Membership Inference Attacks via Adversarial Examples
- URL: http://arxiv.org/abs/2207.13572v1
- Date: Wed, 27 Jul 2022 15:10:57 GMT
- Title: Membership Inference Attacks via Adversarial Examples
- Authors: Hamid Jalalzai, Elie Kadoche, R\'emi Leluc, Vincent Plassier
- Abstract summary: Membership inference attacks are a novel direction of research which aims at recovering training data used by a learning algorithm.
We develop a mean to measure the leakage of training data leveraging a quantity appearing as a proxy of the total variation of a trained model.
- Score: 5.721380617450644
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The raise of machine learning and deep learning led to significant
improvement in several domains. This change is supported by both the dramatic
rise in computation power and the collection of large datasets. Such massive
datasets often include personal data which can represent a threat to privacy.
Membership inference attacks are a novel direction of research which aims at
recovering training data used by a learning algorithm. In this paper, we
develop a mean to measure the leakage of training data leveraging a quantity
appearing as a proxy of the total variation of a trained model near its
training samples. We extend our work by providing a novel defense mechanism.
Our contributions are supported by empirical evidence through convincing
numerical experiments.
Related papers
- Granularity Matters in Long-Tail Learning [62.30734737735273]
We offer a novel perspective on long-tail learning, inspired by an observation: datasets with finer granularity tend to be less affected by data imbalance.
We introduce open-set auxiliary classes that are visually similar to existing ones, aiming to enhance representation learning for both head and tail classes.
To prevent the overwhelming presence of auxiliary classes from disrupting training, we introduce a neighbor-silencing loss.
arXiv Detail & Related papers (2024-10-21T13:06:21Z) - Understanding Data Importance in Machine Learning Attacks: Does Valuable Data Pose Greater Harm? [23.2883929808036]
We investigate the relationship between data importance and machine learning attacks by analyzing five distinct attack types.
For example, we observe that high importance data samples exhibit increased vulnerability in certain attacks, such as membership inference and model stealing.
These findings emphasize the urgent need for innovative defense mechanisms that strike a balance between maximizing utility and safeguarding valuable data.
arXiv Detail & Related papers (2024-09-05T17:54:26Z) - Large-Scale Dataset Pruning in Adversarial Training through Data Importance Extrapolation [1.3124513975412255]
We propose a new data pruning strategy based on extrapolating data importance scores from a small set of data to a larger set.
In an empirical evaluation, we demonstrate that extrapolation-based pruning can efficiently reduce dataset size while maintaining robustness.
arXiv Detail & Related papers (2024-06-19T07:23:51Z) - Re-thinking Data Availablity Attacks Against Deep Neural Networks [53.64624167867274]
In this paper, we re-examine the concept of unlearnable examples and discern that the existing robust error-minimizing noise presents an inaccurate optimization objective.
We introduce a novel optimization paradigm that yields improved protection results with reduced computational time requirements.
arXiv Detail & Related papers (2023-05-18T04:03:51Z) - Reconstructing Training Data from Model Gradient, Provably [68.21082086264555]
We reconstruct the training samples from a single gradient query at a randomly chosen parameter value.
As a provable attack that reveals sensitive training data, our findings suggest potential severe threats to privacy.
arXiv Detail & Related papers (2022-12-07T15:32:22Z) - Large-Scale Retrieval for Reinforcement Learning [15.372742113152233]
In reinforcement learning, the dominant paradigm is for an agent to amortise information that helps decision-making into its network weights.
Here, we pursue an alternative approach in which agents can utilise large-scale context-sensitive database lookups to support their parametric computations.
arXiv Detail & Related papers (2022-06-10T18:25:30Z) - Leveraging Adversarial Examples to Quantify Membership Information
Leakage [30.55736840515317]
We develop a novel approach to address the problem of membership inference in pattern recognition models.
We argue that this quantity reflects the likelihood of belonging to the training data.
Our method performs comparable or even outperforms state-of-the-art strategies.
arXiv Detail & Related papers (2022-03-17T19:09:38Z) - Enhanced Membership Inference Attacks against Machine Learning Models [9.26208227402571]
Membership inference attacks are used to quantify the private information that a model leaks about the individual data points in its training set.
We derive new attack algorithms that can achieve a high AUC score while also highlighting the different factors that affect their performance.
Our algorithms capture a very precise approximation of privacy loss in models, and can be used as a tool to perform an accurate and informed estimation of privacy risk in machine learning models.
arXiv Detail & Related papers (2021-11-18T13:31:22Z) - Delving into Data: Effectively Substitute Training for Black-box Attack [84.85798059317963]
We propose a novel perspective substitute training that focuses on designing the distribution of data used in the knowledge stealing process.
The combination of these two modules can further boost the consistency of the substitute model and target model, which greatly improves the effectiveness of adversarial attack.
arXiv Detail & Related papers (2021-04-26T07:26:29Z) - Adversarial Examples for Unsupervised Machine Learning Models [71.81480647638529]
Adrial examples causing evasive predictions are widely used to evaluate and improve the robustness of machine learning models.
We propose a framework of generating adversarial examples for unsupervised models and demonstrate novel applications to data augmentation.
arXiv Detail & Related papers (2021-03-02T17:47:58Z) - Sampling Attacks: Amplification of Membership Inference Attacks by
Repeated Queries [74.59376038272661]
We introduce sampling attack, a novel membership inference technique that unlike other standard membership adversaries is able to work under severe restriction of no access to scores of the victim model.
We show that a victim model that only publishes the labels is still susceptible to sampling attacks and the adversary can recover up to 100% of its performance.
For defense, we choose differential privacy in the form of gradient perturbation during the training of the victim model as well as output perturbation at prediction time.
arXiv Detail & Related papers (2020-09-01T12:54:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.