Currently loops over all samples and all features, which takes a long time for large datasets. Try to find a more efficient way to do this.

NCP score is calculated on overall generalizations (combined from all cells), this includes when looking for a feature to remove from generalization (also taken from overall generalizations).
Accuracy is computed on the representative values taken from cells. There can be a mismatch (i.e., generalization applied at cell level but not at overall level) which can lead to not achieving the target accuracy. Need separate NCP calculation for this purpose.

Different places in the code use either scikitlearn's OneHotEncoder (before fitting decision tree) or pandas get_dummies (in _modify_categorical_features). This could lead to inconsistent results. Need to use the same mechanism.

Categorical features + minimizing only some features

To cover all cases of y format (one-hot encoded or not).

The social feature indexes are not computed correctly, leading to a 100% accuracy of the attack (the feature gets one hot encoded and then one column can be used to definitively infer the second column). This should be fixed to use a slice (21,22) as the attacked feature.

Add option to receive (non-trained) model skeleton object OR specific model type name (e.g., sklearn decision tree) to enable building similar dummy model.

The current implementation only supports classifiers.

In numpy typically columns are numbered using integers. Currently our implementation converts these into strings (i.e., '0', '1', etc.) in the returned generalizations. This is due to the bahavior of scikitlearn's OneHotEncoder which differs between integers and strings. But it would be better to leave these as integer keys to be consistent with numpy.
One workaround is to store in the beginning of the code a boolean stating whether the column indexes were received as integers, and at the end cast the strings back to integers in the return value.

At the moment - minimizer receives scaled features and returns generalizations in the scaled domain. Need to think if there is a way to support returning generalizations in the original domain (perhaps by sending the minimizer the original data + list of columns to scale + scaling params so it can be performed internally).

E.g., pytorch, Keras...

1. get_predictions + wrapping of the predict_fn + method that would return the wrapped method (get_predict_fn)
2. create self._art_model
3. put not None values in self._nb_classes and self._input_shape - use init params to fill
4. add an @AbstractMethod decorator to prevent instantiation of the base class
5. add into BlackboxClassifier loss and optimizer properties

At the moment due to the project structure all requirements need to be present even to use just some of the toolkit's functionality. This is especially annoying for the underlying ML frameworks, which all need to be installed just to use one of them. Need to rearrange imports such that unused frameworks are not required.

This can enable a new flow where the model is also trained on the generalized feature domains. Thus the model is trained on the same type of data it will see during inference, which may improve overall accuracy.

Minimization transform method requires X as positional argument as of version 1.2. This does not conform to our current usage with ArraDataset instead. Need to think of a solution to enable both modes but still conform to scikit-learn requirements.

tests/test_minimizer.py: 16473 tests with warnings
/site-packages/sklearn/base.py:450: UserWarning: X does not have valid feature names, but DecisionTreeClassifier was fitted with feature names

tests/test_minimizer.py: 1068 tests with warnings
/site-packages/sklearn/base.py:450: UserWarning: X does not have valid feature names, but DecisionTreeRegressor was fitted with feature names

tests/test_minimizer.py::test_keras_model
tests/test_model.py::test_keras_classifier
tests/test_model.py::test_keras_regressor
/site-packages/keras/engine/training_v1.py:2079: UserWarning: Model.state_updates will be removed in a future version. This property should not be used in TensorFlow 2.0, as updates are applied automatically.
updates=self.state_updates,

Current implementation assumes numeric features only.

Some input features may not be personal data and therefore should not be generalized. Similar to QI definition in anonymization.

For example: per feature mean, per feature median, overall mean, overall median, real closest to mean, real closest to median

At the moment the anonymization code refers to each column separately. This may cause inconsistent results for 1-hot encoded features (i.e., more than one 1 column or none). Need to address this so that the columns belonging to the same feature are anonymized in a consistent manner.

Both anonymization and minimization only support a single label. Check whether we can add support for multi-label models as well.

After calculating the initial accuracy achieved by the generalizations derived from the decision tree leaves, there are two directions in which the algorithm can proceed: improving accuracy (to get above the threshold) or improving generalizations (while reducing accuracy). The second direction will at some point will cause the accuracy to go below the desired threshold (the last iteration of the loop that is run). But when this happens, the generalizations need to be rolled back to the previous state, the one where the target accuracy was not passed. This can be done either by storing locally the generalizations and generalized data from the previous loop iteration and replacing them when the threshold is passed, or by only "speculatively" applying the generalizations in each iteration, and applying them finally only if the threshold was not passed.

The current implementation only supports classifiers.

anonymizer line 75 - does not give useful indication of the underlying error. Be more specific.
For pandas - should be column names and not indexes.

In blackbox classifiers, if the ModelOutputType is passed as CLASSIFIER_PROBABILITIES or CLASSIFIER_LOGITS but the model actually outputs a 1D array of categorical scalars, throw an exception. Throw as soon as possible (in init if data is available, otherwise in predict)