Papers
Topics
Authors
Recent
Search
2000 character limit reached

Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks

Published 4 Mar 2024 in cs.LG and cs.CR | (2403.02116v1)

Abstract: Machine learning (ML) is vulnerable to inference (e.g., membership inference, property inference, and data reconstruction) attacks that aim to infer the private information of training data or dataset. Existing defenses are only designed for one specific type of attack and sacrifice significant utility or are soon broken by adaptive attacks. We address these limitations by proposing an information-theoretic defense framework, called Inf2Guard, against the three major types of inference attacks. Our framework, inspired by the success of representation learning, posits that learning shared representations not only saves time/costs but also benefits numerous downstream tasks. Generally, Inf2Guard involves two mutual information objectives, for privacy protection and utility preservation, respectively. Inf2Guard exhibits many merits: it facilitates the design of customized objectives against the specific inference attack; it provides a general defense framework which can treat certain existing defenses as special cases; and importantly, it aids in deriving theoretical results, e.g., inherent utility-privacy tradeoff and guaranteed privacy leakage. Extensive evaluations validate the effectiveness of Inf2Guard for learning privacy-preserving representations against inference attacks and demonstrate the superiority over the baselines.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (84)
  1. Chatgpt. https://chat.openai.com/. developed by OpenAI.
  2. Palm 2. https://ai.google/discover/palm2/. developed by Goolge.
  3. Deep learning with differential privacy. In CCS, 2016.
  4. Deep variational information bottleneck. In ICLR, 2017.
  5. Task-agnostic privacy-preserving representation learning for federated learning against attribute inference attacks. In AAAI, 2024.
  6. Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. IJSN, 2015.
  7. Reconstructing training data with informed adversaries. In IEEE SP, 2022.
  8. Lamp: Extracting text from gradients with language model priors. In NeurIPS, 2022.
  9. Bayesian framework for gradient leakage. In ICLR, 2022.
  10. Mutual information neural estimation. In ICML, 2018.
  11. Representation learning: A review and new perspectives. IEEE TPMAI, 2013.
  12. Chris Calabro. The exponential complexity of satisfiability problems. University of California, San Diego, 2009.
  13. Membership inference attacks from first principles. In IEEE SP, 2022.
  14. Snap: Efficient extraction of private properties with poisoning. In IEEE SP, 2023.
  15. Gan-leaks: A taxonomy of membership inference attacks against generative models. In CCS, 2020.
  16. Club: A contrastive log-ratio upper bound of mutual information. In ICML, 2020.
  17. Label-only membership inference attacks. In ICML, 2021.
  18. Clarifai. https://www.clarifai.com/demo. July 2019.
  19. Distance-based and continuum fano inequalities with applications to statistical estimation. arXiv preprint arXiv:1311.2669, 2013.
  20. Cynthia Dwork. Differential privacy. In ICALP, 2006.
  21. Robbing the fed: Directly obtaining private data in federated learning with modified models. In ICLR, 2022.
  22. Property inference attacks on fully connected neural networks using permutation invariant representations. In CCS, 2018.
  23. Privacy-preserving collaborative learning with automatic transformation search. In CVPR, 2021.
  24. Inverting gradients–how easy is it to break privacy in federated learning? In NeurIPS, 2020.
  25. On choosing and bounding probability metrics. International statistical review, 70(3):419–435, 2002.
  26. Generative adversarial nets. In NIPS, 2014.
  27. Property inference for deep neural networks. In ASE, 2019.
  28. Learning privately from multiparty data. In ICML, 2016.
  29. Distribution inference risks: Identifying and mitigating sources of leakage. In IEEE SaTML, 2023.
  30. Model inversion attacks against collaborative inference. In ACSAC, 2019.
  31. Deep models under the gan: information leakage from collaborative deep learning. In CCS, 2017.
  32. Learning deep representations by mutual information estimation and maximization. In ICLR, 2019.
  33. Resolving individuals contributing trace amounts of dna to highly complex mixtures using high-density snp genotyping microarrays. PLoS genetics.
  34. Practical blind membership inference attack via differential comparisons. In NDSS, 2021.
  35. Towards practical differentially private convex optimization. In IEEE SP, 2019.
