tapas.attacks.shadow_modelling.ShadowModellingAttack

class tapas.attacks.shadow_modelling.ShadowModellingAttack(classifier: tapas.attacks.set_classifiers.SetClassifier, label: Optional[str] = None)

Bases: tapas.attacks.base_classes.Attack

Shadow-modelling attacks simulate the dataset generation process, using auxiliary information available to the attacker, and train a classifier (here, a set classifier) to predict a property of the training dataset from the synthetic dataset. This class implements the logic of shadow modelling attacks, and takes as argument a SetClassifier.

classifier

Instance of a SetClassifier that will be used as the classification model for this attack.

Type: SetClassifier

trained

Indicates whether or not the attack has been trained on some data.

Type: bool

__init__(classifier: tapas.attacks.set_classifiers.SetClassifier, label: Optional[str] = None)

Initialise a Groundhog attack from a threat model and classifier.

Parameters

classifier (SetClassifier) – SetClassifier to set for attack.
label (str (optional)) – A label to reference this attack in reports.

Methods

`__init__`(classifier[, label])	Initialise a Groundhog attack from a threat model and classifier.
`attack`(datasets)	Make a guess about the target's membership in the training data that was used to produce each dataset in datasets.
`attack_score`(datasets)	Calculate classifier's raw probability about the presence of the target.
`train`([threat_model, num_samples])	Train the attack classifier on a labelled set of datasets.

Attributes

label

A label to describe this attack in reports.

attack(datasets: list[Dataset]) → list[int]

Make a guess about the target’s membership in the training data that was used to produce each dataset in datasets.

Parameters: datasets (list[Dataset]) – List of (synthetic) datasets to make a guess for.
Returns: Binary guesses for each dataset. A guess of 1 at index i indicates that the attack believes that the target was present in dataset i.
Return type: list[int]

attack_score(datasets: list[Dataset]) → list[float]

Calculate classifier’s raw probability about the presence of the target. Output is a probability in [0, 1].

Parameters: datasets (list[Dataset]) – List of (synthetic) datasets to make a guess for.
Returns: List of probabilities corresponding to attacker’s guess about the truth.
Return type: list[float]

property label: A label to describe this attack in reports.

train(threat_model: Optional[tapas.threat_models.attacker_knowledge.LabelInferenceThreatModel] = None, num_samples: int = 100)

Train the attack classifier on a labelled set of datasets. The datasets will either be generated from threat_model or need to be provided.

Parameters

threat_model (ThreatModel) – Threat model to use to generate training samples if synthetic_datasets or labels are not given.
num_samples (int, optional) – Number of datasets to generate using threat_model if synthetic_datasets or labels are not given. The default is 100.