Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning-Reference-Cited by-同舟云学术

Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning

Published:2021-11-20 Issue:1 Volume:2022 Page:274-290
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Usynin Dmitrii¹,Rueckert Daniel²,Passerat-Palmbach Jonathan³,Kaissis Georgios⁴

Affiliation:

1. Department of Computing , Imperial College London ; Department of Diagnostic and Interventional Radiology , Technical University of Munich

2. Institute for Artificial Intelligence in Medicine , Technical University of Munich ; Department of Computing , Imperial College London

3. Department of Computing , Imperial College London ; ConsenSys Health, New York , NY, USA

4. Institute for Artificial Intelligence in Medicine , Technical University of Munich ; Department of Computing , Imperial College London , Germany

Abstract

Abstract In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We refer to such mitigations as model adaptation. Through extensive experimentation on both, benchmark and real-life datasets, we establish a more practical threat model for collaborative learning scenarios. In particular, we evaluate the impact of model adaptation by implementing a range of attacks belonging to the broader categories of model inversion and membership inference. Our experiments yield two noteworthy outcomes: they demonstrate the difficulty of actually conducting successful attacks under realistic settings when model adaptation is employed and they highlight the challenge inherent in successfully combining model adaptation and formal privacy-preserving techniques to retain the optimal balance between model utility and attack resilience.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2022-0014

Reference65 articles.

1. [1] “MELLODDY consortium.” https://cordis.europa.eu/project/rcn/223634/factsheet/en. Accessed: November 21, 2020.

2. [2] T. Yang, G. Andrew, H. Eichner, H. Sun, W. Li, N. Kong, D. Ramage, and F. Beaufays, “Applied federated learning: Improving google keyboard query suggestions,” arXiv preprint arXiv:1812.02903, 2018.

3. [3] L. Muñoz-González, K. T. Co, and E. C. Lupu, “Byzantine-Robust Federated Machine Learning through Adaptive Model Averaging,” arXiv preprint arXiv:1909.05125, 2019.

4. [4] M. Nasr, R. Shokri, and A. Houmansadr, “Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning,” in 2019 IEEE Symposium on Security and Privacy (SP), pp. 739–753, IEEE, 2019.10.1109/SP.2019.00065

5. [5] R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks against machine learning models,” in 2017 IEEE Symposium on Security and Privacy (SP), pp. 3–18, IEEE, 2017.10.1109/SP.2017.41

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Privacy preservation for federated learning in health care;Patterns;2024-07

2. Reconciling privacy and accuracy in AI for medical imaging;Nature Machine Intelligence;2024-06-21

3. Membership Inference Attacks Against Semantic Segmentation Models;Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security;2023-11-26

4. Beyond Gradients: Exploiting Adversarial Priors in Model Inversion Attacks;ACM Transactions on Privacy and Security;2023-06-26

5. Kernel Normalized Convolutional Networks for Privacy-Preserving Machine Learning;2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML);2023-02