Privacy Enhancing Technologies

Guides on Attacks Implementation

Written on 03.06.2020 17:53 by Min Chen

Dear all,

As we mentioned in the seminar, you need to implement three attacks during the seminar, which are Membership Inference Attack, Model Inversion Attack, and Model Stealing Attack(a.k.a Model Extraction Attack).

In the first phase, to simplify your tasks and quickly build background knowledge, we have some guides as follows:

1. You should use a simple convolutional neural network as the basic model for all the three attacks, please refer to the PyTorch tutorial https://pytorch.org/tutorials/beginner/blitz/cifar10_tutorial.html.
2. We mainly focus on image data and we suggest using the following three datasets: CIFAR10, MNIST, and Fashion-MNIST. You could load the dataset with the python torchvision package, refer to https://pytorch.org/docs/stable/torchvision/datasets.html.
3. As to the membership inference attack, you only need to implement the "attack one" in the paper titled "ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models".
4. As to the model inversion attack, you only need to implement the basic model inversion attack in Algorithm 1, refer to the paper titled "Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures".
5. We will give more information about implementing the model stealing attack next week. You could refer to the paper titled "Stealing Machine Learning Models via Prediction APIs" for some detail in advance.

Besides, here is the group information we received so far. I hope no one is missed. :)

Best,

Min