Amulet: a Python Library for Assessing Interactions Among ML Defenses and Risks

Machine learning (ML) models are susceptible to various risks to security, privacy, and fairness. Most defenses are designed to protect against each risk individually (intended interactions) but can inadvertently affect susceptibility to other unrelated risks (unintended interactions). We introduce Amulet, the first Python library for evaluating both intended and unintended interactions among ML defenses and risks. Amulet is comprehensive by including representative attacks, defenses, and metrics; extensible to new modules due to its modular design; consistent with a user-friendly API template for inputs and outputs; and applicable for evaluating novel interactions. By satisfying all four properties, Amulet offers a unified foundation for studying how defenses interact, enabling the first systematic evaluation of unintended interactions across multiple risks.

Key Contributions

Amulet: the first Python library providing a unified, modular framework for evaluating both intended and unintended interactions among ML defenses across security, privacy, and fairness risks
Systematic, first-of-its-kind evaluation of unintended cross-risk interactions (e.g., how an adversarial-robustness defense inadvertently worsens or improves privacy/fairness)
Extensible, consistent API design enabling researchers to integrate novel attacks, defenses, and metrics without modifying core library code

🛡️ Threat Analysis

Input Manipulation Attack

Amulet covers adversarial evasion attacks and their defenses (e.g., adversarial training) as one of the primary security risk categories evaluated within the framework.

Membership Inference Attack

Membership inference attacks and privacy defenses (e.g., differential privacy) represent the primary privacy risk category in the framework, and the key use case is studying how robustness defenses inadvertently affect membership inference susceptibility and vice versa.