MixCon: Adjusting the Separability of Data Representations for Harder Data Recovery
Xiaoxiao Li, Yangsibo Huang, Binghui Peng, Zhao Song, Kai Li
TL;DR
This paper proposes a method called MixCon that adjusts data representation separability in neural networks to balance data utility and resistance to model inversion attacks, based on theoretical and empirical insights.
Contribution
MixCon introduces a novel objective function to control data separability, enhancing security against inversion attacks without sacrificing utility.
Findings
Identifies sweet-spots of data separability for optimal trade-off
Demonstrates increased resistance to inversion attacks
Maintains data utility while reducing vulnerability
Abstract
To address the issue that deep neural networks (DNNs) are vulnerable to model inversion attacks, we design an objective function, which adjusts the separability of the hidden data representations, as a way to control the trade-off between data utility and vulnerability to inversion attacks. Our method is motivated by the theoretical insights of data separability in neural networking training and results on the hardness of model inversion. Empirically, by adjusting the separability of data representation, we show that there exist sweet-spots for data separability such that it is difficult to recover data during inference while maintaining data utility.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Advanced Neural Network Applications