pygip.models.attack.mea.MEA¶
Classes
|
|
|
|
|
|
|
ModelExtractionAttack2. |
|
ModelExtractionAttack3. |
|
ModelExtractionAttack4. |
|
ModelExtractionAttack5. |
- class pygip.models.attack.mea.MEA.ModelExtractionAttack(dataset, attack_node_fraction, model_path=None, alpha=0.8)[source]¶
Bases:
BaseAttack- _abc_impl = <_abc_data object>¶
- supported_api_types = {'dgl'}¶
- supported_datasets = {'CiteSeer', 'CoauthorCS', 'CoauthorPhysics', 'Computers', 'Cora', 'Photo', 'PubMed'}¶
- class pygip.models.attack.mea.MEA.ModelExtractionAttack0(dataset, attack_node_fraction, model_path=None, alpha=0.8)[source]¶
Bases:
ModelExtractionAttack- _abc_impl = <_abc_data object>¶
- class pygip.models.attack.mea.MEA.ModelExtractionAttack1(dataset, attack_node_fraction)[source]¶
Bases:
ModelExtractionAttack- _abc_impl = <_abc_data object>¶
- attack()[source]¶
Main attack procedure.
Reads selected nodes from file for training (attack) nodes.
Reads query labels from another file.
Builds a shadow graph from the given adjacency matrix file.
Trains a shadow model on the selected nodes, then evaluates fidelity & accuracy against the original target graph.
- class pygip.models.attack.mea.MEA.ModelExtractionAttack2(dataset, attack_node_fraction, model_path=None)[source]¶
Bases:
ModelExtractionAttackModelExtractionAttack2.
A strategy that randomly samples a fraction of nodes as attack nodes, synthesizes identity features for all nodes, then trains an extraction model. The leftover nodes become test nodes.
Inherits¶
ModelExtractionAttack
- _abc_impl = <_abc_data object>¶
- class pygip.models.attack.mea.MEA.ModelExtractionAttack3(dataset, attack_node_fraction, model_path=None)[source]¶
Bases:
ModelExtractionAttackModelExtractionAttack3.
A more complex extraction strategy that uses a “shadow graph index” file to build partial subgraphs and merges them. It queries selected nodes from a potential set and forms a combined adjacency matrix.
Inherits¶
ModelExtractionAttack
- _abc_impl = <_abc_data object>¶
- attack()[source]¶
Main attack procedure.
Steps: 1. Loads indices for two subgraphs from text files. 2. Selects attack_node_num nodes from the first subgraph index. 3. Merges subgraph adjacency matrices and constructs a new graph
with combined features.
Trains a new GCN and evaluates fidelity & accuracy w.r.t. the original target.
- class pygip.models.attack.mea.MEA.ModelExtractionAttack4(dataset, attack_node_fraction, model_path=None)[source]¶
Bases:
ModelExtractionAttackModelExtractionAttack4.
Another graph-based strategy that reads node indices from files, merges adjacency matrices, and links new edges based on feature similarity.
Inherits¶
ModelExtractionAttack
- _abc_impl = <_abc_data object>¶
- attack()[source]¶
Main attack procedure.
Reads two sets of node indices from text files.
Selects a fixed number of nodes from the target set for attack.
Builds a combined adjacency matrix with zero blocks, then populates edges between shadow and attack nodes based on a distance threshold.
Trains a new GCN on this combined graph and evaluates fidelity & accuracy.
- class pygip.models.attack.mea.MEA.ModelExtractionAttack5(dataset, attack_node_fraction, model_path=None)[source]¶
Bases:
ModelExtractionAttackModelExtractionAttack5.
Similar to ModelExtractionAttack4, but uses a slightly different strategy to link edges between nodes based on a threshold distance.
Inherits¶
ModelExtractionAttack
- _abc_impl = <_abc_data object>¶
- attack()[source]¶
Main attack procedure.
Reads two sets of node indices (for target and shadow nodes).
Builds a block adjacency matrix with all zero blocks, then links edges between attack nodes and shadow nodes if the feature distance is less than a threshold.
Trains a new GCN on this combined graph and evaluates fidelity & accuracy.