Documentation update

README.md

@@ -72,7 +72,8 @@ The other classes of attacks can be launched in a similar fashion. See the `exam
 
 1. Install [poetry](https://python-poetry.org/docs/).
 2. Git clone this repository.
-3. Run `poetry install`.
+3. Run `poetry update`
+4. Run `poetry install`.
 
 If you'd like to use a Jupyter Notebook environment, run `poetry shell` followed by `jupyter notebook`.
 

src/privacyraven/extraction/core.py

@@ -7,8 +7,11 @@
 from privacyraven.extraction.metrics import label_agreement
 from privacyraven.extraction.synthesis import synthesize, synths
 from privacyraven.models.pytorch import ImagenetTransferLearning
-from privacyraven.utils.model_creation import (convert_to_inference,
-                                               set_hparams, train_and_test)
+from privacyraven.utils.model_creation import (
+    convert_to_inference,
+    set_hparams,
+    train_and_test,
+)
 from privacyraven.utils.query import establish_query
 
 

src/privacyraven/inversion/core.py

@@ -0,0 +1,58 @@
+from privacyraven.models.four_layer import FourLayerClassifier
+from privacyraven.models.victim import FourLayerClassifier
+from privacyraven.utils.data import get_emnist_data
+
+# Create a query function for a target PyTorch Lightning model
+def query_mnist(input_data):
+    # PrivacyRaven provides built-in query functions
+    return get_target(model, input_data, (1, 28, 28, 1))
+
+# Truncates a prediction vector such that the m highest values are preserved, and all others are set to 0.
+# (Section 4.2 of )
+def trunc(k, v):
+
+	# kth smallest element
+	b = sorted(v)[-k - 1]
+	nonzero = 0
+
+	for (i, vi) in enumerate(v):
+		if vi < b or (vi != 0 and nonzero > k): v[i] = 0	
+		nonzero += 1
+
+	return v
+
+def joint_train_inversion_model(
+	input_size = 784,
+	output_size = 10,
+	dataset_train = None,
+	dataset_test = None,
+	data_dimensions = (1, 28, 28, 1),
+	t = 2,
+	):
+
+	# The following is a proof of concept of Figure 4 from the paper
+	# "Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment"
+	# We first train a classifier on a dataset to output a prediction vector 
+
+	forward_model = train_four_layer_mnist_victim(
+		gpus=1, 
+		input_size = input_size, 
+		output_size = output_size
+	)
+
+	# This is nowhere near complete but 
+	# The idea here is that we query the model each time 
+	for k in range(len(dataset_train)):
+
+		# Fwx is the training vector outputted by our model Fw
+		Fwx = query_mnist(forward_model, input_data, data_dimensions)
+
+		# Let Fw_t denote the truncated vector
+		Fwx_t = trunc(t, Fwx)
+
+
+
+if __name__ == "__main__":
+	emnist_train, emnist_test = get_emnist_data()
+
+	joint_train_inversion_model(dataset_train=emnist_train)

src/privacyraven/membership_inf/core.py

@@ -37,6 +37,10 @@ class TransferMembershipInferenceAttack(object):
     trainer_args = attr.ib(default=None)
 
 
+<<<<<<< HEAD
+    def train_shadow_model(self):
+        return MLPClassifier(random_state=1, max_iter=300).fit(self.X, self.y)
+=======
     def __attrs_post_init__(self):
         self.query = establish_query(self.query, self.victim_input_shape)
 
@@ -46,3 +50,4 @@ def __attrs_post_init__(self):
         config = attr.asdict(self)
         extract_args = config.values()
         extraction = ModelExtractionAttack(*extract_args)
+>>>>>>> 04904505fa8bf32ae3218c3e879da517be210e3b

src/privacyraven/models/victim.py

@@ -11,8 +11,11 @@
 from privacyraven.models.four_layer import FourLayerClassifier
 from privacyraven.models.pytorch import ThreeLayerClassifier
 from privacyraven.utils.data import get_mnist_loaders
-from privacyraven.utils.model_creation import (convert_to_inference,
-                                               set_hparams, train_and_test)
+from privacyraven.utils.model_creation import (
+    convert_to_inference,
+    set_hparams,
+    train_and_test,
+)
 
 
 def train_four_layer_mnist_victim(