Membership Inference Attacks via Adversarial Examples
Hamid Jalalzai, Elie Kadoche, R\'emi Leluc, Vincent Plassier
TL;DR
This paper investigates membership inference attacks that exploit adversarial examples to assess data privacy risks in machine learning models, and proposes a new defense mechanism supported by empirical results.
Contribution
It introduces a novel method to measure training data leakage using a proxy of total variation and offers a new defense mechanism against such attacks.
Findings
Effective measurement of data leakage via total variation proxy
Demonstrated defense mechanism reduces privacy risks
Empirical evidence confirms attack and defense effectiveness
Abstract
The raise of machine learning and deep learning led to significant improvement in several domains. This change is supported by both the dramatic rise in computation power and the collection of large datasets. Such massive datasets often include personal data which can represent a threat to privacy. Membership inference attacks are a novel direction of research which aims at recovering training data used by a learning algorithm. In this paper, we develop a mean to measure the leakage of training data leveraging a quantity appearing as a proxy of the total variation of a trained model near its training samples. We extend our work by providing a novel defense mechanism. Our contributions are supported by empirical evidence through convincing numerical experiments.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Ethics and Social Impacts of AI