Timezone: »
Membership inference attacks are a key measure to evaluate privacy leakage in machine learning (ML) models, which aim to distinguish training members from non-members by exploiting differential behavior of the models on member and non-member inputs. We propose a new framework to train privacy-preserving models that induces similar behavior on member and non-member inputs to mitigate practical membership inference attacks. Our framework, called SELENA, has two major components. The first component and the core of our defense, called Split-AI, is a novel ensemble architecture for training. We prove that our Split-AI architecture defends against a large family of membership inference attacks, however, it is susceptible to new adaptive attacks. Therefore, we use a second component in our framework called Self-Distillation to protect against such stronger attacks, which (self-)distills the training dataset through our Split-AI ensemble and has no reliance on external public datasets. We perform extensive experiments on major benchmark datasets and the results show that our approach achieves a better trade-off between membership privacy and utility compared to previous defenses.
Author Information
Xinyu Tang (Princeton University)
Saeed Mahloujifar (Princeton)
Liwei Song (Princeton University)
Virat Shejwalkar (University of Massachusetts Amherst)
Amir Houmansadr (University of Massachusetts Amherst)
Prateek Mittal (Princeton University)
More from the Same Authors
-
2020 : Machine Learning with Membership Privacy via Knowledge Transfer »
Virat Shejwalkar -
2020 : Privacy Risks in Embedded Deep Learning »
Virat Shejwalkar -
2021 : RobustBench: a standardized adversarial robustness benchmark »
Francesco Croce · Maksym Andriushchenko · Vikash Sehwag · Edoardo Debenedetti · Nicolas Flammarion · Mung Chiang · Prateek Mittal · Matthias Hein -
2021 : Membership Inference Attacks Against NLP Classification Models »
Virat Shejwalkar · Huseyin A Inan · Amir Houmansadr · Robert Sim -
2021 : Cronus: Robust and Heterogeneous Collaborative Learning with Black-Box Knowledge Transfer »
CHANG hongyan · Virat Shejwalkar · Reza Shokri · Amir Houmansadr -
2022 : Lower Bounds on 0-1 Loss for Multi-class Classification with a Test-time Attacker »
Sihui Dai · Wenxin Ding · Arjun Nitin Bhagoji · Daniel Cullina · Prateek Mittal · Ben Zhao -
2022 Poster: Formulating Robustness Against Unforeseen Attacks »
Sihui Dai · Saeed Mahloujifar · Prateek Mittal -
2022 Poster: Understanding Robust Learning through the Lens of Representation Similarities »
Christian Cianfarani · Arjun Nitin Bhagoji · Vikash Sehwag · Ben Zhao · Heather Zheng · Prateek Mittal -
2022 Poster: Renyi Differential Privacy of Propose-Test-Release and Applications to Private and Robust Machine Learning »
Jiachen T. Wang · Saeed Mahloujifar · Shouda Wang · Ruoxi Jia · Prateek Mittal -
2021 Poster: A Separation Result Between Data-oblivious and Data-aware Poisoning Attacks »
Samuel Deng · Sanjam Garg · Somesh Jha · Saeed Mahloujifar · Mohammad Mahmoody · Abhradeep Guha Thakurta -
2020 Poster: HYDRA: Pruning Adversarially Robust Neural Networks »
Vikash Sehwag · Shiqi Wang · Prateek Mittal · Suman Jana -
2019 : Poster Session »
Clement Canonne · Kwang-Sung Jun · Seth Neel · Di Wang · Giuseppe Vietri · Liwei Song · Jonathan Lebensold · Huanyu Zhang · Lovedeep Gondara · Ang Li · FatemehSadat Mireshghallah · Jinshuo Dong · Anand D Sarwate · Antti Koskela · Joonas Jälkö · Matt Kusner · Dingfan Chen · Mi Jung Park · Ashwin Machanavajjhala · Jayashree Kalpathy-Cramer · · Vitaly Feldman · Andrew Tomkins · Hai Phan · Hossein Esfandiari · Mimansa Jaiswal · Mrinank Sharma · Jeff Druce · Casey Meehan · Zhengli Zhao · Hsiang Hsu · Davis Railsback · Abraham Flaxman · · Julius Adebayo · Aleksandra Korolova · Jiaming Xu · Naoise Holohan · Samyadeep Basu · Matthew Joseph · My Thai · Xiaoqian Yang · Ellen Vitercik · Michael Hutchinson · Chenghong Wang · Gregory Yauney · Yuchao Tao · Chao Jin · Si Kai Lee · Audra McMillan · Rauf Izmailov · Jiayi Guo · Siddharth Swaroop · Tribhuvanesh Orekondy · Hadi Esmaeilzadeh · Kevin Procopio · Alkis Polyzotis · Jafar Mohammadi · Nitin Agrawal -
2019 Poster: Lower Bounds on Adversarial Robustness from Optimal Transport »
Arjun Nitin Bhagoji · Daniel Cullina · Prateek Mittal -
2018 Poster: PAC-learning in the presence of adversaries »
Daniel Cullina · Arjun Nitin Bhagoji · Prateek Mittal -
2018 Poster: Adversarial Risk and Robustness: General Definitions and Implications for the Uniform Distribution »
Dimitrios Diochnos · Saeed Mahloujifar · Mohammad Mahmoody