QueryCheetah: Fast Automated Discovery of Attribute Inference Attacks Against Query-Based Systems

TL;DR

QueryCheetah is a rapid and effective automated method for discovering attribute inference attacks on query-based data sharing systems, significantly outperforming previous approaches in speed and strength of attacks.

Contribution

It introduces QueryCheetah, a novel fast automated attack discovery tool that enhances the evaluation of privacy risks in query-based systems.

Findings

Discoveries of stronger attribute inference attacks than prior methods.

QueryCheetah is 18 times faster than the previous state-of-the-art.

It enables comprehensive privacy risk assessment across various attacker models.

Abstract

Query-based systems (QBSs) are one of the key approaches for sharing data. QBSs allow analysts to request aggregate information from a private protected dataset. Attacks are a crucial part of ensuring QBSs are truly privacy-preserving. The development and testing of attacks is however very labor-intensive and unable to cope with the increasing complexity of systems. Automated approaches have been shown to be promising but are currently extremely computationally intensive, limiting their applicability in practice. We here propose QueryCheetah, a fast and effective method for automated discovery of privacy attacks against QBSs. We instantiate QueryCheetah on attribute inference attacks and show it to discover stronger attacks than previous methods while being 18 times faster than the state-of-the-art automated approach. We then show how QueryCheetah allows system developers to thoroughly evaluate the privacy risk, including for various attacker strengths and target individuals. We finally show how QueryCheetah can be used out-of-the-box to find attacks in larger syntaxes and workarounds around ad-hoc defenses.