Home

Awesome

membership-inference-via-backdooring

This repository contains the source code of the IJCAI-22 paper "Membership Inference via Backdooring". The proposed approach is "MIB: Membership Inference via Backdooring".

Requirement

Dataset

The experiments are evaluated on one image dataset of CIFAR-10 and two binary datasets of Location-30 and Purchase-100, which are widely used to evaluate membership privacy risks.

Experiments on CIFAR-10 dataset

Train a clean model

python train_clean.py --gpu-id 0 --checkpoint 'checkpoint/benign_model'

Train a backdoored model

python train_MIB.py --gpu-id 0 --checkpoint 'checkpoint/one_owner' --trigger 'white_square' --y_target 1 --trigger_size 3 --trigger_coordinate_x 29 --trigger_coordinate_y 29 --marking_rate 0.001
python train_MIB_multi.py --gpu-id 0 --checkpoint 'checkpoint/multi_owner' --num_users 10

Experiments on Location-30 dataset

Train a clean model

python train_clean.py --gpu-id 0 --checkpoint 'checkpoint/benign_model'

Train a backdoored model

python train_MIB.py --gpu-id 0 --checkpoint 'checkpoint/one_owner' --trigger 'binary_1' --y_target 1 --trigger_size 20 --trigger_locate 426 --marking_rate 0.002
python train_MIB_multi.py --gpu-id 0 --checkpoint 'checkpoint/multi_owner' --num_users 10

Experiments on Purchase-100 dataset

Train a clean model

python train_clean.py --gpu-id 0 --checkpoint 'checkpoint/benign_model'

Train a backdoored model

python train_MIB.py --gpu-id 0 --checkpoint 'checkpoint/one_owner' --trigger 'binary_1' --y_target 1 --trigger_size 20 --trigger_locate 580 --marking_rate 0.001
python train_MIB_multi.py --gpu-id 0 --checkpoint 'checkpoint/multi_owner' --num_users 10

Acknowledgment

Part of our code is based on the open-source code of the paper "Open-sourced Dataset Protection via Backdoor Watermarking", where backdooring technique was used to protect the intellectual property of datasets. We thank the contributions of the authors of that paper.