Membership Inference Attack Against Principal Component Analysis

Zari, Oualid; Parra-Arnau, Javier; Unsal, Ayse; Strufe, Thorsten; Önen, Melek

doi:10.1007/978-3-031-13945-1_19

Cited by 3 publications

References 51 publications

(110 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

Membership Inference Attack Against Principal Component Analysis

Zari

Parra-Arnau

Unsal

et al. 2022

Privacy in Statistical Databases

View full text Add to dashboard Cite

This paper studies the performance of membership inference attacks against principal component analysis (PCA). In this attack, we assume that the adversary has access to the principal components, and her main goal is to infer whether a given data sample was used to compute these principal components. We show that our attack is successful and achieves high performance when the number of samples used to compute the principal components is small. As a defense strategy, we investigate the use of various differentially private mechanisms. Accordingly, we present experimental results on the performance of Gaussian and Laplace mechanisms under naive and advanced compositions against MIA as well as the utility of these differentially-private PCA solutions.

show abstract

Membership Inference Attack Against Principal Component Analysis

Zari

Parra-Arnau

Unsal

et al. 2022

Privacy in Statistical Databases

View full text Add to dashboard Cite

show abstract

Data Reconstruction Attack Against Principal Component Analysis

Kwatra

Torra

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Attacking machine learning models is one of the many ways to measure the privacy of machine learning models. Therefore, studying the performance of attacks against machine learning techniques is essential to know whether somebody can share information about machine learning models, and if shared, how much can be shared? In this work, we investigate one of the widely used dimensionality reduction techniques Principal Component Analysis (PCA). We refer to a recent paper that shows how to attack PCA using a Membership Inference Attack (MIA). When using membership inference attacks against PCA, the adversary gets access to some of the principal components and wants to determine if a particular record was used to compute those principal components. We assume that the adversary knows the distribution of training data, which is a reasonable and useful assumption for a membership inference attack. With this assumption, we show that the adversary can make a data reconstruction attack, which is a more severe attack than the membership attack. For a protection mechanism, we propose that the data guardian first generate synthetic data and then compute the principal components. We also compare our proposed approach with Differentially Private Principal Component Analysis (DPPCA). The experimental findings show the degree to which the adversary successfully attempted to recover the users’ original data. We obtained comparable results with DPPCA. The number of principal components the attacker intercepted affects the attack’s outcome. Therefore, our work aims to answer how much information about machine learning models is safe to disclose while protecting users’ privacy.

show abstract