Closed chris-prenode closed 1 year ago
Hi @chris-prenode, just to confirm when you say:
if it seems that the MIA can't be successful
You are speaking about the attack accuracy?
Hi @chris-prenode, just to confirm when you say:
if it seems that the MIA can't be successful
You are speaking about the attack accuracy?
Yes, I do.
In my experiment, if the attack only uses the output of the last layer and the ohe_label (black-box setting), the attack accuracy of the attack model in the verification set is very low (50%). This makes me feel very confused. The black-box attack accuracy mentioned in the paper is 74.6%.
Hi if it seems that the MIA can't be successful I get often an attack accuracy that is exactly: 0.500200092792511 Did you recognize this value in your experiments, too? If you did is there a known reason why the implementation returns exactly this value? Im using the AlexNet tutorial python file with following setting: