检索结果-南通市图书馆

Defense against membership inference attack Applying Domain Adaptation with Addictive Noise

Journal of Computer and Communications 2021年第5期9卷 92-108页

作者： Hongwei Huang College of Information Science and Technology Jinan University Guangzhou China

Deep learning can train models from a dataset to solve tasks. Although deep learning has attracted much interest owing to the excellent performance, security issues are gradually exposed. Deep learning may be prone to the membership inference attack, where the attacker can determine the membership of a given sample. In this paper, we propose a new defense mechanism against membership inference: NoiseDA. In our proposal, a model is not directly trained on a sensitive dataset to alleviate the threat of membership inference attack by leveraging domain adaptation. Besides, a module called Feature Crafter has been designed to reduce the necessary training dataset from 2 to 1, which creates features for domain adaptation training using noise addictive mechanisms. Our experiments have shown that, with the noises properly added by Feature Crafter, our proposal can reduce the success of membership inference with a controllable utility loss.

关键词： Privacy-Preserving Machine Learning membership inference attack Domain Adaptation Deep Learning

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Black-box membership inference attacks based on shadow model

引用

The Journal of China Universities of Posts and Telecommunications 2024年第4期31卷 1-16页

作者： Han Zhen Zhou Wen'an Han Xiaoxuan Wu Jie School of Computer Science Beijing University of Posts and TelecommunicationsBeijing 100876China

membership inference attacks on machine learning models have drawn significant *** current research primarily utilizes shadow modeling techniques,which require knowledge of the target model and training data,practical scenarios involve black-box access to the target model with no available *** training data further complicate the implementation of these *** this paper,we experimentally compare common data enhancement schemes and propose a data synthesis framework based on the variational autoencoder generative adversarial network(VAE-GAN)to extend the training data for shadow ***,this paper proposes a shadow model training algorithm based on adversarial training to improve the shadow model's ability to mimic the predicted behavior of the target model when the target model's information is *** conducting attack experiments on different models under the black-box access setting,this paper verifies the effectiveness of the VAE-GAN-based data synthesis framework for improving the accuracy of membership inference ***,we verify that the shadow model,trained by using the adversarial training approach,effectively improves the degree of mimicking the predicted behavior of the target *** with existing research methods,the method proposed in this paper achieves a 2%improvement in attack accuracy and delivers better attack performance.

关键词： machine learning membership inference attack shadow model black-box model

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

Model architecture level privacy leakage in neural networks

引用

Science China(Information Sciences) 2024年第3期67卷 20-32页

作者： Yan LI Hongyang YAN Teng HUANG Zijie PAN Jiewei LAI Xiaoxue ZHANG Kongyang CHEN Jin LI Institute of Artificial Intelligent and Blockchain Guangzhou University Pazhou Lab

Privacy leakage is one of the most critical issues in machine learning and has attracted growing interest for tasks such as demonstrating potential threats in model attacks and creating model *** recent years, numerous studies have revealed various privacy leakage risks(e.g., data reconstruction attack, membership inference attack, backdoor attack, and adversarial attack) and several targeted defense approaches(e.g., data denoising, differential privacy, and data encryption). However, existing solutions generally focus on model parameter levels to disclose(or repair) privacy threats during the model training and/or model interference process, which are rarely applied at the model architecture level. Thus, in this paper, we aim to exploit the potential privacy leakage at the model architecture level through a pioneer study on neural architecture search(NAS) paradigms which serves as a powerful tool to automate a neural network *** investigating the NAS procedure, we discover two attack threats in the model architecture level called the architectural dataset reconstruction attack and the architectural membership inference attack. Our theoretical analysis and experimental evaluation reveal that an attacker may leverage the output architecture of an ongoing NAS paradigm to reconstruct its original training set, or accurately infer the memberships of its training set simply from the model architecture. In this work, we also propose several defense approaches related to these model architecture attacks. We hope our work can highlight the need for greater attention to privacy protection in model architecture levels(e.g., NAS paradigms).

关键词： neural architecture search data reconstruction attack membership inference attack

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Improving Parameter Estimation and Defensive Ability of Latent Dirichlet Allocation Model Training Under Rényi Differential Privacy

引用

Journal of Computer Science & Technology 2022年第6期37卷 1382-1397页

作者： Tao Huang Su-Yun Zhao Hong Chen Yi-Xuan Liu Key Laboratory of Data Engineering and Knowledge Engineering(Renmin University of China) Ministry of Education Beijing 100087China School of Information Renmin University of ChinaBeijing 100087China

Latent Dirichlet allocation(LDA)is a topic model widely used for discovering hidden semantics in massive text *** Gibbs sampling(CGS),as a widely-used algorithm for learning the parameters of LDA,has the risk of privacy ***,word count statistics and updates of latent topics in CGS,which are essential for parameter estimation,could be employed by adversaries to conduct effective membership inference attacks(MIAs).Till now,there are two kinds of methods exploited in CGS to defend against MIAs:adding noise to word count statistics and utilizing inherent *** two kinds of methods have their respective *** sampled from the Laplacian distribution sometimes produces negative word count statistics,which render terrible parameter estimation in *** inherent privacy could only provide weak guaranteed privacy when defending against *** is promising to propose an effective framework to obtain accurate parameter estimations with guaranteed differential *** key issue of obtaining accurate parameter estimations when introducing differential privacy in CGS is making good use of the privacy budget such that a precise noise scale is *** is the first time that R′enyi differential privacy(RDP)has been introduced into CGS and we propose RDP-LDA,an effective framework for analyzing the privacy loss of any differentially private ***-LDA could be used to derive a tighter upper bound of privacy loss than the overestimated results of existing differentially private CGS obtained byε-*** RDP-LDA,we propose a novel truncated-Gaussian mechanism that keeps word count statistics *** we propose distribution perturbation which could provide more rigorous guaranteed privacy than utilizing inherent *** validate that our proposed methods produce more accurate parameter estimation under the JS-divergence metric and obtain lower precision and recall when defending against MIAs.

关键词： latent Dirichlet allocation parameter estimation membership inference attack Rényi differential privacy

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

A Performance Study of membership inference attacks on Different Machine Learning Algorithms

引用

Journal of Information Hiding and Privacy Protection 2021年第4期3卷 193-200页

作者： Jumana Alsubhi Abdulrahman Gharawi Mohammad Alahmadi Department of Computer Science University of GeorgiaAthensGA30602USA Department of Software Engineering College of Computer Science and EngineeringUniversity of JeddahJeddah23890Saudi Arabia

Nowadays,machine learning(ML)algorithms cannot succeed without the availability of an enormous amount of training *** data could contain sensitive information,which needs to be *** inference attacks attempt to find out whether a target data point is used to train a certain ML model,which results in security and privacy *** leakage of membership information can vary from one machine-learning algorithm to *** this paper,we conduct an empirical study to explore the performance of membership inference attacks against three different machine learning algorithms,namely,K-nearest neighbors,random forest,support vector machine,and logistic regression using three *** experiments revealed the best machine learning model that can be more immune to privacy ***,we examined the effects of such attacks when varying the dataset *** on our observations for the experimental results,we propose a defense mechanism that is less prone to privacy attacks and demonstrate its effectiveness through an empirical evaluation.

关键词： membership inference attack data privacy machine learning security

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：