Home

Awesome

privacy-vs-robustness

About

This code accompanies the paper "Privacy Risks of Securing Machine Learning Models against Adversarial Examples", accepted by ACM CCS 2019 https://arxiv.org/abs/1905.10291.

We perform membership inference attacks against machine learning models which are trained to be robust against adversarial examples.
In total, we evaluate the privacy leakage introduced by six state-of-the-art robust training algorithms: PGD-based adversarial training, distributional adversarial training, difference-based adversarial training, duality-based verification, abstract interpretation-based verification, interval bound propagation-based verification.
We find out that robust training algorithms tend to increase the membership information leakage of trained models, compared to the natural training algorithm.

Overview of the code

inference_utils.py: defined function of membership inference based on prediction confidence
utils.py: defined function to prepare Yale Face dataset
membership_inference_results.ipynb: lists membership inference results

Dependecies

Tensorflow-1.12; Pytorch-0.4