def test_classifier():
x_train, _, _, _ = CIFAR10.numpy()
classifier = Classifier(load_dcti(),
nb_classes=CIFAR10.N_CLASSES,
input_shape=CIFAR10.INPUT_SHAPE)
assert classifier.predict(x_train).shape == (x_train.shape[0],
CIFAR10.N_CLASSES)
def test_attack():
x_train, y_train, x_test, y_test = CIFAR10.numpy()
target_model = Classifier(load_dcti(),
nb_classes=CIFAR10.N_CLASSES,
input_shape=CIFAR10.INPUT_SHAPE)
attack = Attack(target_model, x_train, y_train, x_test, y_test)
with pytest.raises(NotImplementedError):
attack.attack()
def test_inference_label_only_decision_boundary_attack():
x_train, y_train, x_test, y_test = CIFAR10.numpy()
target_model = Classifier(load_dcti(),
nb_classes=CIFAR10.N_CLASSES,
input_shape=CIFAR10.INPUT_SHAPE)
attack = MembershipInferenceLabelOnlyDecisionBoundaryAttack(
target_model, x_train[:1], y_train[:1], x_test[:1], y_test[:1])
attack.attack(max_iter=1, max_eval=1, init_eval=1)
def test_membership_inference_black_box_attack():
x_train, y_train, x_test, y_test = CIFAR10.numpy()
target_model = Classifier(load_dcti(),
nb_classes=CIFAR10.N_CLASSES,
input_shape=CIFAR10.INPUT_SHAPE)
attack = MembershipInferenceBlackBoxAttack(target_model, x_train[:100],
y_train[:100], x_test[:100],
y_test[:100])
attack.attack()
def test_sample_attack():
x_train, y_train, x_test, y_test = CIFAR10.numpy()
target_model = Classifier(
load_dcti(), nb_classes=CIFAR10.N_CLASSES, input_shape=CIFAR10.INPUT_SHAPE
)
attack = SampleAttack(target_model, x_train, y_train, x_test, y_test)
actual_inferred_train_data, actual_inferred_test_data = attack.attack()
expected_inferred_train_data, expected_inferred_test_data = np.ones(10), np.zeros(
10
)
assert len(actual_inferred_train_data) == len(expected_inferred_train_data)
assert len(actual_inferred_test_data) == len(expected_inferred_test_data)
assert all(
[
a == b
for a, b in zip(actual_inferred_train_data, expected_inferred_train_data)
]
)
assert all(
[a == b for a, b in zip(actual_inferred_test_data, expected_inferred_test_data)]
)