search

bargavj / EvaluatingDPML

This project's goal is to evaluate the privacy leakage of differentially private machine learning models.
MIT License
129 stars 48 forks source link

What does it mean when the privacy leakage metric is negative? #32

Open inin1999 opened 1 year ago

inin1999 commented 1 year ago

The paper indicates that privacy leakage metric is always between 0 and 1, where the value of 0 indicates that there is no leakage. When I run the code many times

$python3 main.py cifar_100 --target_model='nn' --target_l2_ratio=1e-4 --target_privacy='grad_pert' --target_dp='rdp' --target_epsilon=0.01 --target_epochs=100 --attack_epoch=100

I got the Advantage = -0.0009、0.0005、-0.0031、-0.0006、0.002 What does it mean when the privacy leakage metric is negative? The smaller the privacy leakage metric, the more advantageous to the attack model?