Open xjc1234567 opened 1 year ago
changhongyan123
commented
1 year ago Hi @xjc1234567 ,
The attacks S and P are incorporated in the shadow_metric and population_metric function respectively in the privacy meter (see here). To get more details of how these attacks are executed, please consult the files shadow_metric.ipynb and population_metric.ipynb.
xjc1234567
commented
1 year ago Thank you for your answer, but I have one more question here. I did not find the training details of the target model for attack S,P,R,D such as hyperparameters because the paper provided at the conference did not include appendix. arXiv provided the paper with the training details but the data is quite different from the conference version. Can you provide me more training details about the target model to reproduce your attack?
yuan74
commented
1 year ago Hi @xjc1234567, the hyperparameters for training the shadow models in attack S are the same as the hyperparameters for reference models in attack R. Additionally, an example for replicating attack P on cifar-10 in the table of the paper can be found here https://github.com/privacytrustlab/ml_privacy_meter/tree/master/benchmark
Hi, I noticed that the detailed implementation of attack S and attack P was not given in the source code of Enhanced MIA, how can I find them?