Knock Knock, Who's There? Membership Inference on Aggregate Location Data

Pyrgelis, Apostolos; Troncoso, Carmela; Cristofaro, Emiliano De

doi:10.14722/ndss.2018.23183

Cited by 156 publications

(126 citation statements)

References 23 publications

Supporting

Mentioning

124

Contrasting

Unclassified

Order By: Relevance

“…Even with a modest privacy parameter of = 8 the authors report an attack accuracy 58.3% with a training accuracy of just 68.6%. The authors in [46] also remark that defense mechanisms based on differential privacy are not always effective, particularly when an attacker is able to mimic the behavior of the perturbation.…”

Section: Mitigation Techniquesmentioning

confidence: 99%

Demystifying Membership Inference Attacks in Machine Learning as a Service

Truex

Ling

Gürsoy

et al. 2021

IEEE Trans. Serv. Comput.

195

123

View full text Add to dashboard Cite

Membership inference attacks seek to infer membership of individual training instances of a model to which an adversary has black-box access through a machine learning-as-a-service API. In providing an in-depth characterization of membership privacy risks against machine learning models, this paper presents a comprehensive study towards demystifying membership inference attacks from two complimentary perspectives. First, we provide a generalized formulation of the development of a black-box membership inference attack model. Second, we characterize the importance of model choice on model vulnerability through a systematic evaluation of a variety of machine learning models and model combinations using multiple datasets. Through formal analysis and empirical evidence from extensive experimentation, we characterize under what conditions a model may be vulnerable to such black-box membership inference attacks. We show that membership inference vulnerability is data-driven and corresponding attack models are largely transferable. Though different model types display different vulnerabilities to membership inference, so do different datasets. Our empirical results additionally show that (1) using the type of target model under attack within the attack model may not increase attack effectiveness and (2) collaborative learning exposes vulnerabilities to membership inference risks when the adversary is a participant. We also discuss countermeasure and mitigation strategies.

show abstract

Section: Mitigation Techniquesmentioning

confidence: 99%

Demystifying Membership Inference Attacks in Machine Learning as a Service

Truex

Ling

Gürsoy

et al. 2021

IEEE Trans. Serv. Comput.

195

123

View full text Add to dashboard Cite

show abstract

“…Membership inference. Membership inference attacks involve observing the output of some computations over a hidden dataset D and determining whether a specific data point is a member of D. Membership inference attacks against aggregate statistics have been demonstrated in the context of genomic studies [13], location time-series [26], and noisy statistics in general [8].…”

Section: Related Workmentioning

confidence: 99%

Auditing Data Provenance in Text-Generation Models

Song

Shmatikov

2019

Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery &Amp; Data Mining

143

110

View full text Add to dashboard Cite

To help enforce data-protection regulations such as GDPR and detect unauthorized uses of personal data, we develop a new model auditing technique that helps users check if their data was used to train a machine learning model. We focus on auditing deeplearning models that generate natural-language text, including word prediction and dialog generation. These models are at the core of popular online services and are often trained on personal data such as users' messages, searches, chats, and comments.We design and evaluate a black-box auditing method that can detect, with very few queries to a model, if a particular user's texts were used to train it (among thousands of other users). We empirically show that our method can successfully audit well-generalized models that are not overfitted to the training data. We also analyze how text-generation models memorize word sequences and explain why this memorization makes them amenable to auditing. CCS CONCEPTS• Computing methodologies → Machine learning; • Security and privacy → Software and application security.

show abstract

“…Nasr et al (2019) extends the analysis to white-box attacks and a federated learning setting. Pyrgelis et al (2018) provides an empirical study on location data. Veale et al (2018) discusses membership inference and the related model inversion problem, in the context of data protection laws like GDPR.…”

Section: Summary and Alternative Definitionsmentioning

confidence: 99%