Calling it 'StructuralAttacks' as a place holder as this is based on analysing the target model and the train/test set with no need to run any other attacks, for example

• [] residual degrees of freedom
• [] k-anonymity
• [] class disclosure for leaf in tree
• [] equivalent by extension for forests
• Simon;s suggestion about AUC etc. on sacro-ml as issue 13 here
• Kolmogorov-Smirnoff test on confidence per class between training and test set
• runs test??

Include the rule sets from Richard analysis.