search

privML / privacy-evaluator

The privML Privacy Evaluator is a tool that assesses ML model's levels of privacy by running different attacks on it.
MIT License
17 stars 17 forks source link

Move attack parameters from `init` to `fit` method #210

Closed marisanest closed 3 years ago

marisanest commented 3 years ago

Closes #190.

Friedrich-Mueller commented 3 years ago

Heyhey, I came across an issue when running the notebooks locally:

ValueError: Found input variables with inconsistent numbers of samples: [200, 400]

happens during the rule based as well as the decision boundary attack during the attack analysis. Specifically its complaining about the 'slicing' argument in it.

I tried looking into it but couldnt make sense of it on the fly, ill look into it a bit later again, if noone else is faster :)

marisanest commented 3 years ago

I just tested everything again in Colab. It's working for me. Maybe you have some diverging versions locally!? Have you tried it with Colab already? I only have a problem with the HotSkipJump. It takes quite a long time again and at the moment for the MembershipInferenceAttackAnalysis there is no possibility to add the max_iter, max_eval, init_eval parameters to make it a bit faster. We should definitely change that.

marisanest commented 3 years ago

@Erdnaf it's just really a small change in their code. I removed the None values they entered as a work-around. But yes, maybe we just inform them really short in their chat.

marisanest commented 3 years ago

@Friedrich-Mueller ok after waiting quite a while, I now get the same error. I am also not sure what's happening at the moment and I do not have the time to look deeper into it right now. But it seems that it has something to do with the slicing so maybe @jtorhoff can help.

jtorhoff commented 3 years ago

Hey, it's due to the probabilities parameter of the attack method. I didn't interpret the return values of ART in my initial implementation correctly. I will push a fix shortly.

jtorhoff commented 3 years ago

I just tested everything again in Colab. It's working for me. Maybe you have some diverging versions locally!? Have you tried it with Colab already? I only have a problem with the HotSkipJump. It takes quite a long time again and at the moment for the MembershipInferenceAttackAnalysis there is no possibility to add the max_iter, max_eval, init_eval parameters to make it a bit faster. We should definitely change that.

I just created an issue for that, I'll look into changing the API a bit to make it more flexible #222. I think this PR can be merged now.

Friedrich-Mueller commented 3 years ago

I just tested everything again in Colab. It's working for me. Maybe you have some diverging versions locally!? Have you tried it with Colab already? I only have a problem with the HotSkipJump. It takes quite a long time again and at the moment for the MembershipInferenceAttackAnalysis there is no possibility to add the max_iter, max_eval, init_eval parameters to make it a bit faster. We should definitely change that.

I just created an issue for that, I'll look into changing the API a bit to make it more flexible #222. I think this PR can be merged now.

Ill run through the notebooks real quick again and then will merge it Thanks for the fix, juri

edit: Okay, that took ages, because our notebook arguments for the decision boundary attack are set in a way that it takes literally 2 hours in colab.

Also, I removed a cell which threw an error because it was not even supposed to be in this notebook anymore. Merging now.

The Privacy Risk Score colab notebook has a wrong name, but we can fix that during polishing.