  36. Evaluating differentially private machine learning in practice. In USENIX Security, 2019.
  37. Gradient inversion with generative image prior. In NeurIPS, 2021.
  38. Memguard: Defending against black-box membership inference attacks via adversarial examples. In CCS, 2019.
  39. Auto-encoding variational {{\{{Bayes}}\}}. In ICLR, 2014.
  40. Alex Krizhevsky. Learning multiple layers of features from tiny images. Technical report, 2009.
  41. Digestive neural networks: A novel defense strategy against inference attacks in federated learning. Computers & Security, 2021.
  42. Stolen memories: Leveraging model memorization for calibrated white-box membership inference. In Usenix Security, 2020.
  43. Deep learning face attributes in the wild. In ICCV, 2015.
  44. Property inference from poisoning. In IEEE SP, 2022.
  45. Dataset inference: Ownership resolution in machine learning. In ICLR, 2021.
  46. Ilya Mironov. Rényi differential privacy. In IEEE CSF, 2017.
  47. R2DP: A universal and automated approach to optimizing the randomization mechanisms of differential privacy for utility metrics with no known optimal distributions. In CCS, 2020.
  48. Machine learning with membership privacy using adversarial regularization. In CCS, 2018.
  49. f-gan: Training generative neural samplers using variational divergence minimization. In NIPS, 2016.
  50. Representation learning with contrastive predictive coding. arXiv, 2018.
  51. Multiparty differential privacy via aggregation of locally trained classifiers. In NeurIPS, 2010.
  52. Variational discriminator bottleneck: Improving imitation learning, inverse rl, and gans by constraining information flow. arXiv preprint arXiv:1810.00821, 2018.
  53. On variational bounds of mutual information. In ICML, 2019.
  54. Human Activity Recognition Using Smartphones. UCI Machine Learning Repository, 2012. DOI: https://doi.org/10.24432/C54S4K.
  55. White-box vs black-box: Bayes optimal strategies for membership inference. In ICML, 2019.
  56. Sok: Let the privacy games begin! a unified treatment of data inference privacy in machine learning. In IEEE SP, 2023.
  57. Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models. In NDSS, 2018.
  58. Precode-a generic model extension to prevent deep gradient leakage. In WACV, 2022.
  59. Membership privacy for machine learning models through knowledge transfer. In AAAI, 2021.
  60. Privacy-preserving deep learning. In CCS, 2015.
  61. Membership inference attacks against machine learning models. In IEEE SP, 2017.
  62. Systematic evaluation of privacy risks of machine learning models. In USENIX Security, 2021.
  63. Privacy risks of securing machine learning models against adversarial examples. In CCS, 2019.
  64. Dropout: a simple way to prevent neural networks from overfitting. JMLR, 2014.
  65. Provable defense against privacy leakage in federated learning from representation perspective. In CVPR, 2021.
  66. Formalizing and estimating distribution inference risks. In PETS, 2022.
  67. Laurens Van der Maaten and Geoffrey Hinton. Visualizing data using t-sne. JMLR, 2008.
  68. A model-agnostic approach to differentially private topic mining. In KDD, 2022.
  69. Group property inference attacks against graph neural networks. In CCS, 2022.
  70. Beyond inferring class representatives: User-level privacy leakage from federated learning. In INFOCOM, 2019.
  71. Reconstructing training data from model gradient, provably. In AISTATS, 2023.
  72. Federated learning with differential privacy: Algorithms and performance analysis. IEEE TIFS, 2020.
  73. Canary in a coalmine: Better membership inference with ensembled adversarial queries. In ICLR, 2023.
  74. Neuguard: Lightweight neuron-guided defense against membership inference attacks. In ACSAC, 2022.
  75. Enhanced membership inference attacks against machine learning models. In CCS, 2022.
  76. Privacy risk in machine learning: Analyzing the connection to overfitting. In IEEE CSF, 2018.
  77. See through gradients: Image batch recovery via gradinversion. In CVPR, 2021.
  78. Differentially private model publishing for deep learning. In IEEE SP, 2019.
  79. Membership inference attacks and defenses in neural network pruning. In Usenix Security, 2022.
  80. Leakage of dataset properties in multi-party machine learning. In USENIX Security, 2021.
  81. idlg: Improved deep leakage from gradients. arXiv, 2020.
  82. Property inference attacks against gans. NDSS 2022, 2022.
  83. R-gap: Recursive gradient attack on privacy. ICLR, 2021.
  84. Deep leakage from gradients. In NeurIPS, 2019.
Citations (6)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up