def create_seq2seq_attacker_data( attack_input_data: Seq2SeqAttackInputData, test_fraction: float = 0.25, balance: bool = True, privacy_report_metadata: PrivacyReportMetadata = PrivacyReportMetadata() ) -> AttackerData: """Prepares Seq2SeqAttackInputData to train ML attackers. Uses logits and losses to generate ranks and performs a random train-test split. Also computes metadata (loss, accuracy) for the model under attack and populates respective fields of PrivacyReportMetadata. Args: attack_input_data: Original Seq2SeqAttackInputData test_fraction: Fraction of the dataset to include in the test split. balance: Whether the training and test sets for the membership inference attacker should have a balanced (roughly equal) number of samples from the training and test sets used to develop the model under attack. privacy_report_metadata: the metadata of the model under attack. Returns: AttackerData. """ attack_input_train, loss_train, accuracy_train = _get_attack_features_and_metadata( attack_input_data.logits_train, attack_input_data.labels_train) attack_input_test, loss_test, accuracy_test = _get_attack_features_and_metadata( attack_input_data.logits_test, attack_input_data.labels_test) if balance: min_size = min(len(attack_input_train), len(attack_input_test)) attack_input_train = _sample_multidimensional_array( attack_input_train, min_size) attack_input_test = _sample_multidimensional_array( attack_input_test, min_size) features_all = np.concatenate((attack_input_train, attack_input_test)) ntrain, ntest = attack_input_train.shape[0], attack_input_test.shape[0] # Reshape for classifying one-dimensional features features_all = features_all.reshape(-1, 1) labels_all = np.concatenate(((np.zeros(ntrain)), (np.ones(ntest)))) # Perform a train-test split features_train, features_test, \ is_training_labels_train, is_training_labels_test = \ model_selection.train_test_split( features_all, labels_all, test_size=test_fraction, stratify=labels_all) # Populate accuracy, loss fields in privacy report metadata privacy_report_metadata.loss_train = loss_train privacy_report_metadata.loss_test = loss_test privacy_report_metadata.accuracy_train = accuracy_train privacy_report_metadata.accuracy_test = accuracy_test return AttackerData(features_train, is_training_labels_train, features_test, is_training_labels_test, DataSize(ntrain=ntrain, ntest=ntest))
def _compute_missing_privacy_report_metadata( metadata: PrivacyReportMetadata, attack_input: AttackInputData) -> PrivacyReportMetadata: """Populates metadata fields if they are missing.""" if metadata is None: metadata = PrivacyReportMetadata() if metadata.accuracy_train is None: metadata.accuracy_train = _get_accuracy(attack_input.logits_train, attack_input.labels_train) if metadata.accuracy_test is None: metadata.accuracy_test = _get_accuracy(attack_input.logits_test, attack_input.labels_test) if metadata.loss_train is None: metadata.loss_train = np.average(attack_input.get_loss_train()) if metadata.loss_test is None: metadata.loss_test = np.average(attack_input.get_loss_test()) return metadata