A library aiding to create deanonymizers (attacks on privacy preserving machine learning models) for the AnoMed competition platform.
Project description
Deanonymizer
A library aiding to create attacks against anonymizers (privacy preserving machine learning models) for the AnoMed competition platform. Currently, only membership inference attacks are supported.
Usage Example
The following example will create a Falcon-based web app that encapsulates a deanonymizer, targeting the example anonymizer defined in the anomed-anonyimzer README.md (which is a privacy preserving classifier for the famous iris dataset classification problem). The encapsulated deanonymizer is a membership inference black box attack, implemented using the Adversarial Robustness Toolbox (ART library).
The web app offers these routes (some may have query parameters not mentioned here):
- [GET] / (This displays an "alive message".)
- [POST] /fit (This invokes fitting the Gaussian naive based classifier; the web app will pull the training data from training_data_url.)
- [POST] /evaluate (This invokes an intermediate, or final evaluation of the classifier.)
import anomed_deanonymizer
import numpy as np
from art.attacks.inference.membership_inference import MembershipInferenceBlackBox
def validate_input_array(feature_array: np.ndarray) -> None:
if feature_array.shape[1] != 4 or len(feature_array.shape) != 2:
raise ValueError("Feature array needs to have shape (n_samples, 4).")
if feature_array.dtype != np.float_:
raise ValueError("Feature array must be an array of floats.")
attack_target_hostname = "example-anonymizer"
attack_target = anomed_deanonymizer.WebClassifier(
url=f"http://{attack_target_hostname}/predict", input_shape=(4,), nb_classes=3
)
example_attack_art = MembershipInferenceBlackBox(
estimator=attack_target, # type: ignore
attack_model_type="rf",
)
example_attack = anomed_deanonymizer.ARTWrapper(
art_mia=example_attack_art, input_validator=validate_input_array
)
challenge_hostname = "example.com"
application = anomed_deanonymizer.supervised_learning_MIA_server_factory(
anonymizer_identifier="example_anonymizer",
deanonymizer_identifier="example_deanonymizer",
deanonymizer_obj=example_attack,
model_filepath="deanonymizer.pkl",
default_batch_size=64,
member_url=f"http://{challenge_hostname}/data/deanonymizer/members",
nonmember_url=f"http://{challenge_hostname}/data/deanonymizer/non-members",
evaluation_data_url=f"http://{challenge_hostname}/data/attack-success-evaluation",
model_loader=anomed_deanonymizer.unpickle_deanonymizer,
utility_evaluation_url=f"http://{challenge_hostname}/utility/deanonymizer",
)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file anomed_deanonymizer-0.0.11.tar.gz.
File metadata
- Download URL: anomed_deanonymizer-0.0.11.tar.gz
- Upload date:
- Size: 13.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
95b71564a6336eb73957b4ba220102b06abc8ba8c2c3cae5953b0bb3eb13084d
|
|
| MD5 |
65b61046dccf761fe24deb64f12e725b
|
|
| BLAKE2b-256 |
2579b500aa955e4816dbc0688592896fcd80991ff299767a04627adfb26805cf
|
Provenance
The following attestation bundles were made for anomed_deanonymizer-0.0.11.tar.gz:
Publisher:
python-publish.yml on ypotdevin/anomed_deanonymizer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
anomed_deanonymizer-0.0.11.tar.gz -
Subject digest:
95b71564a6336eb73957b4ba220102b06abc8ba8c2c3cae5953b0bb3eb13084d - Sigstore transparency entry: 178009261
- Sigstore integration time:
-
Permalink:
ypotdevin/anomed_deanonymizer@cfd213d7e9136ff57d42a5debe0516b575b341ae -
Branch / Tag:
refs/tags/v0.0.11 - Owner: https://github.com/ypotdevin
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@cfd213d7e9136ff57d42a5debe0516b575b341ae -
Trigger Event:
release
-
Statement type:
File details
Details for the file anomed_deanonymizer-0.0.11-py3-none-any.whl.
File metadata
- Download URL: anomed_deanonymizer-0.0.11-py3-none-any.whl
- Upload date:
- Size: 11.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
732649b1b899e4fcdd8e097793b8db3aeed4654fef684af7ea0f743b539dbdc1
|
|
| MD5 |
4f9cf352ef21b0526a3d85ac3f251389
|
|
| BLAKE2b-256 |
3217c86761e99a70f831697bbc0cafa7d0158fa41d70aa2616cb3d6619623371
|
Provenance
The following attestation bundles were made for anomed_deanonymizer-0.0.11-py3-none-any.whl:
Publisher:
python-publish.yml on ypotdevin/anomed_deanonymizer
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
anomed_deanonymizer-0.0.11-py3-none-any.whl -
Subject digest:
732649b1b899e4fcdd8e097793b8db3aeed4654fef684af7ea0f743b539dbdc1 - Sigstore transparency entry: 178009264
- Sigstore integration time:
-
Permalink:
ypotdevin/anomed_deanonymizer@cfd213d7e9136ff57d42a5debe0516b575b341ae -
Branch / Tag:
refs/tags/v0.0.11 - Owner: https://github.com/ypotdevin
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@cfd213d7e9136ff57d42a5debe0516b575b341ae -
Trigger Event:
release
-
Statement type:
