def __init__(
self, attack_alias, attack_pars, data, labels, data_conf, target_models
):
pars_descriptors = {} # No additional parameters
inference_attacks = []
for target_model in target_models:
target_classifier = KerasClassifier(target_model, clip_values=(0, 1))
inference_attacks.append(
membership_inference.MembershipInferenceBlackBoxRuleBased(
classifier=target_classifier
)
)
super().__init__(
attack_alias,
data,
labels,
data_conf,
target_models,
inference_attacks,
pars_descriptors,
)
self.report_section = report.ReportSection(
"Membership Inference Black-Box Rule-Based",
self.attack_alias,
"ART_MembershipInferenceBlackBoxRuleBased",
)
def __init__(self, attack_alias, attack_pars, data, labels, data_conf,
target_models):
super().__init__(attack_alias, attack_pars, data, labels, data_conf,
target_models)
self.report_section = report.ReportSection(
"Membership Inference Attack",
self.attack_alias,
"mia",
)
def __init__(
self, attack_alias, attack_pars, data, labels, data_conf, target_models
):
pars_descriptors = {
"attack_model_type": "Attack model type",
"input_type": "Input type",
"attack_model": "Attack model",
}
# Display warning if no Keras model is provided
if (
"attack_model" in attack_pars
and not isinstance(attack_pars["attack_model"], KerasClassifier)
) or "attack_model" not in attack_pars:
logger.warning(
"The provided Attack Model (attack_model) seems not to be a Keras "
"classifier. This may result in stability issues and your runtime may "
"crash! It is recommended to use a Keras model for this attack."
)
# Handle specific attack class parameters
params = {}
for k in pars_descriptors:
if k in attack_pars:
params[k] = attack_pars[k]
inference_attacks = []
for target_model in target_models:
target_classifier = KerasClassifier(target_model, clip_values=(0, 1))
inference_attacks.append(
membership_inference.MembershipInferenceBlackBox(
classifier=target_classifier, **params
)
)
if inference_attacks[-1].attack_model_type is "None":
inference_attacks[-1].attack_model_type = "Custom"
super().__init__(
attack_alias,
data,
labels,
data_conf,
target_models,
inference_attacks,
pars_descriptors,
)
self.report_section = report.ReportSection(
"Membership Inference Black-Box",
self.attack_alias,
"ART_MembershipInferenceBlackBox",
)
def __init__(
self, attack_alias, attack_pars, data, labels, data_conf, target_models
):
pars_descriptors = {
"distance_threshold_tau": "Threshold distance",
# HopSkipJump parameters
"norm": "Adversarial perturbation norm",
"max_iter": "Max. iterations",
"max_eval": "Max. evaluations",
"init_eval": "Initial evaluations",
"init_size": "Max. trials",
"verbose": "Verbose output",
}
# Save HopSkipJump parameters
self.hopskipjump_args = attack_pars.copy()
del self.hopskipjump_args["distance_threshold_tau"]
# Hide verbose parameter from report
if "verbose" in self.hopskipjump_args:
del self.hopskipjump_args["verbose"]
inference_attacks = []
for target_model in target_models:
target_classifier = KerasClassifier(target_model, clip_values=(0, 1))
inference_attacks.append(
membership_inference.LabelOnlyDecisionBoundary(
target_classifier,
distance_threshold_tau=attack_pars["distance_threshold_tau"],
)
)
super().__init__(
attack_alias,
data,
labels,
data_conf,
target_models,
inference_attacks,
pars_descriptors,
)
self.report_section = report.ReportSection(
"Label Only Decision Boundary",
self.attack_alias,
"ART_LabelOnlyDecisionBoundary",
)
def __init__(
self, attack_alias, attack_pars, data, labels, data_conf, target_models
):
pars_descriptors = {
"batch_size_fit": "Batch size (thieved classifier)",
"batch_size_query": "Batch size (victim classifier)",
"nb_epochs": "Number of epochs for training",
"nb_stolen": "Number of victim queries",
"use_probability": "Use probability",
"sampling_strategy": "Sampling strategy",
"reward": "Reward type",
"verbose": "Show progress bars",
}
# Handle specific attack class parameters
params = {}
for k in pars_descriptors:
if k in attack_pars:
params[k] = attack_pars[k]
extraction_attacks = []
for target_model in target_models:
target_classifier = KerasClassifier(target_model, clip_values=(0, 1))
extraction_attacks.append(
art.attacks.extraction.KnockoffNets(
classifier=target_classifier, **params
)
)
super().__init__(
attack_alias,
{"stolen_models": attack_pars["stolen_models"]},
data,
labels,
data_conf,
target_models,
extraction_attacks,
pars_descriptors,
)
self.report_section = report.ReportSection(
"Knockoff Nets",
self.attack_alias,
"ART_KnockoffNets",
)
def __init__(
self, attack_alias, attack_pars, data, labels, data_conf, target_models
):
super().__init__(
attack_alias,
{},
data,
labels,
data_conf,
target_models,
)
self.pars_descriptors = {
"max_iter": "Max. iterations",
"window_length": "Window length",
"threshold": "Stopping threshold",
"batch_size": "Batch size",
"verbose": "Verbose output",
}
# Handle specific attack class parameters
params = {}
for k in self.pars_descriptors:
if k in attack_pars:
params[k] = attack_pars[k]
self.inference_attacks = []
for target_model in target_models:
target_classifier = KerasClassifier(target_model, clip_values=(0, 1))
self.inference_attacks.append(
model_inversion.MIFace(target_classifier, **params)
)
self.report_section = report.ReportSection(
"Model Inversion MIFace",
self.attack_alias,
"ART_MIFace",
)