tapas.attacks.closest_distance.ClosestDistanceMIA

class tapas.attacks.closest_distance.ClosestDistanceMIA(distance: tapas.attacks.distances.DistanceMetric = <tapas.attacks.distances.HammingDistance object>, criterion: tuple = 'accuracy', label: typing.Optional[str] = None)

Bases: tapas.attacks.base_classes.TrainableThresholdAttack

Attack that looks for the closest record to a given target in the synthetic data to determine whether the target was in the training dataset.

This attack predicts that a target record is in the training dataset

iff: min_{x in synth_data} distance(x, target) <= threshold.

The threshold can either be specified, or selected automatically.

__init__(distance: tapas.attacks.distances.DistanceMetric = <tapas.attacks.distances.HammingDistance object>, criterion: tuple = 'accuracy', label: typing.Optional[str] = None)

Create the attack with chosen parameters.

Parameters

  • distance (DistanceMetric) – Distance to use between records for the attack.

  • criterion (tuple) – Criterion to select the threshold (see TrainableThresholdAttack for details).

  • (optional) (label) –

Methods

__init__([distance, criterion, label])

Create the attack with chosen parameters.

attack(datasets)

Make a prediction for each dataset.

attack_score(datasets)

Compute the decision score for this attack.

train(threat_model[, num_samples])

Train this attack: train the score, then choose a threshold meeting the target criterion.

Attributes

label

A label to describe this attack in reports.
attack(datasets: list[Dataset])

Make a prediction for each dataset.

This computes attack_score for each dataset, then decides that the target user is in the training dataset if and only if the score is higher than self._threshold.

Parameters

datasets (a list of synthetic datasets.) –

Returns

predictions

Return type

np.array of booleans.

attack_score(datasets: list[Dataset])

Compute the decision score for this attack.

The target score is the minimum distance between the target record x and records in the dataset.

Parameters

datasets (a list of synthetic datasets.) –

Returns

scores

Return type

array of (nonnegative) record distances.

property label

A label to describe this attack in reports.

train(threat_model: tapas.threat_models.attacker_knowledge.LabelInferenceThreatModel, num_samples: Optional[int] = None, **attack_score_kwargs)

Train this attack: train the score, then choose a threshold meeting the target criterion.

Parameters

  • threat_model (LabelInferenceThreatModel) – The threat model from which to generate labelled samples.

  • num_samples (int (default, None).) – Number of training samples to generate to select the threshold. If None, use all pre-generated training samples (only do this if you have already generated datasets).

  • (optionally)

  • arguments (additional keyword) –

  • _train_attack_score. (passed to) –