def __init__(self, *args, **kwargs):
super(AttackResultsCollectionTest, self).__init__(*args, **kwargs)
self.some_attack_result = SingleAttackResult(
slice_spec=SingleSliceSpec(None),
attack_type=AttackType.THRESHOLD_ATTACK,
roc_curve=RocCurve(tpr=np.array([0.0, 0.5, 1.0]),
fpr=np.array([0.0, 0.5, 1.0]),
thresholds=np.array([0, 1, 2])))
self.results_epoch_10 = AttackResults(
single_attack_results=[self.some_attack_result],
privacy_report_metadata=PrivacyReportMetadata(
accuracy_train=0.4,
accuracy_test=0.3,
epoch_num=10,
model_variant_label='default'))
self.results_epoch_15 = AttackResults(
single_attack_results=[self.some_attack_result],
privacy_report_metadata=PrivacyReportMetadata(
accuracy_train=0.5,
accuracy_test=0.4,
epoch_num=15,
model_variant_label='default'))
self.attack_results_no_metadata = AttackResults(
single_attack_results=[self.some_attack_result])
self.collection_with_metadata = AttackResultsCollection(
[self.results_epoch_10, self.results_epoch_15])
self.collection_no_metadata = AttackResultsCollection(
[self.attack_results_no_metadata, self.attack_results_no_metadata])
class AttackResultsCollectionTest(absltest.TestCase):
def __init__(self, *args, **kwargs):
super(AttackResultsCollectionTest, self).__init__(*args, **kwargs)
self.some_attack_result = SingleAttackResult(
slice_spec=SingleSliceSpec(None),
attack_type=AttackType.THRESHOLD_ATTACK,
roc_curve=RocCurve(tpr=np.array([0.0, 0.5, 1.0]),
fpr=np.array([0.0, 0.5, 1.0]),
thresholds=np.array([0, 1, 2])),
data_size=DataSize(ntrain=1, ntest=1))
self.results_epoch_10 = AttackResults(
single_attack_results=[self.some_attack_result],
privacy_report_metadata=PrivacyReportMetadata(
accuracy_train=0.4,
accuracy_test=0.3,
epoch_num=10,
model_variant_label='default'))
self.results_epoch_15 = AttackResults(
single_attack_results=[self.some_attack_result],
privacy_report_metadata=PrivacyReportMetadata(
accuracy_train=0.5,
accuracy_test=0.4,
epoch_num=15,
model_variant_label='default'))
self.attack_results_no_metadata = AttackResults(
single_attack_results=[self.some_attack_result])
self.collection_with_metadata = AttackResultsCollection(
[self.results_epoch_10, self.results_epoch_15])
self.collection_no_metadata = AttackResultsCollection(
[self.attack_results_no_metadata, self.attack_results_no_metadata])
def test_save_with_metadata(self):
with tempfile.TemporaryDirectory() as tmpdirname:
self.collection_with_metadata.save(tmpdirname)
loaded_collection = AttackResultsCollection.load(tmpdirname)
self.assertEqual(repr(self.collection_with_metadata),
repr(loaded_collection))
self.assertLen(loaded_collection.attack_results_list, 2)
def test_save_no_metadata(self):
with tempfile.TemporaryDirectory() as tmpdirname:
self.collection_no_metadata.save(tmpdirname)
loaded_collection = AttackResultsCollection.load(tmpdirname)
self.assertEqual(repr(self.collection_no_metadata),
repr(loaded_collection))
self.assertLen(loaded_collection.attack_results_list, 2)
def test_multiple_metrics_plot_privacy_vs_accuracy_multiple_model(self):
fig = privacy_report.plot_privacy_vs_accuracy(
AttackResultsCollection(
(self.results_epoch_10, self.results_epoch_15,
self.results_epoch_15_model_2)),
['AUC', 'Attacker advantage'])
