shadow models training and synthesizer

[fatemetkl]

PR Type

Feature

Short Description

Sorry for the big PR. I had initially intended not to include the synthesizer module, but I needed it to test the full shadow training pipeline. Therefore, it is added here almost unchanged from the original MIDSTModels codebase, except for some fixes to make it executable.

Clickup Ticket(s):
Shadow model training pipeline: https://app.clickup.com/t/868fp4tw3
Synthesizer module: https://app.clickup.com/t/868fp4vk7

• Shadow model training pipeline of Ensemble Attack:
  --> ensemble/rmia/shadow_model_training.py:
  Contains the main function for running the ensemble attack’s shadow model training, as designed by the CITADEL & UQAM team.
  --> ensemble/shadow_model_utils.py:
  Provides helper functions for model training and data synthesis, as well as utilities for modifying configs for each shadow model set.
  --> ensemble/tabddpm_fine_tuning.py:
  Implements fine-tuning versions of the main training functions. Unlike their counterparts in models.clavaddpm, these functions start from pre-trained models. This module should eventually be unified with the toolkit’s training module in future PRs to reduce refactoring overhead.

• Synthesizer module (synthesizer.py): This module contains all the code needed to synthesize data for the attack implementation. It is adapted from the original MidstModels codebase with minor modifications, including ruff and mypy fixes. Significant refactoring is still needed in future PRs to align it with project standards. Note: no dedicated tests were added for this module. Its functions are currently tested only indirectly through shadow model synthesis tests.

Tests Added

• tests/unit/attacks/ensemble/test_shadow_model_training.py
• tests/unit/attacks/ensemble/test_shadow_model_utils.py

[bzamanlooy]

I know that this is a copy from MIDST to get the pipeline running but perhaps in the long run we should not require df as an input to fin the numerical and categorical columns and just use df_info for that.

[fatemetkl]

I agree! Definitely needs a big refactor.

[lotif]

I can take care of that as part of the other refactors I am doing with MIDSTModels code.

[lotif]

Only had time to review half of this PR, will review the other half tomorrow. Lots of small comments but otherwise it looks good so far.

[lotif]

Is this right? Just 1 cluster?

[fatemetkl]

This is just me trying to minimixe the run time of the example 😂
Will fix these values.

[lotif]

Also these values, the ones a few lines above and the classifier values below, they seem odd.

[fatemetkl]

I agree, these values aren’t realistic. I ran the attack example with them on a very small portion of the data just to make sure it works. That’s why iterations is set to 2 and batch_size to 1. I’ll keep some of the values as they are for now so the example can run quickly.

[lotif]

With that comment, I would assume you wanted to keep this as true

[lotif]

Let's keep the consistency here and use true lowercase.

[lotif]

I think train_fine_tuned_shadow_models would be a better name.

[lotif]

The wording here could use a little bit of love:

Number of shadow models to train by each approach. Must be an even number. Defaults to 4.

[lotif]

I think a better description of this parameter would be An ID to assign to the pre-trained initial models. The fact that it distinguishes models from others will depend on the value the caller will assign to it.

[lotif]

Same here.

[lotif]

I think this can say Original codebase comment instead.

[lotif]

I think This pipeline trains three sets of shadow models. is a better wording for this.

[lotif]

Second batch of comments. Still not done yet :)

[lotif]

What do you think about renaming train_df to train_data? I've been doing that in the training code but sometimes I second guess those decisions.

[fatemetkl]

I agree, this is definitely a better name!
I also merged the attack's load_multi_table() with the existing load_multi_table() in midst_toolkit.models.clavaddpm.data_loader, and it seems to work fine. Now, we can optionally send the table dataframes to load_multi_table(). This will make the following refactors easier.

[lotif]

Optional: I'm going to do this at one point on my copy of this function, but if you have the bandwidth it would be nice to have a Table dataclass to have this information. This way we don't need to add explanations about the format of this dictionary in the docstrings.

