What does it mean when the privacy leakage metric is negative? #32
Description
The paper indicates that privacy leakage metric is always between 0 and 1, where the value of 0 indicates that there is no leakage.
When I run the code many times
$python3 main.py cifar_100 --target_model='nn' --target_l2_ratio=1e-4 --target_privacy='grad_pert' --target_dp='rdp' --target_epsilon=0.01 --target_epochs=100 --attack_epoch=100
I got the Advantage = -0.0009、0.0005、-0.0031、-0.0006、0.002
What does it mean when the privacy leakage metric is negative?
The smaller the privacy leakage metric, the more advantageous to the attack model?