/Privacy-Attacks-in-Machine-Learning

Membership Inference, Attribute Inference and Model Inversion attacks implemented using PyTorch.

Primary LanguagePython

This repository contains implementation of Membership Inference, Attribute Inference and Model Inversion attacks as a part of course project for 'Privacy Enhancing Technologies' offered at Saarland University by Prof. Yang Zhang @ CISPA, Saarbrücken, Germany.

Course homepage | Project guidelines | Project references | Results and Inferences

Note: There are two implementation versions of the CLI. The other implementation can be found in 'CLI_ver2' folder.

Membership Inference

How to run

$ python cli.py membership-inference [OPTIONS] COMMAND [ARGS]...

  • Commands:

    • pretrained-dummy Load trained target and shadow model and train attack model
    • train-dummy Train target, shadow and attack model
    • train-plus-dummy Train target, shadow and attack model + augmentation, topk posteriors, parameter initialization and verbose enabled (check note below)
  • Options:

    • --dataset TEXT Which dataset to use (CIFAR10 or MNIST) [default = CIFAR10]
    • --data_path TEXT Path to store data [default = 'Membership-Inference/data']
    • --model_path TEXT Path to save or load model checkpoints [default = 'Membership-Inference/model']
    • --help Show this message and exit.
  • Example commands:

    • $ python cli.py membership-inference pretrained-dummy --dataset MNIST --model_path Membership-Inference/best_models/

    • $ python cli.py membership-inference train-dummy

    • $ python cli.py membership-inference train-plus-dummy --need_topk --param_init

    • Note:

      • Membership-Inference/model and Membership-Inference/data folders are generated while training.
      • train-plus-dummy has additional optional options which works as flags if mentioned:
        • --need_augm To use data augmentation on target and shadow training set or not
        • --need_topk Flag to enable using Top 3 posteriors for attack data
        • --param_init Flag to enable custom model params initialization
        • --verbose Add Verbosity

Attribute Inference

How to run

$ python cli.py attribute-inference [OPTIONS] COMMAND [ARGS]...

  • Options:

    • --help Show this message and exit.
  • Commands:

    • pretrained-dummy Load trained target and attack model
    • supply-target Supply own target model and train attack model
    • train-dummy Train target and attack model

pretrained-dummy

  • $ python cli.py attribute-inference pretrained-dummy [OPTIONS]

    • Load trained target and attack model
  • Options:

    • --help Show this message and exit.
  • Example command:

    • $ python cli.py attribute-inference pretrained-dummy

train-dummy

  • $ python cli.py attribute-inference train-dummy [OPTIONS]

    • Train target and attack model
  • Options:

    • -t, --target_epochs INTEGER Number of training epochs for the target model [default=30]
    • -a, --attack_epochs INTEGER Number of training epochs for the attack model [default=50]
    • --help Show this message and exit.
  • Example command:

    • $ python cli.py attribute-inference train-dummy -t 30 -a 50

supply-target

  • $ python cli.py attribute-inference supply-target [OPTIONS]

    • Supply own target model and train attack model.
    • Specifications for the target Model:
      • The target model should predict gender of a human [0: male, 1:female] and trained in UTKFace dataset.
      • The target model should give the following output: y, x where y are the two posteriors and y is the last fully connected layer. E.g. [ 5.0912e-01, -5.4544e-01], [-0.0656, 0.0087, -0.0543, ..., 0.0134, 0.0608, -0.0347]
      • The class file needs to be in the attribute inference folder.
      • Name of the class needs to be 'TargetModel'.
  • Options:

    • -c, --class_file TEXT File that holds the target models nn.Module class [required]
    • -s, --state_path TEXT Path of the state dictionary [required]
    • -d, --dimension INTEGER Flattend dimension of the layer used as attack modelinput [required]
    • -a, --attack_epochs INTEGER Number of training epochs for the attack model [default=30]
    • --help Show this message and exit.
  • Example command:

    • $ python cli.py attribute-inference supply-target -c af_models -s Attribute-Inference/models/target_model_30.pth -d 64 -a 50

Model Inversion

How to run

$ python cli.py model-inversion [OPTIONS] COMMAND [ARGS]...

  • Options:

    • --help Show this message and exit.
  • Commands:

    • pretrained-dummy Load trained target model and perform inversion
    • train-dummy Train target model and perform model inversion
    • supply-target Use trained external target model and perform model inversion

pretrained-dummy

  • $ python cli.py model-inversion pretrained-dummy [OPTIONS]

    • Load trained target model and perform inversion
    • Pretrained model 'atnt-mlp-model.pth' is in the ModelInversion folder.
  • Options:

    • --iterations INTEGER Number of Iterations in attack [default = 30]
    • --loss_function [crossEntropy|softmax] which loss function to used crossEntropy or softmax [default = crossEntropy]
    • --generate_specific_class INTEGER choose class, number between 1 and 40, which you want recovered or nothing to get all recovered [default = -1]
    • --help Show this message and exit.
  • Example command:

    • $ python cli.py model-inversion pretrained-dummy

train-dummy

  • $ python cli.py model-inversion train-dummy [OPTIONS]

    • Train target model and perform model inversion
  • Options:

    • --iterations INTEGER Number of Iterations in attack [default = 30]
    • --epochs INTEGER Number of epochs for the target model [default = 30]
    • --loss_function [crossEntropy|softmax] which loss function to used crossEntropy or softmax [default = crossEntropy]
    • --generate_specific_class INTEGER choose class, number between 1 and 40, which you want recovered or nothing to get all recovered [default = -1]
    • --help Show this message and exit.
  • Example command:

    • $ python cli.py model-inversion train-dummy --epochs 30

supply-target

  • $ python cli.py model-inversion supply-target [OPTIONS]

    • Use trained external target model and perform model inversion
    • Specifications for the target Model:
      • The target model should based on ATnT faces dataset.
      • The target model needs to return 'output, h' where output are the posteriors (h can be neglected).
      • The class file needs to be in the model inversion folder.
      • Name of the class needs to be 'TargetModel'.
  • Options:

    • --class_file TEXT File that holds the target models nn.Module class [required]
    • --target_model_path TEXT target model file [required]
    • --iterations INTEGER Number of Iterations in attack [default = 30]
    • --loss_function [crossEntropy|softmax] which loss function to used crossEntropy or softmax [default = crossEntropy]
    • --generate_specific_class INTEGER choose class, number between 1 and 40, which you want recovered or nothing to get all recovered [default = -1]
    • --help Show this message and exit.
  • Example command:

    • $ python cli.py model-inversion supply-target --class_file target_model --target_model_path ModelInversion/atnt-mlp-model.pth --generate_specific_class 25