[lotif]

Sorry, I just renamed this function in my refactor 😬

[lotif]

This might be a newbie question, but how can this attack design be determined? It's not one of the parameters of the function.

[fatemetkl]

The attack design is currently determined by the original codebase. I’ve added a comment.

long answer:
I agree this is very annoying, but for now the attack implementation is heavily based on the original attack design with little flexibility. For example, the size of the master challenge datasets is currently set to half of the population. This could potentially be adjusted by modifying the proportion input variable in split_real_data, but doing so would require changes to the codebase.

The plan is to refactor the code in multiple stages to make it more flexible once the full pipeline is implemented.

[lotif]

Same problem with the seed here. I think it has to be None and passed in by parameter in case the user wants to ensure reproducibility.

[lotif]

I think this needs a better name. Maybe save_additional_tabddpm_config?

[lotif]

I think those two parameters need to say they are the paths for the configs: training_config_json_path, final_config_json_path. Maybe remove the json part for shorter names, but that's optional.

[lotif]

This can definitely be turned into a dataclass, it will make this simpler. Name it as TrainingResult, which makes more sense:

from dataclasses import dataclass

@dataclass
class TrainingResult:
    save_dir: Path,
    configs: Configs,
    tables: dict = {},
    relation_order: dict = {},
    all_group_lengths_probabilities: dict = {},
    models: dict = {},
    synthetic_data: dict = {},

result = TrainingResult(save_dir=save_dir, configs=configs)

Also, the types are too simple, please add type hints for those dicts in you know them.

[fatemetkl]

Awesome suggestion! Thank you!

This data class could be very useful for any example involving training and synthesis. We could likely move it out of the attack module and into a more general inference module in future refactors.

[lotif]

Same TrainingResult class can be used here. If there are additional attributes, they should be added to the class as optional fields.

[lotif]

Actually, this could be a FineTuningResult class that inherits from TrainingResult:

@dataclass
class FineTuningResult(TrainingResult):
    fine_tuned_models: dict = {}

[fatemetkl]

I think it should be sufficient to keep only the fine-tuned models; there’s no need to save both the pre-trained and fine-tuned versions simultaneously.

[lotif]

Could this be called fine_tune_set instead?

[lotif]

Final comments :)

I didn't review the synthesizer.py file, I am planning to do a bigger refactor on it similar to what I am doing with the other training files.

[lotif]

Can you put this in a constant at the top of the file and use it here and on the method below?

[lotif]

This should be marked with @pytest.mark.integration_test() since it looks like it's running the whole pipeline from the top with no mocks.

[lotif]

Also, it should be moved to the integration tests folder.

[lotif]

A better comment here would be good, since this is already in a test file this comment does not add much information. Maybe # Limiting the data to 20 samples for faster test execution or something along those lines.

[lotif]

Same comment issue here.

[lotif]

Same thing for the device here.

[lotif]

Can we rename this to target_column? I am in the process of renaming all x to feature and y to target.

[lotif]

This comment does not add a lot of information...

[lotif]

This can be called fine_tuning_tables.

[fatemetkl]

Should we do the renaming now? Currently, it aligns well with the corresponding training function name clava_training.
I think we can rename this whenever the main function's name is also changed. Ideally, they should be merged sooner than that if possible.

[lotif]

Is this part of the new ticket you made? If yes, it's fine to keep it like this until you work on it.

[lotif]

I can take care of that as part of the other refactors I am doing with MIDSTModels code.

[lotif]

Approved with minor comments. Thanks for addressing all the comments!!!

[lotif]

Wow this is wild... We should definitely investigate.

[lotif]

Delete this line.

[lotif]

Delete these commented lines.

[lotif]

Remove the _ as it is normally used for private functions and variables, which is not the case here.

[lotif]

I'll add a TODO on the train code to remove the leading _ from this one.

[lotif]

3-strike rule: extract save_dir / f"initial_model_rmia_{init_model_id}.pkl" into a variable as it has been used 3 times in this code block.

[lotif]

Remove this commented line.