") | ||
self._check_attack_feature(self.attack_feature) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do all attribute inference attack have to call self._check_attack_feature
? I'm wondering if we should generalize and autoamte it by moving it to super._check_params
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @abigailgold Looks great, the support for regression models should be very useful. I have added a few question, what do you think?
…ck_params() Signed-off-by: abigailt <abigailt@il.ibm.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @abigailgold Thank you very much! The changes look good to me.
Description
Support for categorical non-numeric (i.e. string) features as well as continuous features.
Fixes #1983
Fixes #1543
Type of change
Testing
New test cases to check both continuous and string features.
Test Configuration:
Checklist