Robust Transparency Against Model Inversion Attacks

Alufaisan Yasmeen; Kantarcioglu Murat; Zhou Yan

首页> 外文期刊>IEEE transactions on dependable and secure computing >Robust Transparency Against Model Inversion Attacks

【24h】

Robust Transparency Against Model Inversion Attacks

机译：防止模型反转攻击的稳健透明度

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Transparency has become a critical need in machine learning (ML) applications. Designing transparent ML models helps increase trust, ensure accountability, and scrutinize fairness. Some organizations may opt-out of transparency to protect individuals' privacy. Therefore, there is a great demand for transparency models that consider both privacy and security risks. Such transparency models can motivate organizations to improve their credibility by making the ML-based decision-making process comprehensible to end-users. Differential privacy (DP) provides an important technique to disclose information while protecting individual privacy. However, it has been shown that DP alone cannot prevent certain types of privacy attacks against disclosed ML models. DP with low c values can provide high privacy guarantees, but may result in significantly weaker ML models in terms of accuracy. On the other hand, setting c value too high may lead to successful privacy attacks. This raises the question whether we can disclose accurate transparent ML models while preserving privacy. In this article we introduce a novel technique that complements DP to ensure model transparency and accuracy while being robust against model inversion attacks. We show that combining the proposed technique with DP provide highly transparent and accurate ML models while preserving privacy against model inversion attacks.

机译：透明度已成为机器学习（ML）应用中的关键需求。设计透明ML模型有助于增加信任，确保责任和审查公平性。有些组织可能选择退出透明度以保护个人隐私。因此，对隐私和安全风险的透明度模型有很大的需求。这种透明度模型可以激励组织通过使ML的决策过程能够理解最终用户来激励他们的可信度。差分隐私（DP）提供了一个重要的技术，在保护个人隐私时披露信息。然而，已经表明，单独的DP无法防止某些类型的隐私攻击对公开的ML模型。具有低C值的DP可以提供高隐私保证，但可能导致最明显弱的ML模型在准确性方面。另一方面，设置C值太高可能导致成功的隐私攻击。这提出了这个问题，无论我们是否可以在保留隐私时披露准确的透明ML模型。在本文中，我们介绍一种新颖的技术，可以补充DP，以确保模型透明度和准确性，同时对模型反演攻击稳健。我们表明，将所提出的技术与DP相结合，提供高度透明和准确的ML模型，同时保持对模型反演攻击的隐私。

著录项

来源
《IEEE transactions on dependable and secure computing》 |2021年第5期|2061-2073|共13页
作者
Alufaisan Yasmeen; Kantarcioglu Murat; Zhou Yan;
展开▼
作者单位

Saudi Aramco EXPEC Comp Operat Dept Dhahran 31311 Saudi Arabia;

Univ Texas Dallas Dept Comp Sci Richardson TX 75080 USA;

Univ Texas Dallas Dept Comp Sci Richardson TX 75080 USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Transparency; privacy-preserving; model-inversion attack;

机译：透明度;隐私保留;模型反演攻击;

相似文献

外文文献
中文文献
专利

1. A Robustness Model of Complex Networks with Tunable Attack Information Parameter [J] . WU Jun, TAN Yue-Jin, DENG Hong-Zhong, 中国物理快报：英文版 . 2007,第007期
2. Robust inversion analysis of local gravity anomalies caused by geological dislocation model of faults [J] . 黄建梁, 申重阳, 李辉地震学报：英文版 . 1998,第001期
3. Transparency and Strong Gain Without Population Inversion in Photonic Bandgap Crystals [J] . 杜春光, 胡正峰, 侯春风, 中国物理快报：英文版 . 2002,第003期
4. Dishonest Behaviors in Online Rating Systems： Cyber Competition, Attack Models, and Attack Generator [J] . 杨亚飞, 冯沁原, 孙琰, 计算机科学技术学报：英文版 . 2009,第005期
5. Dishonest Behaviors in Online Rating Systems: Cyber Competition, Attack Models, and Attack Generator [J] . Ya-Fei Yang, Qin-Yuan Feng, Yen(Lindsay)Sun, 计算机科学技术学报（英文版） . 2009,第005期
6. Querying little is enough: Model inversion attack via latent information [J] . Kanghua Mo, Xiaozhang Liu, Teng Huang, International Journal of Intelligent Systems . 2021,第2期

机译：查询少量足够：通过潜在信息模型反演攻击
7. Model Inversion Attacks for Online Prediction Systems: Without Knowledge of Non-Sensitive Attributes [J] . Seira HIDANO, Takao MURAKAMI, Shuichi KATSUMATA, IEICE transactions on information and systems . 2018,第11期

机译：在线预测系统的模型反转攻击：不了解非敏感属性
8. Algorithms that remember: model inversion attacks and data protection law [J] . Veale Michael, Binns Reuben, Edwards Lilian Philosophical transactions of the Royal Society. Mathematical, physical, and engineering sciences . 2018,第2133期

机译：记住的算法：模型反演攻击和数据保护法
9. Angle of attack guidance via robust approximate inversion [C] . Innocenti, Mario In: AIAA Guidance, Navigation, and Control Conference and Exhibit, Boston, MA, Aug. 10-12, 1998, Collection of Technical Papers. Pt. 1 (A98-37001 10-63), Reston, VA, American Institute of Aeronautics and Astronautics, 1998 . 1998

机译：通过鲁棒的近似反演来引导攻角
10. Multi-component seismic modeling and robust pre-stack seismic waveform inversion for elastic anisotropic media parameters. [D] . Li, Tao. 2016

机译：弹性各向异性介质参数的多分量地震建模和鲁棒叠前地震波形反演。
11. Algorithms that remember: model inversion attacks and data protection law [O] . Michael Veale, Reuben Binns, Lilian Edwards -1

机译：记住的算法：模型反转攻击和数据保护法
12. Accountability and Transparency about Central Bank Preferences for Model Robustness. [O] . Meixing Dai, Eleftherios Spyromitros 100

机译：关于模型稳健性的中央银行偏好的问责制和透明度。
13. Robustness Study of the Dynamic Inversion Based Indirect Adaptive Control of Flight Vehicles with Uncertain Model Data [R] . Yedavalli, R. K. , Shankar, P. , Doman, D. B. 2002

机译：基于动态逆的飞行器间接自适应控制模型数据不确定性的鲁棒性研究

Robust Transparency Against Model Inversion Attacks

摘要

著录项

相似文献

相关主题

期刊订阅