Batnyam Enkhtaivan scite author profile

A membership inference attack (MIA) poses privacy risks on the training data of a machine learning model. With an MIA, an attacker guesses if the target data are a member of the training dataset. The stateof-the-art defense against MIAs, distillation for membership privacy (DMP), requires not only private data to protect but a large amount of unlabeled public data. However, in certain privacy-sensitive domains, such as medical and financial, the availability of public data is not obvious. Moreover, a trivial method to generate the public data by using generative adversarial networks significantly decreases the model accuracy, as reported by the authors of DMP. To overcome this problem, we propose a novel defense against MIAs using knowledge distillation without requiring public data. Our experiments show that the privacy protection and accuracy of our defense are comparable with those of DMP for the benchmark tabular datasets used in MIA researches, Purchase100 and Texas100, and our defense has much better privacy-utility trade-off than those of the existing defenses without using public data for image dataset CIFAR10.

show abstract

First-principles study of lateral atom manipulation assisted by structural relaxation of a scanning tip apex

Enkhtaivan

Sugimoto

Oshiyama

2017

Phys. Rev. B

View full text Add to dashboard Cite

Multistep atomic reaction enhanced by an atomic force microscope probe on Si(111) and Ge(111) surfaces

Enkhtaivan

Oshiyama

2016

Phys. Rev. B

View full text Add to dashboard Cite

We present first-principles total-energy electronic-structure calculations that provide the microscopic mechanism of the adatom interchange reaction on the Sn-and Pb-covered Ge(111)-(2×8) and the Sb-covered Si(111)-(7×7) surfaces with and without the tip of the atomic force microscope (AFM). We find that, without the presence of the AFM tip on the Ge surface, the adatom interchange occurs through the migration of the adatom, the spontaneous formation of the dimer structures of the two adatoms, the dimer-dimer structural transitions that induce the exchange of the positions of the two adatoms, and then the backward migration of the adatom. We also find that the dimer structure is unfeasible at room temperature on the Si surface and the adatom interchange are hereby unlikely. With the presence of the tip, we find that the reaction pathways are essentially the same for the Ge surface but that the energy barriers of the migration and the exchange processes are substantially reduced by the AFM tip. We further find that the AFM tip induces the spontaneous formation of the dimer structure even on the Si surface, hereby opening a channel of the interchange of the adatoms. Our calculations show that the bond formation between the AFM tip atom and the surface adatom is essential for the atom manipulation using the AFM tip.

show abstract

Atomic force microscope manipulation of Ag atom on the Si(111) surface

Enkhtaivan

Oshiyama

2017

Phys. Rev. B

View full text Add to dashboard Cite

We present first-principles total-energy electronic-structure calculations that provide the microscopic mechanism of the Ag atom diffusion between the half unit cells (HUCs) on the Si(111)-(7×7) surface with and without the tip of the atomic force microscope (AFM). We find that, without the presence of the AFM tip, the diffusions between the two HUCs are almost symmetric with the energy barrier of about 1 eV in the both directions. The diffusion is a two-step process with an intermediate metastable configuration in which the Ag atom is at the boundary of the HUCs. With the presence of the tip, we find that the reaction pathways are essentially the same, but the energy barrier in one direction is substantially reduced to be 0.2 -0.4 eV by the tip, while that of the diffusion in the reverse direction remains larger than 1 eV. The Si tip reduces the energy barrier more than the Pt tip due to the flexibility of the tip apex structure. In addition to the reduction of the barrier, the tip traps the diffusing adatom preventing the diffusion in the reverse direction. Also we find that the shape of the tip apex structure is important for the trapping ability of the adatom. When the tip apex structure is blunt, the adatom interacts with the tip atom other than the tip apex atom. The bond formation between the AFM tip atom and the surface adatom is essential for the atom manipulation using the AFM tip. Our results show that the atom manipulation is possible with both the metallic and semiconducting AFM tips.

show abstract

Knowledge Cross-Distillation for Membership Privacy

Chourasia

Enkhtaivan²,

Ito³

et al. 2022

View full text Add to dashboard Cite

A membership inference attack (MIA) poses privacy risks for the training data of a machine learning model. With an MIA, an attacker guesses if the target data are a member of the training dataset. The state-of-the-art defense against MIAs, distillation for membership privacy (DMP), requires not only private data for protection but a large amount of unlabeled public data. However, in certain privacy-sensitive domains, such as medicine and finance, the availability of public data is not guaranteed. Moreover, a trivial method for generating public data by using generative adversarial networks significantly decreases the model accuracy, as reported by the authors of DMP. To overcome this problem, we propose a novel defense against MIAs that uses knowledge distillation without requiring public data. Our experiments show that the privacy protection and accuracy of our defense are comparable to those of DMP for the benchmark tabular datasets used in MIA research, Purchase100 and Texas100, and our defense has a much better privacy-utility trade-off than those of the existing defenses that also do not use public data for the image dataset CIFAR10.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.