Skip to main content

Setting: Model inversion attack

Overview

H2O Model Security offers several settings for a model inversion attack. Below, each setting is described in turn.

Endpoint URL

Defines the endpoint URL of the deployed model in H2O MLOps that H2O Model Security utilizes to score new data and obtain new predictions. To learn how to access your model's endpoint URL, see Viewing deployments.

For example, a model's endpoint URL will be as follows: https://model.cloud.h2o.ai/b49c917e-1535-4c7c-95c9-279241189046/model/score.

Model attack type

Defines the model attack type H2O Model Security utilizes to evaluate and analyze the security of a Driverless AI (DAI) model (experiment). A model attack type centralizes and visualizes how DAI models will react in production within the constraints of the selected model attack type.

Training dataset size multiplier

Defines the multiplier value that H2O Model Security utilizes to multiply the initial attack samples.

Number of trees (Surrogate model)

Defines the number of trees the Gradient Boosting Machine (GBM) surrogate model will create during the model inversion attack.

Maximum depth (Surrogate model)

Defines the maximum depth of the trees in the Gradient Boosting Machine (GBM) surrogate model that H2O Model Security creates during the model inversion attack.

Learning rate (Surrogate model)

Defines the learning rate H2O Model Security specifies to the Gradient Boosting Machine (GBM) surrogate model.

Columns to exclude (, seperate)

Defines the columns to exclude from the validation dataset, which H2O Model Security uses to score new data in the endpoint URL, which in turn applies the selected model attack type. Exclude unnecessary columns required by the model's endpoint URL request format. For example, if your deployed model's request format is as follows, but the validation dataset has a column that does not match any of the fields (line 3) in the request format, you will have to exclude such column: 

curl -X POST -H "Content-Type: application/json" -d @- https://model.cloud-internal.h2o.ai/cc957e2f-e0b8-469a-a116-463519f13af9/model/score << EOF
{
  "fields": [
    "Pclass",
    "Sex",
    "Age",
    "SibSp",
    "Parch",
    "Fare",
    "Cabin",
    "Embarked"
  ],
  "rows": [
    [
      "0",
      "text",
      "0",
      "0",
      "0",
      "0",
      "text",
      "text"
    ]
  ]
}
EOF
Feedback

You need to specify a column with its name and separate column names with commas. For example: Pclass, Parch, Embarked.

Target column

Defines the target column of the model and the validation dataset that H2O Model Security utilizes to score new data in the endpoint URL, which in turn applies the selected model attack type.

Feedback