Against Membership Inference Attack: Pruning is All You Need

TL;DR

This paper proposes a weight pruning method that enhances DNN privacy against membership inference attacks while maintaining accuracy, reducing model size and computational costs.

Contribution

The authors introduce a novel pruning algorithm that creates subnetworks resistant to MIA, with theoretical validation and competitive accuracy.

Findings

Pruning reduces MIA attack accuracy by up to 13.6%.

The method maintains competitive accuracy with original DNNs.

Experimental results confirm the effectiveness of the pruning approach.

Abstract

The large model size, high computational operations, and vulnerability against membership inference attack (MIA) have impeded deep learning or deep neural networks (DNNs) popularity, especially on mobile devices. To address the challenge, we envision that the weight pruning technique will help DNNs against MIA while reducing model storage and computational operation. In this work, we propose a pruning algorithm, and we show that the proposed algorithm can find a subnetwork that can prevent privacy leakage from MIA and achieves competitive accuracy with the original DNNs. We also verify our theoretical insights with experiments. Our experimental results illustrate that the attack accuracy using model compression is up to 13.6% and 10% lower than that of the baseline and Min-Max game, accordingly.