This public repository is read-only and no longer maintained. For the latest sample code repositories, visit the Samples organization.
SAP Security Research sample code to reproduce the research done in our paper "Comparing local and central differential privacy using membership inference attacks"[1]. The MIAttack Framework follows the architecture suggested by Shokri et al.[2].
- Python 3.6
- Jupyter
- Tensorflow 1.14
- Tensorflow Privacy
- h5py 2.10.*
- numpy 1.18.*
- scikit-learn 0.22.*
- scipy 1.4.*
Implementation of membership inference attacks on artificial neural networks.
Running make install in the MIAttack folder should be enough for most usecases.
It creates the basic project directory structure and installs mia as well as other requirements.
You can use pip as your package manager and install the mia package via python -m pip install -e ./
For other package managers you need to install mia using setup.py.
After having run make install, the following directory structure should be created in your local
file system. Note: Everything that must not be tracked by git is already in .gitignore.
MIAttack/
|-- Makefile
|-- setup.py
|-- requirements.txt
|-- data/ # data files
|-- experiments/ # experiment results
|-- logs/ # log files
|-- models/ # relevant pre-trained models
|-- notebooks/ # evaluation notebooks
|-- mia/ # source root
|--core/ # the framework
|--projects/ # project implementations using mia
For every mia-project, e.g., dataset, a subdirectory should be created in ./MIAttack/mia/projects.
We recommend to create a file <project>_data.py for data preparation and loading, <project>_model.py to define your model and <project>_run_attack.py to perform the attack for each project.
The results of a test run are supposed to be stored ./experiments/.
- Daniel Bernau (corresponding author)
- Jonas Robl
- Philip-William Grassal
- Steffen Schneider
If you use this code in your research, please cite:
@article{DGR+19,
author = {Daniel Bernau and
Philip{-}William Grassal and
Jonas Robl and
Florian Kerschbaum},
title = {Assessing differentially private deep learning with Membership Inference},
journal = {CoRR},
volume = {abs/1912.11328},
year = {2019},
url = {http://arxiv.org/abs/1912.11328},
archivePrefix = {arXiv},
eprint = {1912.11328},
}
[1] Daniel Bernau, Philip-William Grassal, Jonas Robl, Florian Kerschbaum: Assessing differentially private deep learning with Membership Inference. arXiv:1912.11328 https://arxiv.org/abs/1912.11328
[2] Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov: Membership Inference Attacks against Machine Learning Models In Proceedings of the IEEE Symposium on Security and Privacy (2017) https://arxiv.org/abs/1610.05820
Copyright (c) 2020 SAP SE or an SAP affiliate company. All rights reserved. This project is licensed under the Apache Software License, version 2.0 except as noted otherwise in the LICENSE file.