Examples of membership inference vulnerability analysis with a neural network using the cifar-10 dataset and a decision tree using the adult dataset.
The neural network example has been tested using Keras 2.2.4 with a tensorflow backend of tensorflow-gpu 1.13.1. The decision tree example has been tested with the sklearn DecisionTreeClassifier using scikit-learn 0.20.2. Experiments additionally require numpy, pandas, and prettytable (tested with 1.17.1, 0.24.1, and 0.7.2 respectively).
The decision tree experiments additionally require the user to specify the location of a csv file containing the adult dataset. The adult dataset can be downloaded here: https://archive.ics.uci.edu/ml/datasets/Adult.
The experiments are self contained. Once all of the requirements are satisfied the neural network experiment can be run
by navigating to the experiment_examples folder and executing cifar10_nn.py. From the same folder the decision tree
experiment can be executed with adult_dt.py data_loc where data_loc signifies the relative path to the Adult
dataset on your local machine.
Using the defaults currently in the adult_dt.py experiment the final output should appear similar to the following:
Final result averaged from total of 10 runs: +------------------------------------------------------------------------------+ | Target Model | +---------------------------------------+-------------------+------------------+ | Model Definition | Training Accuracy | Testing Accuracy | +---------------------------------------+-------------------+------------------+ | /model_repository/adult_classifier.py | 100.00 | 80.83 | +---------------------------------------+-------------------+------------------+ +----------------------------------------------------+ | Attack Aggregate | +------------+----------+-----------+--------+-------+ | Num Shadow | Accuracy | Precision | Recall | F-1 | +------------+----------+-----------+--------+-------+ | 100 | 58.07 | 54.81 | 92.00 | 68.69 | +------------+----------+-----------+--------+-------+ +---------------------------------------------------------------------------------------------------------------------------------------------------+ | Per Class Evaluation | +-------+-----------------------+----------------------+------------------+-----------------+---------------+------------------+--------------------+ | Class | Target Accuracy Train | Target Accuracy Test | Attack Precision | Attack Accuracy | Attack Recall | Attack F-1 Score | Percentage of Data | +-------+-----------------------+----------------------+------------------+-----------------+---------------+------------------+--------------------+ | <=50K | 100.0 | 87.13 | 53.61 | 56.59 | 100.0 | 69.8 | 75.77 | | >50K | 100.0 | 61.41 | 61.32 | 62.71 | 66.61 | 63.85 | 24.23 | +-------+-----------------------+----------------------+------------------+-----------------+---------------+------------------+--------------------+
For details on membership inference vulnerability in machine learning, we refer those interested to the following publications:
Truex, Stacey, et al. "Demystifying membership inference attacks in machine learning as a service." IEEE Transactions on Services Computing (2019). [pdf]
BibTex citation:
@article{truex2019demystifying,
title={Demystifying membership inference attacks in machine learning as a service},
author={Truex, Stacey and Liu, Ling and Gursoy, Mehmet Emre and Yu, Lei and Wei, Wenqi},
journal={IEEE Transactions on Services Computing},
year={2019},
publisher={IEEE}
}
Truex, Stacey, et al. "Effects of differential privacy and data skewness on membership inference vulnerability." 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 2019. [pdf]
BibTex citation:
@inproceedings{truex2019effects,
title={Effects of differential privacy and data skewness on membership inference vulnerability},
author={Truex, Stacey and Liu, Ling and Gursoy, Mehmet Emre and Wei, Wenqi and Yu, Lei},
booktitle={2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)},
pages={82--91},
year={2019},
organization={IEEE}
}