Leveraging Adversarial Examples To Quantify Membership Information Leakage

Del Grosso, Ganesh; Jalalzai, Hamid; Pichler, Georg; Palamidessi, Catuscia; Piantanida, Pablo

doi:10.1109/CVPR52688.2022.01015

DC Element

Wert

Sprache

dc.contributor.author

Del Grosso, Ganesh

dc.contributor.author

Jalalzai, Hamid

dc.contributor.author

Pichler, Georg

dc.contributor.author

Palamidessi, Catuscia

dc.contributor.author

Piantanida, Pablo

dc.date.accessioned

2022-11-28T12:26:42Z

dc.date.available

2022-11-28T12:26:42Z

dc.date.issued

2022-06

dc.identifier.citation

<div class="csl-bib-body"> <div class="csl-entry">Del Grosso, G., Jalalzai, H., Pichler, G., Palamidessi, C., & Piantanida, P. (2022). Leveraging Adversarial Examples To Quantify Membership Information Leakage. In <i>Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2022)</i> (pp. 10399–10409). Computer Vision Foundation. https://doi.org/10.1109/CVPR52688.2022.01015</div> </div>

dc.identifier.uri

http://hdl.handle.net/20.500.12708/135960

dc.description.abstract

The use of personal data for training machine learning systems comes with a privacy threat and measuring the level of privacy of a model is one of the major challenges in machine learning today. Identifying training data based on a trained model is a standard way of measuring the privacy risks induced by the model. We develop a novel approach to address the problem of membership inference in pattern recognition models, relying on information provided by adversarial examples. The strategy we propose consists of measuring the magnitude of a perturbation necessary to build an adversarial example. Indeed, we argue that this quantity reflects the likelihood of belonging to the training data. Extensive numerical experiments on multivariate data and an array of state-of-the-art target models show that our method performs comparable or even outperforms state-of-the-art strategies, but without requiring any additional training samples.

dc.language.iso

dc.subject

Privacy

dc.subject

Adversarial Examples

dc.subject

Membership Inference Attack

dc.title

Leveraging Adversarial Examples To Quantify Membership Information Leakage

dc.type

Inproceedings

dc.type

Konferenzbeitrag

dc.contributor.affiliation

Inria Saclay - Île de France, France

dc.contributor.affiliation

Inria Saclay - Île de France, France

dc.description.startpage

10399

dc.description.endpage

10409

dcterms.dateSubmitted

2021-11-18

dc.type.category

Poster Contribution

tuw.booktitle

Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2022)

tuw.peerreviewed

true

tuw.relation.publisher

Computer Vision Foundation

tuw.researchTopic.id

I4a

tuw.researchTopic.id

tuw.researchTopic.name

Mathematical and Algorithmic Foundations

tuw.researchTopic.name

Information Systems Engineering

tuw.researchTopic.name

Computer Science Foundations

tuw.researchTopic.value

tuw.linking

https://openaccess.thecvf.com/content/CVPR2022/html/Del_Grosso_Leveraging_Adversarial_Examples_To_Quantify_Membership_Information_Leakage_CVPR_2022_paper.html

tuw.publication.orgunit

E389-03 - Forschungsbereich Signal Processing

tuw.publisher.doi

10.1109/CVPR52688.2022.01015

dc.description.numberOfPages

tuw.author.orcid

0000-0003-4597-7002

tuw.event.name

Conference on Computer Vision and Pattern Recognition (CVPR)

tuw.event.startdate

19-06-2022

tuw.event.enddate

24-06-2022

tuw.event.online

Hybrid

tuw.event.type

Event for scientific audience

tuw.event.place

New Orleans

tuw.event.country

tuw.event.institution

IEEE / CVF

tuw.event.presenter

Del Grosso, Ganesh

tuw.event.track

Multi Track

wb.sciencebranch

Informatik

wb.sciencebranch

Elektrotechnik, Elektronik, Informationstechnik

wb.sciencebranch

Mathematik

wb.sciencebranch.oefos

1020

wb.sciencebranch.oefos

2020

wb.sciencebranch.oefos

1010

wb.sciencebranch.value

item.fulltext

no Fulltext

item.openairecristype

http://purl.org/coar/resource_type/c_6670

item.grantfulltext

none

item.cerifentitytype

Publications

item.languageiso639-1

item.openairetype

conference poster

crisitem.author.dept

Inria Saclay - Île de France

crisitem.author.dept

E389-03 - Forschungsbereich Signal Processing

crisitem.author.dept

Inria Saclay - Île de France

crisitem.author.orcid

0000-0001-5696-4472

crisitem.author.orcid

0000-0003-4597-7002

crisitem.author.parentorg

E389 - Institute of Telecommunications

Enthalten in den Sammlungen:

Conference Paper

Zur Kurzanzeige

Seiten Aufrufe

aufgerufen am 01.12.2023

Google Scholar^TM

Check

Seiten Aufrufe

Google ScholarTM

Google Scholar^TM