Learning Robust and Privacy-Preserving Representations via Information Theory

• URL: http://arxiv.org/abs/2412.11066v1
• Date: Sun, 15 Dec 2024 05:51:48 GMT
• Title: Learning Robust and Privacy-Preserving Representations via Information Theory
• Authors: Binghui Zhang, Sayedeh Leila Noorbakhsh, Yun Dong, Yuan Hong, Binghui Wang,
• Abstract summary: We take the first step to mitigate both the security and privacy attacks, and maintain task utility as well. We propose an information-theoretic framework to achieve the goals through the lens of representation learning.
• Score: 21.83308540799076
• License:
• Abstract: Machine learning models are vulnerable to both security attacks (e.g., adversarial examples) and privacy attacks (e.g., private attribute inference). We take the first step to mitigate both the security and privacy attacks, and maintain task utility as well. Particularly, we propose an information-theoretic framework to achieve the goals through the lens of representation learning, i.e., learning representations that are robust to both adversarial examples and attribute inference adversaries. We also derive novel theoretical results under our framework, e.g., the inherent trade-off between adversarial robustness/utility and attribute privacy, and guaranteed attribute privacy leakage against attribute inference adversaries.

Related papers

• Deep Learning Model Security: Threats and Defenses [25.074630770554105]
  Deep learning has transformed AI applications but faces critical security challenges. This survey examines these vulnerabilities, detailing their mechanisms and impact on model integrity and confidentiality. The survey concludes with future directions, emphasizing automated defenses, zero-trust architectures, and the security challenges of large AI models.
  arXiv  Detail & Related papers  (2024-12-12T06:04:20Z)
• Few-Shot Adversarial Prompt Learning on Vision-Language Models [62.50622628004134]
  The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. We propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement.
  arXiv  Detail & Related papers  (2024-03-21T18:28:43Z)
• Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks [24.971332760137635]
  We propose an information-theoretic defense framework, called Inf2Guard, against three major types of inference attacks. Inf2Guard involves two mutual information objectives, for privacy protection and utility preservation.
  arXiv  Detail & Related papers  (2024-03-04T15:20:19Z)
• Enhancing Robust Representation in Adversarial Training: Alignment and Exclusion Criteria [61.048842737581865]
  We show that Adversarial Training (AT) omits to learning robust features, resulting in poor performance of adversarial robustness. We propose a generic framework of AT to gain robust representation, by the asymmetric negative contrast and reverse attention. Empirical evaluations on three benchmark datasets show our methods greatly advance the robustness of AT and achieve state-of-the-art performance.
  arXiv  Detail & Related papers  (2023-10-05T07:29:29Z)
• Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations [15.957198667607006]
  We introduce the first Class Attribute Inference Attack (CAIA) to infer sensitive attributes of individual classes in a black-box setting. Our experiments in the face recognition domain show that CAIA can accurately infer undisclosed sensitive attributes, such as an individual's hair color, gender, and racial appearance.
  arXiv  Detail & Related papers  (2023-03-16T13:10:58Z)
• A Framework for Understanding Model Extraction Attack and Defense [48.421636548746704]
  We study tradeoffs between model utility from a benign user's view and privacy from an adversary's view. We develop new metrics to quantify such tradeoffs, analyze their theoretical properties, and develop an optimization problem to understand the optimal adversarial attack and defense strategies.
  arXiv  Detail & Related papers  (2022-06-23T05:24:52Z)
• Privacy-Preserving Federated Learning on Partitioned Attributes [6.661716208346423]
  Federated learning empowers collaborative training without exposing local data or models. We introduce an adversarial learning based procedure which tunes a local model to release privacy-preserving intermediate representations. To alleviate the accuracy decline, we propose a defense method based on the forward-backward splitting algorithm.
  arXiv  Detail & Related papers  (2021-04-29T14:49:14Z)
• Privacy and Robustness in Federated Learning: Attacks and Defenses [74.62641494122988]
  We conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic.
  arXiv  Detail & Related papers  (2020-12-07T12:11:45Z)
• Uncertainty-Aware Physically-Guided Proxy Tasks for Unseen Domain Face Anti-spoofing [128.32381246318954]
  Face anti-spoofing (FAS) seeks to discriminate genuine faces from fake ones arising from any type of spoofing attack. We propose to leverage physical cues to attain better generalization on unseen domains.
  arXiv  Detail & Related papers  (2020-11-28T03:22:26Z)
• Stylized Adversarial Defense [105.88250594033053]
  adversarial training creates perturbation patterns and includes them in the training set to robustify the model. We propose to exploit additional information from the feature space to craft stronger adversaries. Our adversarial training approach demonstrates strong robustness compared to state-of-the-art defenses.
  arXiv  Detail & Related papers  (2020-07-29T08:38:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.