E-mail senden E-Mail Adresse kopieren
2021-11-15

Differential Privacy Defenses and Sampling Attacks for Membership Inference

Zusammenfassung

Machine learning models are commonly trained on sensitive and personal data such as pictures, medical records, financial records, etc. A serious breach of the privacy of this training set occurs when an adversary is able to decide whether or not a specific data point in her possession was used to train a model. While all previous membership inference attacks rely on access to the posterior probabilities, we present the first attack which only relies on the predicted class label - yet shows high success rate.

Konferenzbeitrag

ACM Workshop on Artificial Intelligence and Security (AISEC)

Veröffentlichungsdatum

2021-11-15

Letztes Änderungsdatum

2024-11-15