# extract data from figure.
auc_data_model_1 = fig.axes[0].lines[0].get_data()
auc_data_model_2 = fig.axes[0].lines[1].get_data()
attacker_advantage_data_model_1 = fig.axes[1].lines[0].get_data()
attacker_advantage_data_model_2 = fig.axes[1].lines[1].get_data()
# X axis lists epoch values
np.testing.assert_array_equal(auc_data_model_1[0], [0.4, 0.5])
np.testing.assert_array_equal(auc_data_model_2[0], [0.6])
np.testing.assert_array_equal(attacker_advantage_data_model_1[0],
[0.4, 0.5])
np.testing.assert_array_equal(attacker_advantage_data_model_2[0],
[0.6])
# Y axis lists privacy metrics
np.testing.assert_array_equal(auc_data_model_1[1], [0.5, 1.0])
np.testing.assert_array_equal(auc_data_model_2[1], [1.0])
np.testing.assert_array_equal(attacker_advantage_data_model_1[1],
[0, 1.0])
np.testing.assert_array_equal(attacker_advantage_data_model_2[1],
[1.0])
# Check the title
self.assertEqual(fig._suptitle.get_text(),
'Privacy vs Utility Analysis')
def test_save_no_metadata(self):
with tempfile.TemporaryDirectory() as tmpdirname:
self.collection_no_metadata.save(tmpdirname)
loaded_collection = AttackResultsCollection.load(tmpdirname)
self.assertEqual(repr(self.collection_no_metadata),
repr(loaded_collection))
self.assertLen(loaded_collection.attack_results_list, 2)
def test_single_metric_plot_by_epochs(self):
fig = privacy_report.plot_by_epochs(
AttackResultsCollection((self.results_epoch_0, self.results_epoch_10,
self.results_epoch_15)), ['AUC'])
# extract data from figure.
auc_data = fig.gca().lines[0].get_data()
# X axis lists epoch values
np.testing.assert_array_equal(auc_data[0], [0, 10, 15])
# Y axis lists AUC values
np.testing.assert_array_equal(auc_data[1], [0.5, 0.5, 1.0])
# Check the title
self.assertEqual(fig._suptitle.get_text(), 'Vulnerability per Epoch')
def test_single_metric_plot_privacy_vs_accuracy_single_model(self):
fig = privacy_report.plot_privacy_vs_accuracy(
AttackResultsCollection((self.results_epoch_10, self.results_epoch_15)),
['AUC'])
# extract data from figure.
auc_data = fig.gca().lines[0].get_data()
# X axis lists epoch values
np.testing.assert_array_equal(auc_data[0], [0.4, 0.5])
# Y axis lists AUC values
np.testing.assert_array_equal(auc_data[1], [0.5, 1.0])
# Check the title
self.assertEqual(fig._suptitle.get_text(), 'Privacy vs Utility Analysis')
def test_multiple_metrics_plot_by_epochs(self):
fig = privacy_report.plot_by_epochs(
AttackResultsCollection((self.results_epoch_10, self.results_epoch_15)),
['AUC', 'Attacker advantage'])
# extract data from figure.
auc_data = fig.axes[0].lines[0].get_data()
attacker_advantage_data = fig.axes[1].lines[0].get_data()
# X axis lists epoch values
np.testing.assert_array_equal(auc_data[0], [10, 15])
np.testing.assert_array_equal(attacker_advantage_data[0], [10, 15])
# Y axis lists privacy metrics
np.testing.assert_array_equal(auc_data[1], [0.5, 1.0])
np.testing.assert_array_equal(attacker_advantage_data[1], [0, 1.0])
# Check the title
self.assertEqual(fig._suptitle.get_text(), 'Vulnerability per Epoch')
def main(unused_argv):
epoch_results = AttackResultsCollection([])
num_epochs = 2
models = {
"two layer model": two_layer_model,
"three layer model": three_layer_model,
}
for model_name in models:
