CISPA
Browse

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models

Download (591.24 kB)
conference contribution
posted on 2023-11-29, 18:09 authored by Ahmed Salem, Yang ZhangYang Zhang, Mathias Humbert, Pascal Berrang, Mario FritzMario Fritz, Michael BackesMichael Backes
Machine learning (ML) has become a core component of many real-world applications and training data is a key factor that drives current progress. This huge success has led Internet companies to deploy machine learning as a service (MLaaS). Recently, the first membership inference attack has shown that extraction of information on the training set is possible in such MLaaS settings, which has severe security and privacy implications. However, the early demonstrations of the feasibility of such attacks have many assumptions on the adversary, such as using multiple so-called shadow models, knowledge of the target model structure, and having a dataset from the same distribution as the target model's training data. We relax all these key assumptions, thereby showing that such attacks are very broadly applicable at low cost and thereby pose a more severe risk than previously thought. We present the most comprehensive study so far on this emerging and developing threat using eight diverse datasets which show the viability of the proposed attacks across domains. In addition, we propose the first effective defense mechanisms against such broader class of membership inference attacks that maintain a high level of utility of the ML model.

History

Preferred Citation

Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz and Michael Backes. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In: Network and Distributed System Security Symposium (NDSS). 2019.

Primary Research Area

  • Trustworthy Information Processing

Secondary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2019-01-11

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_2754, title = "ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models", author = "Salem, Ahmed and Zhang, Yang and Humbert, Mathias and Berrang, Pascal and Fritz, Mario and Backes, Michael", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC