Privacy attacks against deep learning models and their countermeasures

Shafee, Ahmed; Awaad, Tasneem A.

doi:10.1016/j.sysarc.2020.101940

Cited by 16 publications

(4 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This does not necessarily mean that generative models should be provided to data users to allow them to generate multiple datasets themselves. In general, machine learning (ML) models are known to be susceptible to adversarial attacks that can reveal sensitive information about the individuals in the training datasets 102 , 103 . Therefore, it has been argued that sharing ML models may lead to different types of disclosure risks, making (unprotected) ML models equivalent to personally identifiable information 104 .…”

Section: Discussionmentioning

confidence: 99%

An evaluation of the replicability of analyses using synthetic health data

El Emam,

Mosquera,

Fang

et al. 2024

Sci Rep

View full text Add to dashboard Cite

Synthetic data generation is being increasingly used as a privacy preserving approach for sharing health data. In addition to protecting privacy, it is important to ensure that generated data has high utility. A common way to assess utility is the ability of synthetic data to replicate results from the real data. Replicability has been defined using two criteria: (a) replicate the results of the analyses on real data, and (b) ensure valid population inferences from the synthetic data. A simulation study using three heterogeneous real-world datasets evaluated the replicability of logistic regression workloads. Eight replicability metrics were evaluated: decision agreement, estimate agreement, standardized difference, confidence interval overlap, bias, confidence interval coverage, statistical power, and precision (empirical SE). The analysis of synthetic data used a multiple imputation approach whereby up to 20 datasets were generated and the fitted logistic regression models were combined using combining rules for fully synthetic datasets. The effects of synthetic data amplification were evaluated, and two types of generative models were used: sequential synthesis using boosted decision trees and a generative adversarial network (GAN). Privacy risk was evaluated using a membership disclosure metric. For sequential synthesis, adjusted model parameters after combining at least ten synthetic datasets gave high decision and estimate agreement, low standardized difference, as well as high confidence interval overlap, low bias, the confidence interval had nominal coverage, and power close to the nominal level. Amplification had only a marginal benefit. Confidence interval coverage from a single synthetic dataset without applying combining rules were erroneous, and statistical power, as expected, was artificially inflated when amplification was used. Sequential synthesis performed considerably better than the GAN across multiple datasets. Membership disclosure risk was low for all datasets and models. For replicable results, the statistical analysis of fully synthetic data should be based on at least ten generated datasets of the same size as the original whose analyses results are combined. Analysis results from synthetic data without applying combining rules can be misleading. Replicability results are dependent on the type of generative model used, with our study suggesting that sequential synthesis has good replicability characteristics for common health research workloads.

show abstract

Section: Discussionmentioning

confidence: 99%

An evaluation of the replicability of analyses using synthetic health data

El Emam,

Mosquera,

Fang

et al. 2024

Sci Rep

View full text Add to dashboard Cite

show abstract

“…Machine learning, including deep learning, is developing very rapidly, and it involves a wide range of applications [ 104 , 105 ]. For machine learning in the field of disease rehabilitation, if a smaller data set is selected, the coverage is reduced and cannot be extended to more people; therefore, a greater amount of high-quality training data are needed [ 106 ].…”

Section: Discussionmentioning

confidence: 99%

The Application of Wearable Sensors and Machine Learning Algorithms in Rehabilitation Training: A Systematic Review

Wei,

2023

Sensors

View full text Add to dashboard Cite

The integration of wearable sensor technology and machine learning algorithms has significantly transformed the field of intelligent medical rehabilitation. These innovative technologies enable the collection of valuable movement, muscle, or nerve data during the rehabilitation process, empowering medical professionals to evaluate patient recovery and predict disease development more efficiently. This systematic review aims to study the application of wearable sensor technology and machine learning algorithms in different disease rehabilitation training programs, obtain the best sensors and algorithms that meet different disease rehabilitation conditions, and provide ideas for future research and development. A total of 1490 studies were retrieved from two databases, the Web of Science and IEEE Xplore, and finally 32 articles were selected. In this review, the selected papers employ different wearable sensors and machine learning algorithms to address different disease rehabilitation problems. Our analysis focuses on the types of wearable sensors employed, the application of machine learning algorithms, and the approach to rehabilitation training for different medical conditions. It summarizes the usage of different sensors and compares different machine learning algorithms. It can be observed that the combination of these two technologies can optimize the disease rehabilitation process and provide more possibilities for future home rehabilitation scenarios. Finally, the present limitations and suggestions for future developments are presented in the study.

show abstract

“…Figure 1 illustrates the basic architecture of a CNN model. • Convolutional (CONV) layer: This is the first layer and key component of the CNN [17]. Most of the intensive computational loading is done in such layers.…”

Section: Convolutional Neural Networkmentioning

confidence: 99%

An Efficient Approach Based on Privacy-Preserving Deep Learning for Satellite Image Classification

et al. 2021

View full text Add to dashboard Cite

Satellite images have drawn increasing interest from a wide variety of users, including business and government, ever since their increased usage in important fields ranging from weather, forestry and agriculture to surface changes and biodiversity monitoring. Recent updates in the field have also introduced various deep learning (DL) architectures to satellite imagery as a means of extracting useful information. However, this new approach comes with its own issues, including the fact that many users utilize ready-made cloud services (both public and private) in order to take advantage of built-in DL algorithms and thus avoid the complexity of developing their own DL architectures. However, this presents new challenges to protecting data against unauthorized access, mining and usage of sensitive information extracted from that data. Therefore, new privacy concerns regarding sensitive data in satellite images have arisen. This research proposes an efficient approach that takes advantage of privacy-preserving deep learning (PPDL)-based techniques to address privacy concerns regarding data from satellite images when applying public DL models. In this paper, we proposed a partially homomorphic encryption scheme (a Paillier scheme), which enables processing of confidential information without exposure of the underlying data. Our method achieves robust results when applied to a custom convolutional neural network (CNN) as well as to existing transfer learning methods. The proposed encryption scheme also allows for training CNN models on encrypted data directly, which requires lower computational overhead. Our experiments have been performed on a real-world dataset covering several regions across Saudi Arabia. The results demonstrate that our CNN-based models were able to retain data utility while maintaining data privacy. Security parameters such as correlation coefficient (−0.004), entropy (7.95), energy (0.01), contrast (10.57), number of pixel change rate (4.86), unified average change intensity (33.66), and more are in favor of our proposed encryption scheme. To the best of our knowledge, this research is also one of the first studies that applies PPDL-based techniques to satellite image data in any capacity.

show abstract

Privacy attacks against deep learning models and their countermeasures

Cited by 16 publications

References 55 publications

An evaluation of the replicability of analyses using synthetic health data

An evaluation of the replicability of analyses using synthetic health data

The Application of Wearable Sensors and Machine Learning Algorithms in Rehabilitation Training: A Systematic Review

An Efficient Approach Based on Privacy-Preserving Deep Learning for Satellite Image Classification

Contact Info

Product

Resources

About