# DSMIM-MIA Code for "Optimizing Membership Inference Attacks Against Low Self-Influence Samples By Distilled Shadow Models And Inference Models". ## Environmment - Linux with Python 3.7 - PyTorch>=1.7.1 - Numpy>=1.21.6 - Scikit_learn>=1.0.2 - Torchvision>=0.8.2 ## Preparation: ### First Step: Create empty folders to form the following file structure The empty folders includes 'datasets', 'cinic', 'common_dataset', 'logs', 'networks', 'outputs'. ├── datasets │   ├── cinic │   └── common_dataset ├── logs ├── networks ├── outputs ├── architectures.py ├── dataset.py ├── main.py ├── MIA.py ├── normal.py ├── README.md ├── requirements.txt └── utils.py ### Second Step: Download the public dataset and unzip it CIFAR10 and CIFAR100 resources: https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz and https://www.cs.toronto.edu/~kriz/cifar-100-python.tar.gz From Article "Learning Multiple Layers of Features from Tiny Images" https://www.cs.utoronto.ca/~kriz/learning-features-2009-TR.pdf CINIC10 resources: https://datashare.is.ed.ac.uk/bitstream/handle/10283/3192/CINIC-10.tar.gz From Article "CINIC-10 Is Not ImageNet or CIFAR-10" https://arxiv.org/pdf/1810.03505 CIFAR10 and CIFAR100 datasets should be extracted to './datasets/common_dataset/'. CINIC10 dataset should be extracted to './datasets/cinic'. ## Usage ### First step: Train target model and shadow model - Target model ``` python main.py --action 0 --mode target ``` - Reference model ``` python main.py --action 0 --mode shadow ``` The Reference model is trained to mimic the behavior of the target model. ### Second Step: Distill target model and reference model - Distill target model ``` python main.py --action 0 --mode distill_out_target ``` - Distill reference model ``` python main.py --action 0 --mode distill_out_shadow ``` The distilled shadow models for target model can be approximated as the OUT model for the target model. So as the refererence model. - As for the DSMIM ONLINE, we can use the following instead: ``` python main.py --action 0 --mode distill_poison_target python main.py --action 0 --mode distill_poison_shadow ``` ### Third step: Build the dataset for the inference model - Obtain inference model training data ``` python main.py --action 1 --mode shadow --mia_type build-out-dataset ``` - Obtain inference model test data ``` python main.py --action 1 --mode target --mia_type build-out-dataset ``` From this step, we obtain the OUT model output feature for each data sample. - As for the DSMIM ONLINE, we can use the following instead: ``` python main.py --action 1 --mode shadow --mia_type build-poison-dataset python main.py --action 1 --mode target --mia_type build-poison-dataset ``` ### Fourth step: Train and test the inference model ``` python main.py --action 1 --mia_type out-black-box ``` The the OUT model output feature concatenated with the origin model output will be taken as the input to train and test the inference model. - As for the DSMIM ONLINE, we can use the following instead: ``` python main.py --action 1 --mia_type poison-black-box ``` ## Note - The trained models are saved to './networks/{seed}/{mode}/{data}_{model}'. - The above code uses the default settings (DSMIM Attack on ResNet-56 model trained with CIFAR-10, 100 epochs), which you can change using the appropriate parameters. ## Contact If you have any questions about the code, please feel free to contact 2011263@tongji.edu.cn.