# Incrementally train the model and store privacy metrics every num_epochs.
for i in range(1, 6):
models[model_name].fit(
training_features,
to_categorical(training_labels, num_clusters),
validation_data=(test_features,
to_categorical(test_labels, num_clusters)),
batch_size=64,
epochs=num_epochs,
shuffle=True)
training_pred = models[model_name].predict(training_features)
test_pred = models[model_name].predict(test_features)
# Add metadata to generate a privacy report.
privacy_report_metadata = PrivacyReportMetadata(
accuracy_train=metrics.accuracy_score(
training_labels, np.argmax(training_pred, axis=1)),
accuracy_test=metrics.accuracy_score(
test_labels, np.argmax(test_pred, axis=1)),
epoch_num=num_epochs * i,
model_variant_label=model_name)
attack_results = mia.run_attacks(
AttackInputData(labels_train=training_labels,
labels_test=test_labels,
probs_train=training_pred,
probs_test=test_pred,
loss_train=crossentropy(
training_labels, training_pred),
loss_test=crossentropy(test_labels,
test_pred)),
SlicingSpec(entire_dataset=True, by_class=True),
attack_types=(AttackType.THRESHOLD_ATTACK,
AttackType.LOGISTIC_REGRESSION),
privacy_report_metadata=privacy_report_metadata)
epoch_results.append(attack_results)
# Generate privacy reports
epoch_figure = privacy_report.plot_by_epochs(
epoch_results, [PrivacyMetric.ATTACKER_ADVANTAGE, PrivacyMetric.AUC])
epoch_figure.show()
privacy_utility_figure = privacy_report.plot_privacy_vs_accuracy_single_model(
epoch_results, [PrivacyMetric.ATTACKER_ADVANTAGE, PrivacyMetric.AUC])
privacy_utility_figure.show()
# Example of saving the results to the file and loading them back.
with tempfile.TemporaryDirectory() as tmpdirname:
filepath = os.path.join(tmpdirname, "results.pickle")
attack_results.save(filepath)
loaded_results = AttackResults.load(filepath)
print(loaded_results.summary(by_slices=False))
# Print attack metrics
for attack_result in attack_results.single_attack_results:
print("Slice: %s" % attack_result.slice_spec)
print("Attack type: %s" % attack_result.attack_type)
print("AUC: %.2f" % attack_result.roc_curve.get_auc())
print("Attacker advantage: %.2f\n" %
attack_result.roc_curve.get_attacker_advantage())
max_auc_attacker = attack_results.get_result_with_max_auc()
print("Attack type with max AUC: %s, AUC of %.2f" %
(max_auc_attacker.attack_type, max_auc_attacker.roc_curve.get_auc()))
max_advantage_attacker = attack_results.get_result_with_max_attacker_advantage(
)
print("Attack type with max advantage: %s, Attacker advantage of %.2f" %
(max_advantage_attacker.attack_type,
max_advantage_attacker.roc_curve.get_attacker_advantage()))
# Print summary
print("Summary without slices: \n")
print(attack_results.summary(by_slices=False))
print("Summary by slices: \n")
print(attack_results.summary(by_slices=True))
# Print pandas data frame
print("Pandas frame: \n")
pd.set_option("display.max_rows", None, "display.max_columns", None)
print(attack_results.calculate_pd_dataframe())
# Example of ROC curve plotting.
figure = plotting.plot_roc_curve(
attack_results.single_attack_results[0].roc_curve)
figure.show()
plt.show()
def test_plot_by_epochs_no_metadata(self):
# Raise error if metadata is missing
self.assertRaises(
ValueError, privacy_report.plot_by_epochs,
AttackResultsCollection((self.attack_results_no_metadata,)), ['AUC'])
def test_plot_privacy_vs_accuracy_single_model_no_metadata(self):
# Raise error if metadata is missing
self.assertRaises(
ValueError, privacy_report.plot_privacy_vs_accuracy,
AttackResultsCollection((self.attack_results_no_metadata,)), ['AUC'])
