JamesJordon
commented
2 years ago @fhoussiau and I had a back and forth yesterday over slack (my bad for not seeing this issue). I'll try to summarise what I landed on in my thinking for the ThreatModel class.
- It should house the adversary's background knowledge (i.e. should have an attribute
.adv_dataand.shadow_model, indicating. I think.adv_datashould be a dictionary containing auxiliary data, and any of the real data it has access to (I've implemented this in this branch, in thethreat_models/mia.pyfile)..shadow_modelcan either be the same as the generator, or different, in line with the idea that we investigate what happens when an adversary has imperfect knowledge of the generative mechanism. - It should house the logic for testing, not necessarily creating test datasets. I think this should be implemented via a
.test(attack)method. I don't feel strongly either way about whether thereportshould be part of this, or whethertestshould just output the raw outputs of the attack. - We should rename the class to something more appropriate, but we haven't thought of anything concrete.
I actually think 2. and 3. could be separate classes, but let's implement it as one for now.
I also feel that target should not be saved in ThreatModel.
In this branch, I have written a first draft of a "threat model" class (in
threat_models/base_classes.pyandthreat_models/mia.py). This class is composed of two main parts:(this should probably be explained somewhere, as it's maybe not intuitive, I've put a longish description in
threat_models/base_classes.pybut it might be worth putting it in longer form somewhere?)I have modified
attacks/groundhog.pyandrun_groundhog.pyto use this class.Could I have your input on this class? (and the name, the more I think of it the less I like "threat model").