Unsupported Model Examples#

This section shows how to work with models that are not directly supported by SACRO-ML’s built-in wrappers.

Working with Unsupported Models#

When working with models not directly supported by SACRO-ML, you can still perform privacy attacks by using CSV outputs or custom model wrappers.

Training an Unsupported Model:

Training Unsupported Model#
 1"""Example saving predicted probabilities as csv files."""
 2
 3import logging
 4
 5import numpy as np
 6from sklearn.datasets import load_breast_cancer
 7from sklearn.ensemble import RandomForestClassifier
 8from sklearn.model_selection import train_test_split
 9
10logging.basicConfig(level=logging.INFO)
11
12if __name__ == "__main__":
13    logging.info("Loading dataset")
14    X, y = load_breast_cancer(return_X_y=True, as_frame=False)
15
16    logging.info("Splitting data into training and test sets")
17    X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.3)
18
19    logging.info("Defining the model")
20    model = RandomForestClassifier(bootstrap=False, min_samples_leaf=1)
21
22    logging.info("Training the model")
23    model.fit(X_train, y_train)
24
25    logging.info("Saving predicted probabilities")
26    proba_train = model.predict_proba(X_train)
27    proba_test = model.predict_proba(X_test)
28
29    np.savetxt("proba_train.csv", proba_train, delimiter=",")
30    np.savetxt("proba_test.csv", proba_test, delimiter=",")

Running Attacks on Unsupported Models:

Attacking Unsupported Model#
 1"""Example of how to run attacks with saved predicted probabilities.
 2
 3Note: a limited number of attacks can run in this scenario.
 4"""
 5
 6import logging
 7
 8import numpy as np
 9
10from sacroml.attacks.likelihood_attack import LIRAAttack
11from sacroml.attacks.structural_attack import StructuralAttack
12from sacroml.attacks.target import Target
13from sacroml.attacks.worst_case_attack import WorstCaseAttack
14
15logging.basicConfig(level=logging.INFO)
16
17output_dir = "output_rf_breast_cancer"
18
19if __name__ == "__main__":
20    logging.info("Loading predicted probabilities")
21    proba_train = np.loadtxt("proba_train.csv", delimiter=",")
22    proba_test = np.loadtxt("proba_test.csv", delimiter=",")
23    target = Target(proba_train=proba_train, proba_test=proba_test)
24
25    logging.info("Attempting to run LiRA attack... can't run in this scenario")
26    attack = LIRAAttack(n_shadow_models=100, output_dir=output_dir)
27    attack.attack(target)
28
29    logging.info("Running worst case attack")
30    # Note: specifying the attack classifier is optional
31    attack_model = "sklearn.linear_model.LogisticRegression"
32    attack_model_params = {
33        "solver": "lbfgs",
34        "max_iter": 200,
35        "class_weight": "balanced",
36    }
37
38    attack = WorstCaseAttack(
39        attack_model=attack_model,
40        attack_model_params=attack_model_params,
41        n_reps=10,
42        n_dummy_reps=1,
43        train_beta=5,
44        test_beta=2,
45        p_thresh=0.05,
46        test_prop=0.5,
47        output_dir=output_dir,
48    )
49    attack.attack(target)
50
51    logging.info("Attempting to run structural attack... can't run in this scenario")
52    attack = StructuralAttack(output_dir=output_dir)
53    attack.attack(target)
54
55    logging.info("Report available in directory: '%s'", output_dir)

These examples demonstrate how to adapt SACRO-ML for use with any machine learning framework by using model predictions as CSV files or creating custom model interfaces.