about shadow_model train datasets

[wpyniub]

Hallo,i have a question about generating shadow model training data. you are using a query-based synthesis approach.However, the display result of the synthesis data is far from that of the cifar-10 picture. Can you tell me why?Thank you very much！

[icmpnorequest]

Hallo,i have a question about generating shadow model training data. you are using a query-based synthesis approach.However, the display result of the synthesis data is far from that of the cifar-10 picture. Can you tell me why?Thank you very much！

Hi,

The code of this paper doesn't contain data synthesis algorithm, so I just completed the algorithm on my own. I have contacted Dr. Shokri, the first author of the paper, but he told me the algorithm is designed for binary class. In other words, it doesn't fit for Cifar10 dataset. Therefore, we need to complete the data synthesis algorithm for Cifar10 dataset by ourselves.

[wpyniub]

Thank you very much for answering my question. One question is why the accuracy of the attack in your code is very high when the cifar-10 synthesis data obtained by using the query is quite different from the real data.And do you know what methods are available to synthesize simulated image information in the black box situation.

[icmpnorequest]

Thank you very much for answering my question. One question is why the accuracy of the attack in your code is very high when the cifar-10 synthesis data obtained by using the query is quite different from the real data.And do you know what methods are available to synthesize simulated image information in the black box situation.

The original code for the paper just replace some images with some random generated numbers, so I guess the key intuition lies on shadow models generation and shadow training (depends heavily on the guessing of shadow model). That might be why the accuracy of membership inference attack is high. For the second question, maybe you could refer to membership inference attack and adversarial example generation.