首页|Model architecture level privacy leakage in neural networks

Model architecture level privacy leakage in neural networks

扫码查看
原文链接
  • 万方数据
  • 维普
Privacy leakage is one of the most critical issues in machine learning and has attracted growing interest for tasks such as demonstrating potential threats in model attacks and creating model defenses.In recent years,numerous studies have revealed various privacy leakage risks(e.g.,data reconstruction at-tack,membership inference attack,backdoor attack,and adversarial attack)and several targeted defense approaches(e.g.,data denoising,differential privacy,and data encryption).However,existing solutions gen-erally focus on model parameter levels to disclose(or repair)privacy threats during the model training and/or model interference process,which are rarely applied at the model architecture level.Thus,in this paper,we aim to exploit the potential privacy leakage at the model architecture level through a pioneer study on neural architecture search(NAS)paradigms which serves as a powerful tool to automate a neural network design.By investigating the NAS procedure,we discover two attack threats in the model architecture level called the architectural dataset reconstruction attack and the architectural membership inference attack.Our the-oretical analysis and experimental evaluation reveal that an attacker may leverage the output architecture of an ongoing NAS paradigm to reconstruct its original training set,or accurately infer the memberships of its training set simply from the model architecture.In this work,we also propose several defense approaches related to these model architecture attacks.We hope our work can highlight the need for greater attention to privacy protection in model architecture levels(e.g.,NAS paradigms).

neural architecture searchdata reconstruction attackmembership inference attack

Yan LI、Hongyang YAN、Teng HUANG、Zijie PAN、Jiewei LAI、Xiaoxue ZHANG、Kongyang CHEN、Jin LI

展开 >

Institute of Artificial Intelligent and Blockchain,Guangzhou University,Guangzhou 510555,China

Pazhou Lab,Guangzhou 510330,China

国家自然科学基金国家自然科学基金国家自然科学基金国家自然科学基金国家自然科学基金国家自然科学基金国家自然科学基金国家自然科学基金Science and Technology Program of Guangzhou of ChinaGuangdong Basic and Applied Basic Research Fund Joint Fund Youth FundResearch Project of Pazhou Lab for Excellent Young Scholars

U1936218621021076207213262002074620721276200207661802383U20A201762020020301312019A1515110213PZL2021KF0024

2024

10.1007/s11432-022-3507-7

中国科学:信息科学(英文版)
中国科学院

中国科学:信息科学(英文版)

CSTPCDEI
影响因子:0.715
ISSN:1674-733X
年,卷(期):2024.67(3)
  • 53