Defending Against Machine Learning Based Inference Attacks via Adversarial Examples: Opportunities and Challenges

Jia, Jinyuan; Gong, Neil Zhenqiang

doi:10.1007/978-3-030-33432-1_2

Cited by 30 publications

(60 citation statements)

References 65 publications

(118 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This approach is shown to produce less noisy results between rounds, but also takes longer to converge than the updates described in Equation 1. There is also the potential of reduced privacy, in that parameters related to particular clients are retained on the server, rather than being removed immediately following calculation of the new global model, which could conceivably allow, for instance, inference attacks [8].…”

Section: Discussionmentioning

confidence: 99%

Federated Learning With Highly Imbalanced Audio Data

Green,

Plumbley

2021

Preprint

View full text Add to dashboard Cite

Federated learning (FL) is a privacy-preserving machine learning method that has been proposed to allow training of models using data from many different clients, without these clients having to transfer all their data to a central server. There has as yet been relatively little consideration of FL or other privacy-preserving methods in audio. In this paper, we investigate using FL for a sound event detection task using audio from the FSD50K dataset. Audio is split into clients based on uploader metadata. This results in highly imbalanced subsets of data between clients, noted as a key issue in FL scenarios. A series of models is trained using 'high-volume' clients that contribute 100 audio clips or more, testing the effects of varying FL parameters, followed by an additional model trained using all clients with no minimum audio contribution. It is shown that FL models trained using the high-volume clients can perform similarly to a centrally-trained model, though there is much more noise in results than would typically be expected for a centrally-trained model. The FL model trained using all clients has a considerably reduced performance compared to the centrally-trained model.

show abstract

Section: Discussionmentioning

confidence: 99%

Federated Learning With Highly Imbalanced Audio Data

Green,

Plumbley

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Therefore, attackers who rely on machine learning also share its vulnerabilities and we can exploit such vulnerabilities to defend against them. For instance, we can leverage adversarial examples to mislead attackers who use machine learning classifiers to perform automated inference attacks [27]. One key challenge in this research direction is how to extend existing adversarial example methods to address the unique challenges of privacy protection.…”

Section: Discussion and Limitationsmentioning

confidence: 99%

MemGuard

Jia

Salem

Backes

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Self Cite

214

View full text Add to dashboard Cite

In a membership inference attack, an attacker aims to infer whether a data sample is in a target classifier's training dataset or not. Specifically, given a black-box access to the target classifier, the attacker trains a binary classifier, which takes a data sample's confidence score vector predicted by the target classifier as an input and predicts the data sample to be a member or non-member of the target classifier's training dataset. Membership inference attacks pose severe privacy and security threats to the training dataset. Most existing defenses leverage differential privacy when training the target classifier or regularize the training process of the target classifier. These defenses suffer from two key limitations: 1) they do not have formal utility-loss guarantees of the confidence score vectors, and 2) they achieve suboptimal privacy-utility tradeoffs.In this work, we propose MemGuard, the first defense with formal utility-loss guarantees against black-box membership inference attacks. Instead of tampering the training process of the target classifier, MemGuard adds noise to each confidence score vector predicted by the target classifier. Our key observation is that attacker uses a classifier to predict member or non-member and classifier is vulnerable to adversarial examples. Based on the observation, we propose to add a carefully crafted noise vector to a confidence score vector to turn it into an adversarial example that misleads the attacker's classifier. Specifically, MemGuard works in two phases. In Phase I, MemGuard finds a carefully crafted noise vector that can turn a confidence score vector into an adversarial example, which is likely to mislead the attacker's classifier to make a random guessing at member or non-member. We find such carefully crafted noise vector via a new method that we design to incorporate the unique utility-loss constraints on the noise vector. In Phase II, Mem-Guard adds the noise vector to the confidence score vector with a certain probability, which is selected to satisfy a given utility-loss budget on the confidence score vector. Our experimental results on Permission to make digital three datasets show that MemGuard can effectively defend against membership inference attacks and achieve better privacy-utility tradeoffs than existing defenses. Our work is the first one to show that adversarial examples can be used as defensive mechanisms to defend against membership inference attacks.

show abstract

“…To be more exact, the energy that the player will pick at each narrative stage is determined by the strategy used in a game with just one player and repeated steps. e action must be feasible; that is, it must belong to all the available options of the gaming stage [24,25].…”

Section: Proposed Game Strategymentioning

confidence: 99%

“…is was done because the large number of visitors combined with the enormous amounts of music content spent on a daily basis creates a new landscape of threats, in which the clear strategies for cybersecurity need to be rearranged on an ongoing basis. According to this logic, they frequently employ advanced techniques, including zero-day attacks, to launch attacks on music streaming platforms that modern cybercriminals have targeted [24,27,28].…”

Section: Application Testingmentioning

confidence: 99%

Applications of Game Theory and Advanced Machine Learning Methods for Adaptive Cyberdefense Strategies in the Digital Music Industry

Jing¹

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

As the likelihood and impact of cyber-attacks continue to grow, organizations realize the need to invest in specialized methods to protect their digital data and the information they circulate or manage. Due to its broad use, game theory has evolved into a concept that can be applied practically while analyzing and modifying existing cyber protection methods to arrive at the best possible conclusions. This study presents an innovative hybrid model that combines game theory and advanced machine learning methods for adaptive cyber defense strategies. Specifically, a repetitive game methodology is implemented to analyze cyber-attacks and model behaviors and study how defenders and attackers make decisions in a competing field. Based on Bayesian inference, the proposed method can predict the next steps in the game to produce the appropriate countermeasures and implement the best cyber defense strategies that govern an organization. The suggested system introduced to the academic literature for the first time was successfully tested in a particular application scenario involving the digital music industry and coping with impending cyber-attacks.

show abstract

Defending Against Machine Learning Based Inference Attacks via Adversarial Examples: Opportunities and Challenges

Cited by 30 publications

References 65 publications

Federated Learning With Highly Imbalanced Audio Data

Federated Learning With Highly Imbalanced Audio Data

MemGuard

Applications of Game Theory and Advanced Machine Learning Methods for Adaptive Cyberdefense Strategies in the Digital Music Industry

Contact Info

Product

Resources

About