This repository contains my work on replicating the original paper of the membership inference attack against machine learning classifiers.
It is recommended to use docker to ensure the Cuda and cuDNN versions match the pinned tensorflow version.
The dockerfile uses Cuda==11.2.1 and cuDNN==8.1, this project uses tensorflow-gpu==2.9.3.
To leverage the GPU, install the respective NVIDIA driver on the host system, as
well as the NVIDIA container toolkit.
Build the image:
docker build -t mia .Set the gid and uid as environment variables, so that they are set correctly in the container.
export UID=$(id -u)
export GID=$(id -g)Start a container:
docker compose run miaTo verify that the GPU is available in tensorflow:
TF_CPP_MIN_LOG_LEVEL=2 python -c "import tensorflow as tf; tf.config.list_physical_devices('GPU')"If you want to debug in the Docker container, change the entrypoint of the docker-compose.yml file to
entrypoint: /bin/bash.
If you don't want to use the GPU or none is availabe to Docker, remove the "deploy"-key from the docker-compose.yml.
The code is split into submodules in the subfolder mia/:
download.py: Download datasetsdatasets.py: Data preprocessingtarget_models.py: Train/load target modelshadow_data.py: Generate shadow datashadow_models.py: Train/load shadow modelsattack_data.py: Predict shadow data on shadow models and aggregate it into attack dataattack_model.py: Train/load attack modelattack_pipeline.py: Run the attack pipeline on the target model- (
configuration.py: Parse config YAML file)
Each module can be called as a standalone script with the option --config FILE to read the configuration from FILE
(default is using config/example.yml).
Datasets and models will be saved to disk and only generated or trained if they can't be loaded from disk.
mia/main.py ties the modules together to train/generate all models/data:
python mia/main.pyDocumentation is currently avaible at https://oli-ross.github.io/replicating_mia. You can generate it locally with pdoc:
cd mia && pdoc -o ../docs/build *.py