Question: What's the relationship between `target_train_model` and `target_attack_model`?

[gongzhimin]

@mihirkhandekar Hello, I'm still confused and sorry to trouble you again. In the issue #19, you replied me that

Model A (target_train_model) can be used as a shadow model to evaluate the performance of your membership inference model on Model B (target_attack_model).

• Do model A (target_train_model) and model B (target_attack_model) have the same architecture but different parameters?
• Or, are they completely different, just with the same classification task and dataset?

In the tutorials provided, you show me two examples. But in both of them, you pass the same model to target_train_model and target_attack_model, which really confuses me.

In the file ml_privacy_meter/attack/meminf.py, the handling of target_attack_model stops at receiving it. And no further operation.

As for the method test_attack(), I'm not sure what role it plays in your blueprint. Is it a mistake that self.target_train_model should be replaced with self.target_attack_model to evaluate the performance of membership inference model on Model B (target_attack_model)?

Expect receiving your reply.

[mihirkhandekar]

Thank you. Will take a look and let you know.

[luigitropiano]

I am facing one more error still related to passing target_train_model and target_attack_model as two different datahandlers:

AttributeError: 'attack_data' object has no attribute 'nonmember_train'

Error is raised by line no. 202 of ml_privacy_meter/utils/attack_data.py:

nmtrainhashes = compute_hashes(self.nonmember_train)

That is problably due to self.nonmember_train being initialized by the load_train() method, which is actually not invoked on the target_attack_model datahandler.

[KannanZhang]

This question which had been taked by @gongzhimin at issue #22 confuses me too。 could you please explain it to us？