Merge pull request #7 from aidotse/add_attack_descriptors

Add attack descriptors
aidotse · Apr 2, 2024 · f15df86 · f15df86
2 parents eb8ed7f + 80627fa
commit f15df86
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/leakpro/mia_attacks/attacks/attack.py b/leakpro/mia_attacks/attacks/attack.py
@@ -79,6 +79,17 @@ def get_audit_dataset(self:Self)-> Self:
         """
         return self.audit_dataset
 
+    @abstractmethod
+    def desctiption(self:Self) -> dict:
+        """Return a description of the attack.
+
+        Returns
+        -------
+        dict: A dictionary containing the reference, summary, and detailed description of the attack.
+
+        """
+        pass
+
     @abstractmethod
     def prepare_attack(self:Self) -> None:
         """Prepare data needed for running the metric on the target model and dataset."""

diff --git a/leakpro/mia_attacks/attacks/attack_p.py b/leakpro/mia_attacks/attacks/attack_p.py
@@ -35,6 +35,29 @@ def __init__(self:Self, attack_utils: AttackUtils, configs: dict) -> None:
         self.signal = ModelLoss()
         self.hypothesis_test_func = attack_utils.linear_itp_threshold_func
 
+    def description(self:Self) -> dict:
+        """Return a description of the attack."""
+        title_str = "Population attack (P-attack)"
+
+        reference_str = "Ye, Jiayuan, et al. Enhanced membership inference attacks against machine learning models. " \
+                        "Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2022."
+
+        summary_str = "The Population attack (P-attack) is a membership inference attack based on the output loss of a black-box model."  # noqa: E501
+
+        detailed_str = "The attack is executed according to: \
+            1. A fraction of the population is sampled to create histograms of the output loss. \
+            2. The histograms are used to compute thresholds for the output loss based on a given FPR \
+            3. The thresholds are used to classify in-members and out-members. \
+            4. The attack is evaluated on an audit dataset to determine the attack performance."
+
+        return {
+            "title_str": title_str,
+            "reference": reference_str,
+            "summary": summary_str,
+            "detailed": detailed_str,
+        }
+
+
     def prepare_attack(self:Self) -> None:
         """Prepare data needed for running the metric on the target model and dataset."""
         # sample dataset to compute histogram

diff --git a/leakpro/mia_attacks/attacks/rmia.py b/leakpro/mia_attacks/attacks/rmia.py
@@ -36,6 +36,24 @@ def __init__(self:Self, attack_utils: AttackUtils, configs: dict) -> None:
         self.signal = ModelLogits()
         self.epsilon = 1e-6
 
+    def description(self:Self) -> dict:
+        """Return a description of the attack."""
+        title_str = "RMIA attack"
+        reference_str = "Zarifzadeh, Sajjad, Philippe Cheng-Jie Marc Liu, and Reza Shokri. \
+            Low-Cost High-Power Membership Inference by Boosting Relativity. (2023)."
+        summary_str = "The RMIA attack is a membership inference attack based on the output logits of a black-box model."
+        detailed_str = "The attack is executed according to: \
+            1. A fraction of the population is sampled to compute the likelihood LR_z of p(z|theta) to p(z) for the target model.\
+            2. The ratio is used to compute the likelihood ratio LR_x of p(x|theta) to p(x) for the target model. \
+            3. The ratio LL_x/LL_z is viewed as a random variable (z is random) and used to classify in-members and out-members. \
+            4. The attack is evaluated on an audit dataset to determine the attack performance."
+        return {
+            "title_str": title_str,
+            "reference": reference_str,
+            "summary": summary_str,
+            "detailed": detailed_str,
+        }
+
 
     def softmax(self:Self, all_logits:np.ndarray,
                 true_label_indices:np.ndarray,