Adversary for Social Good: Leveraging Adversarial Attacks to Protect Personal Attribute Privacy

TL;DR

This paper introduces Adv4SG, a novel adversarial attack method that perturbs social media text data to protect users' personal attribute privacy against NLP inference attacks, achieving effective privacy preservation with low computational cost.

Contribution

The paper proposes a new adversarial attack framework tailored for social media text to defend against attribute inference, considering social media properties and black-box constraints.

Findings

Adv4SG significantly reduces attribute inference accuracy.

The method operates efficiently with low computational overhead.

It effectively protects user privacy across multiple attribute types.

Abstract

Social media has drastically reshaped the world that allows billions of people to engage in such interactive environments to conveniently create and share content with the public. Among them, text data (e.g., tweets, blogs) maintains the basic yet important social activities and generates a rich source of user-oriented information. While those explicit sensitive user data like credentials has been significantly protected by all means, personal private attribute (e.g., age, gender, location) disclosure due to inference attacks is somehow challenging to avoid, especially when powerful natural language processing (NLP) techniques have been effectively deployed to automate attribute inferences from implicit text data. This puts users' attribute privacy at risk. To address this challenge, in this paper, we leverage the inherent vulnerability of machine learning to adversarial attacks, and design a novel text-space Adversarial attack for Social Good, called Adv4SG. In other words, we cast the problem of protecting personal attribute privacy as an adversarial attack formulation problem over the social media text data to defend against NLP-based attribute inference attacks. More specifically, Adv4SG proceeds with a sequence of word perturbations under given constraints such that the probed attribute cannot be identified correctly. Different from the prior works, we advance Adv4SG by considering social media property, and introducing cost-effective mechanisms to expedite attribute obfuscation over text data under the black-box setting. Extensive experiments on real-world social media datasets have demonstrated that our method can effectively degrade the inference accuracy with less computational cost over different attribute settings, which substantially helps mitigate the impacts of inference attacks and thus achieve high performance in user attribute privacy protection.