Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment

Yang, Ziqi; Zhang, Jiyi; Chang, Ee-Chien; Liang, Zhenkai

doi:10.1145/3319535.3354261

Cited by 154 publications

(141 citation statements)

References 29 publications

Supporting

Mentioning

140

Contrasting

Order By: Relevance

“…The goal of our protocol is to protect the privacy of each party's gradient while guarantees the integrity of aggregation. However, we do not consider the adversary that makes queries to the trained model to launch black-box statistical attacks [22], [23], [24], [25], [26] since it is known hard to prevent the leakage from the output of the functionality implemented by cryptographic protocols. Moreover, such attacks might not work well to precisely infer the sensitive information of honest parties, especially for deep neural networks that generalize well [6].…”

Section: Adversarial Modelmentioning

confidence: 99%

VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning

Guo

Liu

et al. 2021

IEEE Trans.Inform.Forensic Secur.

159

View full text Add to dashboard Cite

Federated learning (FL) enables a large number of clients to collaboratively train a global model through sharing their gradients in each synchronized epoch of local training. However, a centralized server used to aggregate these gradients can be compromised and forge the result in order to violate privacy or launch other attacks, which incurs the need to verify the integrity of aggregation. In this work, we explore how to design communication-efficient and fast verifiable aggregation in FL. We propose VERIFL, a verifiable aggregation protocol, with O(N) (dimension-independent) communication and O(N + d) computation for verification in each epoch, where N is the number of clients and d is the dimension of gradient vectors. Since d can be large in some real-world FL applications (e.g., 100K), our dimension-independent communication is especially desirable for clients with limited bandwidth and high-dimensional gradients. In addition, the proposed protocol can be used in the FL setting where secure aggregation is needed or there is a subset of clients dropping out of protocol execution. Experimental results indicate that our protocol is efficient in these settings.

show abstract

Section: Adversarial Modelmentioning

confidence: 99%

VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning

Guo

Liu

et al. 2021

IEEE Trans.Inform.Forensic Secur.

159

View full text Add to dashboard Cite

show abstract

“…• Exploration attacks (Sethi and Kantardzic, 2018); • Model extraction attacks (Correia-Silva et al, 2018;Kesarwani et al, 2018;Joshi and Tammana, 2019;Reith et al, 2019); • Model inversion attacks (Yang et al, 2019); • Model-reuse attacks (Ji et al, 2018); • Trojan attacks (Liu et al, 2018).…”

Section: Attacks On Cloud-hosted Machine Learning Models: Thematic Anmentioning

confidence: 99%

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

et al. 2020

View full text Add to dashboard Cite

With the advances in machine learning (ML) and deep learning (DL) techniques, and the potency of cloud computing in offering services efficiently and cost-effectively, Machine Learning as a Service (MLaaS) cloud platforms have become popular. In addition, there is increasing adoption of third-party cloud services for outsourcing training of DL models, which requires substantial costly computational resources (e.g., high-performance graphics processing units (GPUs)). Such widespread usage of cloud-hosted ML/DL services opens a wide range of attack surfaces for adversaries to exploit the ML/DL system to achieve malicious goals. In this article, we conduct a systematic evaluation of literature of cloud-hosted ML/DL models along both the important dimensions—attacks and defenses—related to their security. Our systematic review identified a total of 31 related articles out of which 19 focused on attack, six focused on defense, and six focused on both attack and defense. Our evaluation reveals that there is an increasing interest from the research community on the perspective of attacking and defending different attacks on Machine Learning as a Service platforms. In addition, we identify the limitations and pitfalls of the analyzed articles and highlight open research issues that require further investigation.

show abstract

“…Second, we use the budget n ‐times query model

F_{c}

, that is,

(|| D_{query} |) = n

. We assume that we can get all the predicted values (if not, it is feasible to use the cropping method mentioned in Reference [9]) to form the data set

(}{(F_{c} (x), \overset{F}{true} (x))) | x \in D_{query}})

. Analogously, we fix the sampling layer on

G_{θ}

and train the weight

w

between the first and second layers.…”

Section: Experimentationmentioning

confidence: 99%

“…The

(|| D_{aux} |) = q

we use is drawn from the test data distribution. For the previous MIA 9 in the third row, we use the same settings. MIA, model inversion attack [Color figure can be viewed at wileyonlinelibrary.com]…”

Section: Experimentationmentioning

confidence: 99%

See 1 more Smart Citation

Querying little is enough: Model inversion attack via latent information

Liu

Huang

et al. 2020

Int J Intell Syst

View full text Add to dashboard Cite

Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment

Cited by 154 publications

References 29 publications

VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning

VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

Querying little is enough: Model inversion attack via latent information

Contact Info

Product

Resources

About