Towards Securing Machine Learning Models Against Membership Inference Attacks

Hamida, Sana Ben; Mrabet, Hichem; Belguith, Sana; Alhomoud, Adeeb; Jemai, Abderrazak

doi:10.32604/cmc.2022.019709

Cited by 9 publications

(3 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The regularization technique aims at preventing model overfitting, which is a key factor in the success of MIA attacks. Several solutions to this approach are proposed, such as L2-norm regularization, data augmentation, and dropout [4], Adversarial Regularization [5]. The regularization technique not only interferes with the output of target models but also their internal parameters.…”

Section: Introductionmentioning

confidence: 99%

An Optimal Knowledge Distillation for Formulating an Effective Defense Model Against Membership Inference Attacks

Pham,

Doan

2024

ijacsa

View full text Add to dashboard Cite

A membership inference attack (MIA) on machine learning models aims to determine the sensitive data that has been used to train machine learning models. Machine learning-based applications (MLaaS-machine learning as a service) in finance, banking, healthcare, etc. are facing the risks of private data leaks by MIA. Several solutions have been proposed for mitigating MIA attacks, such as confidence score masking, regularization, knowledge distillation (KD), etc. However, the utility-privacy tradeoff problem is still a major challenge for existing approaches. In this work, we explore the KD-based approach to defending against MIA attacks. This approach has received increasing attention in the research community on machine learning safety recently as it aims at effectively addressing the above-mentioned challenge of mitigating MIA attacks. An efficient KD-based defense framework that includes multiple teacher and student models is proposed in this work for alleviating MIA attacks. Three main phases are deployed in this framework: (1) teacher model training; (2) knowledge distillation from the teacher model to the student model based on prediction augmentation and aggregation from the teacher model; and (3) repeated knowledge distillation among student models. The experimental results on standard datasets show the outperforms in both model utility and privacy of the proposed framework compared to other state-of-the-art solutions for mitigating MIA.

show abstract

Section: Introductionmentioning

confidence: 99%

An Optimal Knowledge Distillation for Formulating an Effective Defense Model Against Membership Inference Attacks

Pham,

Doan

2024

ijacsa

View full text Add to dashboard Cite

show abstract

“…Differential privacy (DP) is the standard for privacy-preserving statistical summaries [1]. Companies such as Microsoft [2], Google [3], Apple [4], and government organizations such as the US Census [5], have successfully applied DP in machine learning [6,7] and data sharing scenarios. The popularity of DP is due to its strong mathematical guarantees.…”

Section: Introductionmentioning

confidence: 99%

Assessment of differentially private synthetic data for utility and fairness in end-to-end machine learning pipelines for tabular data

Pereira,

Kshirsagar,

Mukherjee

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

Differentially private (DP) synthetic datasets are a solution for sharing data while preserving the privacy of individual data providers. Understanding the effects of utilizing DP synthetic data in end-to-end machine learning pipelines impacts areas such as health care and humanitarian action, where data is scarce and regulated by restrictive privacy laws. In this work, we investigate the extent to which synthetic data can replace real, tabular data in machine learning pipelines and identify the most effective synthetic data generation techniques for training and evaluating machine learning models. We systematically investigate the impacts of differentially private synthetic data on downstream classification tasks from the point of view of utility as well as fairness. Our analysis is comprehensive and includes representatives of the two main types of synthetic data generation algorithms: marginal-based and GAN-based. To the best of our knowledge, our work is the first that: (i) proposes a training and evaluation framework that does not assume that real data is available for testing the utility and fairness of machine learning models trained on synthetic data; (ii) presents the most extensive analysis of synthetic dataset generation algorithms in terms of utility and fairness when used for training machine learning models; and (iii) encompasses several different definitions of fairness. Our findings demonstrate that marginal-based synthetic data generators surpass GAN-based ones regarding model training utility for tabular data. Indeed, we show that models trained using data generated by marginal-based algorithms can exhibit similar utility to models trained using real data. Our analysis also reveals that the marginal-based synthetic data generated using AIM and MWEM PGM algorithms can train models that simultaneously achieve utility and fairness characteristics close to those obtained by models trained with real data.

show abstract

“…A model is trained under the best of optimized hyper parameters under the protection of the Pairing-Based Cryptography (PBC) library, which uses multiplicative cyclic groups of primes. Due to the member inference attack discussed in [4], malicious users could use the plaintext gradient to train a shadow model to compromise the data security of others. Hence, we introduce homomorphic encryption, which allows calculations to be performed on encrypted data without decryption.…”

Section: Introductionmentioning

confidence: 99%

Secured Framework for Assessment of Chronic Kidney Disease in Diabetic Patients

Aldossary¹

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

With the emergence of cloud technologies, the services of healthcare systems have grown. Simultaneously, machine learning systems have become important tools for developing matured and decision-making computer applications. Both cloud computing and machine learning technologies have contributed significantly to the success of healthcare services. However, in some areas, these technologies are needed to provide and decide the next course of action for patients suffering from diabetic kidney disease (DKD) while ensuring privacy preservation of the medical data. To address the cloud data privacy problem, we proposed a DKD prediction module in a framework using cloud computing services and a data control scheme. This framework can provide improved and early treatment before end-stage renal failure. For prediction purposes, we implemented the following machine learning algorithms: support vector machine (SVM), random forest (RF), decision tree (DT), naïve Bayes (NB), deep learning (DL), and k nearest neighbor (KNN). These classification techniques combined with the cloud computing services significantly improved the decision making in the progress of DKD patients. We applied these classifiers to the UCI Machine Learning Repository for chronic kidney disease using various clinical features, which are categorized as single, combination of selected features, and all features. During single clinical feature experiments, machine learning classifiers SVM, RF, and KNN outperformed the remaining classification techniques, whereas in combined clinical feature experiments, the maximum accuracy was achieved for the combination of DL and RF. All the feature experiments presented increased accuracy and increased F-measure metrics from SVM, DL, and RF.

show abstract

Towards Securing Machine Learning Models Against Membership Inference Attacks

Cited by 9 publications

References 26 publications

An Optimal Knowledge Distillation for Formulating an Effective Defense Model Against Membership Inference Attacks

An Optimal Knowledge Distillation for Formulating an Effective Defense Model Against Membership Inference Attacks

Assessment of differentially private synthetic data for utility and fairness in end-to-end machine learning pipelines for tabular data

Secured Framework for Assessment of Chronic Kidney Disease in Diabetic Patients

Contact Info

Product

Resources

About