Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning

Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium Pub Date : 2021-11-20 DOI:10.2478/popets-2022-0014

Dmitrii Usynin, D. Rueckert, Jonathan Passerat-Palmbach, Georgios Kaissis

{"title":"Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning","authors":"Dmitrii Usynin, D. Rueckert, Jonathan Passerat-Palmbach, Georgios Kaissis","doi":"10.2478/popets-2022-0014","DOIUrl":null,"url":null,"abstract":"Abstract In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We refer to such mitigations as model adaptation. Through extensive experimentation on both, benchmark and real-life datasets, we establish a more practical threat model for collaborative learning scenarios. In particular, we evaluate the impact of model adaptation by implementing a range of attacks belonging to the broader categories of model inversion and membership inference. Our experiments yield two noteworthy outcomes: they demonstrate the difficulty of actually conducting successful attacks under realistic settings when model adaptation is employed and they highlight the challenge inherent in successfully combining model adaptation and formal privacy-preserving techniques to retain the optimal balance between model utility and attack resilience.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"2022 1","pages":"274 - 290"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/popets-2022-0014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Abstract In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We refer to such mitigations as model adaptation. Through extensive experimentation on both, benchmark and real-life datasets, we establish a more practical threat model for collaborative learning scenarios. In particular, we evaluate the impact of model adaptation by implementing a range of attacks belonging to the broader categories of model inversion and membership inference. Our experiments yield two noteworthy outcomes: they demonstrate the difficulty of actually conducting successful attacks under realistic settings when model adaptation is employed and they highlight the challenge inherent in successfully combining model adaptation and formal privacy-preserving techniques to retain the optimal balance between model utility and attack resilience.

查看原文本刊更多论文

禅宗和模型适应的艺术:协作机器学习中的低效用成本攻击缓解

在本研究中，我们的目标是通过考虑模型架构、学习设置和超参数对攻击弹性的影响，弥合对协作机器学习工作流攻击的理论理解与其实际后果之间的差距。我们把这种减缓称为模式适应。通过对基准和现实数据集的广泛实验，我们为协作学习场景建立了一个更实用的威胁模型。特别是，我们通过实施属于更广泛的模型反演和隶属推理类别的一系列攻击来评估模型适应的影响。我们的实验产生了两个值得注意的结果:它们证明了在使用模型适应时，在现实设置下实际进行成功攻击的困难，并且它们突出了成功结合模型适应和正式隐私保护技术以保持模型效用和攻击弹性之间的最佳平衡所固有的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium

自引率

0.00%

发文量

审稿时长

16 weeks