- Journal Details
- Format
- Journal
- eISSN
- 2299-0984
- First Published
- 16 Apr 2015
- Publication timeframe
- 4 times per year
- Languages
- English
We present two information leakage attacks that outperform previous work on membership inference against generative models. The first attack allows membership inference without assumptions on the type of the generative model. Contrary to previous evaluation metrics for generative models, like Kernel Density Estimation, it only considers samples of the model which are close to training data records. The second attack specifically targets Variational Autoencoders, achieving high membership inference accuracy. Furthermore, previous work mostly considers membership inference adversaries who perform single record membership inference. We argue for considering regulatory actors who perform set membership inference to identify the use of specific datasets for training. The attacks are evaluated on two generative model architectures, Generative Adversarial Networks (GANs) and Variational Autoen-coders (VAEs), trained on standard image datasets. Our results show that the two attacks yield success rates superior to previous work on most data sets while at the same time having only very mild assumptions. We envision the two attacks in combination with the membership inference attack type formalization as especially useful. For example, to enforce data privacy standards and automatically assessing model quality in machine learning as a service setups. In practice, our work motivates the use of GANs since they prove less vulnerable against information leakage attacks while producing detailed samples.
Keywords
- Machine Learning
- Privacy
- Information Security
Understanding Privacy-Related Advice on Stack Overflow Revisiting Identification Issues in GDPR ‘Right Of Access’ Policies: A Technical and Longitudinal Analysis Employees’ privacy perceptions: exploring the dimensionality and antecedents of personal data sensitivity and willingness to disclose Visualizing Privacy-Utility Trade-Offs in Differentially Private Data Releases Analyzing the Feasibility and Generalizability of Fingerprinting Internet of Things Devices CoverDrop: Blowing the Whistle Through A News App Building a Privacy-Preserving Smart Camera System FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps How to prove any NP statement jointly? Efficient Distributed-prover Zero-Knowledge Protocols Editors’ Introduction PUBA: Privacy-Preserving User-Data Bookkeeping and Analytics Who Knows I Like Jelly Beans? An Investigation Into Search Privacy SoK: Plausibly Deniable Storage d3p - A Python Package for Differentially-Private Probabilistic Programming Updatable Private Set Intersection Knowledge Cross-Distillation for Membership Privacy RegulaTor: A Straightforward Website Fingerprinting Defense Privacy-Preserving Positioning in Wi-Fi Fine Timing Measurement Efficient Set Membership Proofs using MPC-in-the-Head Checking Websites’ GDPR Consent Compliance for Marketing Emails Comprehensive Analysis of Privacy Leakage in Vertical Federated Learning During Prediction Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring User-Level Label Leakage from Gradients in Federated Learning Privacy-preserving training of tree ensembles over continuous data Differentially Private Simple Linear Regression Increasing Adoption of Tor Browser Using Informational and Planning Nudges