Result attack: a privacy breaching attack for personal data through K-means algorithm

Abstract

ABSTRACT Protecting data privacy concerns the most significant challenge of the present era. This paper is an attempt to demonstrate how machine learning can be used by an attacker to compromise data privacy. To demonstrate, we have chosen an attack on handwritten signatures. The attacker utilizes available signatures for training and appends malicious signatures to be used in the testing process until he gets the desired result. The attacker manipulates the achieved result to perform the malicious attack. We propose, result attack to highlight the need for ensuring the secrecy of the genuine signature. An illustration is performed by applying the K-means algorithm to the MNIST dataset. Differential Privacy (DP) is adopted for defense discussion. The illustration of DP is produced by aggregating red or white noise to the MNIST dataset. Observation shows, the aggregation of noise to personal data successfully delivers defense against the result attack. We get the area under the receiver operating characteristic curve for the original dataset as 0.878719, original dataset vs aggregated red noise as 0.4999901, and original dataset vs white noise as 0.4448475. This concludes for the defense model, aggregating white noise is better than red noise, i.e. white noise aggregation is 11% better than red noise.