{"title":"结果攻击:通过K-means算法对个人数据进行隐私泄露攻击","authors":"Sharath Yaji, Neelima Bayyapu","doi":"10.1080/23335777.2020.1811380","DOIUrl":null,"url":null,"abstract":"ABSTRACT Protecting data privacy concerns the most significant challenge of the present era. This paper is an attempt to demonstrate how machine learning can be used by an attacker to compromise data privacy. To demonstrate, we have chosen an attack on handwritten signatures. The attacker utilizes available signatures for training and appends malicious signatures to be used in the testing process until he gets the desired result. The attacker manipulates the achieved result to perform the malicious attack. We propose, result attack to highlight the need for ensuring the secrecy of the genuine signature. An illustration is performed by applying the K-means algorithm to the MNIST dataset. Differential Privacy (DP) is adopted for defense discussion. The illustration of DP is produced by aggregating red or white noise to the MNIST dataset. Observation shows, the aggregation of noise to personal data successfully delivers defense against the result attack. We get the area under the receiver operating characteristic curve for the original dataset as 0.878719, original dataset vs aggregated red noise as 0.4999901, and original dataset vs white noise as 0.4448475. This concludes for the defense model, aggregating white noise is better than red noise, i.e. white noise aggregation is 11% better than red noise.","PeriodicalId":37058,"journal":{"name":"Cyber-Physical Systems","volume":"1 1","pages":"11 - 40"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Result attack: a privacy breaching attack for personal data through K-means algorithm\",\"authors\":\"Sharath Yaji, Neelima Bayyapu\",\"doi\":\"10.1080/23335777.2020.1811380\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Protecting data privacy concerns the most significant challenge of the present era. This paper is an attempt to demonstrate how machine learning can be used by an attacker to compromise data privacy. To demonstrate, we have chosen an attack on handwritten signatures. The attacker utilizes available signatures for training and appends malicious signatures to be used in the testing process until he gets the desired result. The attacker manipulates the achieved result to perform the malicious attack. We propose, result attack to highlight the need for ensuring the secrecy of the genuine signature. An illustration is performed by applying the K-means algorithm to the MNIST dataset. Differential Privacy (DP) is adopted for defense discussion. The illustration of DP is produced by aggregating red or white noise to the MNIST dataset. Observation shows, the aggregation of noise to personal data successfully delivers defense against the result attack. We get the area under the receiver operating characteristic curve for the original dataset as 0.878719, original dataset vs aggregated red noise as 0.4999901, and original dataset vs white noise as 0.4448475. This concludes for the defense model, aggregating white noise is better than red noise, i.e. white noise aggregation is 11% better than red noise.\",\"PeriodicalId\":37058,\"journal\":{\"name\":\"Cyber-Physical Systems\",\"volume\":\"1 1\",\"pages\":\"11 - 40\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cyber-Physical Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/23335777.2020.1811380\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/23335777.2020.1811380","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Engineering","Score":null,"Total":0}
Result attack: a privacy breaching attack for personal data through K-means algorithm
ABSTRACT Protecting data privacy concerns the most significant challenge of the present era. This paper is an attempt to demonstrate how machine learning can be used by an attacker to compromise data privacy. To demonstrate, we have chosen an attack on handwritten signatures. The attacker utilizes available signatures for training and appends malicious signatures to be used in the testing process until he gets the desired result. The attacker manipulates the achieved result to perform the malicious attack. We propose, result attack to highlight the need for ensuring the secrecy of the genuine signature. An illustration is performed by applying the K-means algorithm to the MNIST dataset. Differential Privacy (DP) is adopted for defense discussion. The illustration of DP is produced by aggregating red or white noise to the MNIST dataset. Observation shows, the aggregation of noise to personal data successfully delivers defense against the result attack. We get the area under the receiver operating characteristic curve for the original dataset as 0.878719, original dataset vs aggregated red noise as 0.4999901, and original dataset vs white noise as 0.4448475. This concludes for the defense model, aggregating white noise is better than red noise, i.e. white noise aggregation is 11% better than red noise.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
