tapas.attacks.synthinference.ProbabilityEstimationAttack

class tapas.attacks.synthinference.ProbabilityEstimationAttack(estimator: tapas.attacks.synthinference.DensityEstimator, criterion: tuple, label: Optional[str] = None)

Bases: tapas.attacks.base_classes.TrainableThresholdAttack

Membership Inference Attack that first estimates a statistical model p_x of the distribution of records in the synthetic data, and then uses p_x(target_record) as score. The intuition is that the distribution of the synthetic data, which is defined by the generator trained on the real data, is more likely to be high for records in the real data. This works best on overfitted models.

__init__(estimator: tapas.attacks.synthinference.DensityEstimator, criterion: tuple, label: Optional[str] = None)

Create an inference-on-synthetic attack.

Parameters

  • estimator (DensityEstimator) – The estimator, as a DensityEstimator object with .fit and .score. If an object of another type is passed, this object is assumed to be a sklearn model, and is fed into sklearnDensityEstimator.

  • criterion (str or tuple) – How to select the threshold (see TrainableThresholdAttack).

  • label (str (optional)) – String to represent this attack.

Methods

__init__(estimator, criterion[, label])

Create an inference-on-synthetic attack.

attack(datasets)

Make a prediction for each dataset.

attack_score(datasets)

Perform the attack on each dataset in a list, but return a confidence score (specifically for classification tasks).

train(threat_model[, num_samples])

Train this attack: train the score, then choose a threshold meeting the target criterion.

Attributes

label

A label to describe this attack in reports.
attack(datasets: list[Dataset])

Make a prediction for each dataset.

This computes attack_score for each dataset, then decides that the target user is in the training dataset if and only if the score is higher than self._threshold.

Parameters

datasets (a list of synthetic datasets.) –

Returns

predictions

Return type

np.array of booleans.

attack_score(datasets: list[Dataset])

Perform the attack on each dataset in a list, but return a confidence score (specifically for classification tasks).

property label

A label to describe this attack in reports.

train(threat_model: tapas.threat_models.attacker_knowledge.LabelInferenceThreatModel, num_samples: Optional[int] = None, **attack_score_kwargs)

Train this attack: train the score, then choose a threshold meeting the target criterion.

Parameters

  • threat_model (LabelInferenceThreatModel) – The threat model from which to generate labelled samples.

  • num_samples (int (default, None).) – Number of training samples to generate to select the threshold. If None, use all pre-generated training samples (only do this if you have already generated datasets).

  • (optionally)

  • arguments (additional keyword) –

  • _train_attack_score. (passed to) –