TL;DR
This paper investigates how Bayesian neural networks influence security aspects like privacy and robustness, revealing increased vulnerability to membership inference but comparable adversarial robustness.
Contribution
It provides the first analysis of Bayesian neural networks' security implications, highlighting their trade-offs in privacy and adversarial robustness.
Findings
Bayesian neural networks are more vulnerable to membership inference attacks.
They are at least as robust as non-Bayesian models against adversarial examples.
Abstract
In many cases, neural networks perform well on test data, but tend to overestimate their confidence on out-of-distribution data. This has led to adoption of Bayesian neural networks, which better capture uncertainty and therefore more accurately reflect the model's confidence. For machine learning security researchers, this raises the natural question of how making a model Bayesian affects the security of the model. In this work, we explore the interplay between Bayesianism and two measures of security: model privacy and adversarial robustness. We demonstrate that Bayesian neural networks are more vulnerable to membership inference attacks in general, but are at least as robust as their non-Bayesian counterparts to adversarial examples.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Explainable Artificial Intelligence (XAI)