tapas.attacks.groundhog.GroundhogAttack

class tapas.attacks.groundhog.GroundhogAttack(use_naive=True, use_hist=True, use_corr=True, model=None, label=None)

Bases: tapas.attacks.shadow_modelling.ShadowModellingAttack

The attack introduced by Stadler et al.

__init__(use_naive=True, use_hist=True, use_corr=True, model=None, label=None)
Parameters

  • use_naive (bool (default True)) – Whether to use F_naive as a feature.

  • use_hist (bool (default True)) – Whether to use F_hist as a feature.

  • use_corr (bool (default True)) – Whether to use F_corr as a feature.

  • model (sklearn.base.ClassifierMixin (default None)) – If specified, the binary classifier to use for the attack. If None, the default (random forest with 100 learners) is used.

  • label (str (default None)) – An optional label to refer to the attack in reports.

Methods

__init__([use_naive, use_hist, use_corr, ...])

param use_naive

Whether to use F_naive as a feature.

attack(datasets)

Make a guess about the target's membership in the training data that was used to produce each dataset in datasets.

attack_score(datasets)

Calculate classifier's raw probability about the presence of the target.

train([threat_model, num_samples])

Train the attack classifier on a labelled set of datasets.

Attributes

label

A label to describe this attack in reports.
attack(datasets: list[Dataset]) list[int]

Make a guess about the target’s membership in the training data that was used to produce each dataset in datasets.

Parameters

datasets (list[Dataset]) – List of (synthetic) datasets to make a guess for.

Returns

Binary guesses for each dataset. A guess of 1 at index i indicates that the attack believes that the target was present in dataset i.

Return type

list[int]

attack_score(datasets: list[Dataset]) list[float]

Calculate classifier’s raw probability about the presence of the target. Output is a probability in [0, 1].

Parameters

datasets (list[Dataset]) – List of (synthetic) datasets to make a guess for.

Returns

List of probabilities corresponding to attacker’s guess about the truth.

Return type

list[float]

property label

A label to describe this attack in reports.

train(threat_model: Optional[tapas.threat_models.attacker_knowledge.LabelInferenceThreatModel] = None, num_samples: int = 100)

Train the attack classifier on a labelled set of datasets. The datasets will either be generated from threat_model or need to be provided.

Parameters

  • threat_model (ThreatModel) – Threat model to use to generate training samples if synthetic_datasets or labels are not given.

  • num_samples (int, optional) – Number of datasets to generate using threat_model if synthetic_datasets or labels are not given. The default is 100.