cispa_all_3640.pdf (1001.83 kB)

Auditing Membership Leakages of Multi-Exit Networks

Download (1001.83 kB)
conference contribution
posted on 2023-11-29, 18:20 authored by Zheng LiZheng Li, Yugeng LiuYugeng Liu, xinlei.he, Ning Yu, Michael BackesMichael Backes, Yang ZhangYang Zhang
Relying on the fact that not all inputs require the same amount of computation to yield a confident prediction, multi-exit networks are gaining attention as a prominent approach for pushing the limits of efficient deployment. Multi-exit networks endow a backbone model with early exits, allowing to obtain predictions at intermediate layers of the model and thus save computation time and/or energy. However, current various designs of multi-exit networks are only considered to achieve the best trade-off between resource usage efficiency and prediction accuracy, the privacy risks stemming from them have never been explored. This prompts the need for a comprehensive investigation of privacy risks in multi-exit networks. In this paper, we perform the first privacy analysis of multi-exit networks through the lens of membership leakages. In particular, we first leverage the existing attack methodologies to quantify the multi-exit networks’ vulnerability to membership leakages. Our experimental results show that multi-exit networks are less vulnerable to membership leakages and the exit (number and depth) attached to the backbone model is highly correlated with the attack performance. Furthermore, we propose a hybrid attack that exploits the exit information to improve the performance of existing attacks. We evaluate membership leakage threat caused by our hybrid attack under three different adversarial setups, ultimately arriving at a model-free and data-free adversary. These results clearly demonstrate that our hybrid attacks are very broadly applicable, thereby the corresponding risks are much more severe than shown by existing membership inference attacks. We further present a defense mechanism called TimeGuard specifically for multi-exit networks and show that TimeGuard mitigates the newly proposed attacks perfectly.


Preferred Citation

Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes and Yang Zhang. Auditing Membership Leakages of Multi-Exit Networks. In: ACM Conference on Computer and Communications Security (CCS). 2022.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3640, title = "Auditing Membership Leakages of Multi-Exit Networks", author = "Li, Zheng and Liu, Yiyong and He, Xinlei and Yu, Ning and Backes, Michael and Zhang, Yang", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2022", }

Usage metrics


    No categories selected


    Ref. manager