Towards securing machine learning models against membership inference attacks

Autor: Sana Belguith, Adeeb Alhomoud, Abderrazak Jemai, S Ben Hamida, Hichem Mrabet
Jazyk: angličtina
Rok vydání: 2022
Předmět:
ISSN: 1546-2218
Popis: From fraud detection to speech recognition, including price prediction,\ud Machine Learning (ML) applications are manifold and can significantly improve\ud different areas. Nevertheless, machine learning models are vulnerable and are\ud exposed to different security and privacy attacks. Hence, these issues should be\ud addressed while using ML models to preserve the security and privacy of the data\ud used. There is a need to secure ML models, especially in the training phase to\ud preserve the privacy of the training datasets and to minimise the information\ud leakage. In this paper, we present an overview of ML threats and vulnerabilities,\ud and we highlight current progress in the research works proposing defence\ud techniques against ML security and privacy attacks. The relevant background for\ud the different attacks occurring in both the training and testing/inferring phases is\ud introduced before presenting a detailed overview of Membership Inference\ud Attacks (MIA) and the related countermeasures. In this paper, we introduce a\ud countermeasure against membership inference attacks (MIA) on Conventional\ud Neural Networks (CNN) based on dropout and L2 regularization. Through\ud experimental analysis, we demonstrate that this defence technique can mitigate the\ud risks of MIA attacks while ensuring an acceptable accuracy of the model. Indeed,\ud using CNN model training on two datasets CIFAR-10 and CIFAR-100, we\ud empirically verify the ability of our defence strategy to decrease the impact of MIA\ud on our model and we compare results of five different classifiers. Moreover, we\ud present a solution to achieve a trade-off between the performance of the model and\ud the mitigation of MIA attack.
Databáze: OpenAIRE
Externí odkaz: