Toward Selective Membership Inference Attack against Deep Learning Model

被引:1
作者
Kwon, Hyun [1 ]
Kim, Yongchul [2 ]
机构
[1] Korea Mil Acad, Dept Artificial Intelligence & Data Sci, Seoul, South Korea
[2] Korea Mil Acad, Dept Elect Engn, Seoul, South Korea
来源
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | 2022年 / E105D卷 / 11期
基金
新加坡国家研究基金会;
关键词
membership inference attack; deep neural network; machine learning; selective class;
D O I
10.1587/transinf.2022NGL0001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, we propose a selective membership infer-ence attack method that determines whether certain data corresponding to a specific class are being used as training data for a machine learning model or not. By using the proposed method, membership or non-membership can be inferred by generating a decision model from the prediction of the infer-ence models and training the confidence values for the data corresponding to the selected class. We used MNIST as an experimental dataset and Ten-sorflow as a machine learning library. Experimental results show that the proposed method has a 92.4% success rate with 5 inference models for data corresponding to a specific class.
引用
收藏
页码:1911 / 1915
页数:5
相关论文
共 12 条
[1]  
Backes M., 2016, P 2016 ACM SIGSAC C, P319
[2]   Generative Adversarial Networks [J].
Goodfellow, Ian ;
Pouget-Abadie, Jean ;
Mirza, Mehdi ;
Xu, Bing ;
Warde-Farley, David ;
Ozair, Sherjil ;
Courville, Aaron ;
Bengio, Yoshua .
COMMUNICATIONS OF THE ACM, 2020, 63 (11) :139-144
[3]   PALO: A probabilistic hill-climbing algorithm [J].
Greiner, R .
ARTIFICIAL INTELLIGENCE, 1996, 84 (1-2) :177-208
[4]   MBeacon: Privacy-Preserving Beacons for DNA Methylation Data [J].
Hagestedt, Inken ;
Zhang, Yang ;
Humbert, Mathias ;
Berrang, Pascal ;
Tang, Haixu ;
Wang, XiaoFeng ;
Backes, Michael .
26TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2019), 2019,
[5]  
Hayes J, 2018, Arxiv, DOI [arXiv:1705.07663, DOI 10.48550/ARXIV.1705.07663]
[6]   Resolving Individuals Contributing Trace Amounts of DNA to Highly Complex Mixtures Using High-Density SNP Genotyping Microarrays [J].
Homer, Nils ;
Szelinger, Szabolcs ;
Redman, Margot ;
Duggan, David ;
Tembe, Waibhav ;
Muehling, Jill ;
Pearson, John V. ;
Stephan, Dietrich A. ;
Nelson, Stanley F. ;
Craig, David W. .
PLOS GENETICS, 2008, 4 (08)
[7]  
LeCun Y., 1998, MNIST HANDWRITTEN DI
[8]   Comprehensive Privacy Analysis of Deep Learning Passive and Active White-box Inference Attacks against Centralized and Federated Learning [J].
Nasr, Milad ;
Shokri, Reza ;
Houmansadr, Amir .
2019 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2019), 2019, :739-753
[9]  
Nowakowski P., 2021, J WIRELESS MOBILE NE, V12, P20, DOI DOI 10.22667/JOWUA.2021.03.31.020
[10]   Membership Inference Attacks Against Machine Learning Models [J].
Shokri, Reza ;
Stronati, Marco ;
Song, Congzheng ;
Shmatikov, Vitaly .
2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, :3-18
12