Membership Inference Attacks: Threat Analysis

Graduate Thesis uoadl:3232940 24 Read counter

Unit:
Department of Informatics and Telecommunications
Πληροφορική
Deposit date:
2022-10-03
Year:
2022
Author:
MOUTAFIS VISSARION
Supervisors info:
ΚΩΝΣΤΑΝΤΙΝΟΣ ΧΑΤΖΗΚΟΚΟΛΑΚΗΣ, ΑΝΑΠΛΗΡΩΤΗΣ ΚΑΘΗΓΗΤΗΣ, ΤΜΗΜΑ ΠΛΗΡΟΦΟΡΙΚΗΣ ΚΑΙ ΤΗΛΕΠΙΚΟΙΝΩΝΙΩΝ, ΕΘΝΙΚΟΝ ΚΑΙ ΚΑΠΟΔΙΣΤΡΙΑΚΟΝ ΠΑΝΕΠΙΣΤΗΜΙΟΝ ΑΘΗΝΩΝ
Original Title:
Membership Inference Attacks: Threat Analysis
Languages:
English
Greek
Translated title:
Membership Inference Attacks: Threat Analysis
Summary:
In the new era of data, companies and organizations around the world offer Machine
Learning Services as a tool for enhancing people’s lives. Recommendation algorithms,
search engine’s, intra-orgranization usage in medicine, military etc. Αll of the above are
working on top of continuous data streams which are getting larger and more rich on user
data, day by day.
Users, unaware how their data are being used, accept terms and conditions, giving away
the right of data privacy, participating in various machine learning experiments with the
promise of each vendor’s data anonymity process. The vendors are reassuring users
that their data are safe and completely anonymized, ignoring the fact that the machine
learning models, they so much strive to incorporate to their product flow, suffers from
subtle vulnerabilities, which can be used to expose and identify users, along with their,
otherwise, private data.
These types of attacks are called Population Inference Attacks and we are, specifically,
going to deepen our knowledge and analyze with detail the so-called Membership Infer-
ence Attack.
In these attacks, the target uses a machine learning model trained on a secret ’target’
dataset. On the other hand the attacker, tries to inference whether some user-victim is a
member of this dataset. To display the danger posed by this attack consider the scenario
where an attacker knows that the clinical records of a user-victim are part of a disease-
related-model’s training set, then the attacker can infer if the person has the disease with
high certainty, leading to a serious privacy breach.
The goal of this thesis is to further examine, analyze and understand the mechanism,
reasoning behind membership inference attacks against machine learning models, as well
as the effect and the various ways we could prevent data leakage during training of ML
models.
Throughout this thesis, a plethora of plots and boards will be provided to the reader, to
enhance his/her understanding of this study via experiments.
Main subject category:
Technology - Computer science
Keywords:
Machine Learning, Neural Networks, Classification, Differential Pri- vacy, Security, User data, Data Privacy
Index:
Yes
Number of index pages:
6
Contains images:
Yes
Number of references:
17
Number of pages:
66
Ptixiaki_Vissarion_Moutafis.pdf (4 MB) Open in new window