This folder contains the implementation of Amplifying Membership Exposure via Data Poisoning.
To install requirements:
pip install -r requirements.txt
- MNIST (part of TensorFlow)
- CIFAR-10 (part of TensorFlow)
- STL-10. Please download the dataset from the official link and uncompress the downloaded file (will get the
stl10_binaryfolder). Then move the folderstl10_binaryinto thedataset. - CelebA. Please download
img_align_celebaandimg_align_celeba.csvfrom this link. Then, create a subfoldercelebaunderdataset, and move the filelist_attr_celeba.csvand the folderimg_align_celebaintoceleba. - PatchCamelyon. Please download
camelyonpatch_level_2_split_test_x.h5andcamelyonpatch_level_2_split_test_y.h5from this link. Then, create a subfolderpathcamelyonunderdataset, and move the two files intopatchcamelyon.
The structure of the dataset folder should be
dataset
+-- stl10_binary
| +-- train_X.bin
| +-- train_Y.bin
| +-- test_X.bin
| +-- test_Y.bin
| ...
+-- celeba
| +-- img_align_celeba
| +-- list_attr_celeba.csv
+-- patchcamelyon
| +-- camelyonpatch_level_2_split_test_x.h5
| +-- camelyonpatch_level_2_split_test_y.h5
File poisoning_attack.py allows to run our poisoning attacks.
Example:
python poisoning_attack.py --target_class 0 \
--dataset cifar10 \
--encoder xception \
--seed_amount 1000 \
--attack_type clean_label \
--device_no 0
We provide example attacks in attack_example.sh. Directly run:
./attack_example.sh
To evaluate our poisoning attacks, first run:
./poisoning_models.sh
to generate poisoning datasets and poisoned models.
Then, run:
./evaluate_attack.sh
to get the evaluation results.
@inproceedings{CSSWZ22,
author = {Yufei Chen and Chao Shen and Yun Shen and Cong Wang and Yang Zhang},
title = {{Amplifying Membership Exposure via Data Poisoning}},
booktitle = {{Annual Conference on Neural Information Processing Systems (NeurIPS)}},
publisher = {NeurIPS},
year = {2022}
}