Skip to main content
SpringerLink
Log in

How Differential Privacy Reinforces Privacy of Machine Learning Models?

  • Conference paper
  • First Online:
Advances in Computational Collective Intelligence (ICCCI 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1653))

Included in the following conference series:

Abstract

Image classification, facial recognition, health care and graph data analysis are just a few of the areas where machine learning (ML) models were widely applied. Recent research has revealed that ML models are subject to membership inference attacks (MIAs), which attempt to determine whether or not a data record was used to train a target model. The success of MIAs is due to the data leakage during the training phase. Differential Privacy (DP) has been applied in ML to restrict inference of training samples. That’s why in our experimentation, we try to mitigate the impact of MIAs using Differentially Private Stochastic Gradient Descent (DP-SGD) algorithm based on modifying the minibatch stochastic optimization process and adding noise in order to provide a way to get useful information about data without revealing much about any individual information. In this paper, we evaluate DP-SGD as a countermeasure against MIAs on Conventional Neural Networks (CNN) training over MNIST dataset. We consider different combinations of DP-SGD’s noise multiplier and clipping norm parameters in our evaluation. Through experimental analysis, we show that this defense strategy can mitigate the impact of MIAs on the target model while guaranteeing the accuracy of the target model. Evaluation results reveal that our suggested solution for safeguarding privacy against MIA is successful.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. He, Y., Meng, G., Chen, K., Hu, X., He, J.: Towards security threats of deep learning systems: a survey. arXiv:1911.12562 [cs], October 2020

    Google Scholar 

  2. Papernot, N., Mcdaniel, P., Sinha, A., Wellman, M.: SoK: towards the Science of security and privacy in machine learning, p. 20 (2016)

    Google Scholar 

  3. Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., Leung, V.C.M.: A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 6, 12103–12117 (2018). https://doi.org/10.1109/ACCESS.2018.2805680

  4. Hu, H., Salcic, Z., Sun, L., Dobbie, G., Yu, P.S., Zhang, X.: Membership inference attacks on machine learning: a survey. arXiv:2103.07853 [cs], November 2021

    Google Scholar 

  5. Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. arXiv:1610.05820 [cs, stat], March 2017

    Google Scholar 

  6. Yeom, S., Giacomelli, I., Menaged, A., Fredrikson, M., Jha, S.: Overfitting, robustness, and malicious algorithms: a study of potential causes of privacy risk in machine learning. JCS 28(1), 35–70 (2020). https://doi.org/10.3233/JCS-191362

  7. Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., Tramer, F.: Membership inference attacks from first principles. arXiv:2112.03570 [cs], December 2021

    Google Scholar 

  8. Nasr, M., Shokri, R., Houmansadr, A.: Machine learning with membership privacy using adversarial regularization. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, pp. 634–646, October 2018. https://doi.org/10.1145/3243734.3243855

  9. Salem, A., Zhang, Y., Humbert, M., Berrang, P., Fritz, M., Backes, M.: ML-leaks: model and data independent membership inference attacks and defenses on machine learning models. arXiv:1806.01246 [cs], December 2018

    Google Scholar 

  10. Song, L., Shokri, R., Mittal, P.: Privacy risks of securing machine learning models against adversarial examples. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 241–257, November 2019. https://doi.org/10.1145/3319535.3354211

  11. Yeom, S., Giacomelli, I., Fredrikson, M., Jha, S.: Privacy risk in machine learning: analyzing the connection to overfitting. arXiv:1709.01604 [cs, stat], May 2018

    Google Scholar 

  12. Ying, X.: An overview of overfitting and its solutions. J. Phys. Conf. Ser. 1168, 022022, February 2019. https://doi.org/10.1088/1742-6596/1168/2/022022

  13. Truex, S., Liu, L., Gursoy, M.E., Yu, L., Wei, W.: Towards demystifying membership inference attacks. arXiv:1807.09173 [cs], February 2019

    Google Scholar 

  14. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, Part II, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  15. Chen, J., Wang, W.H., Shi, X.: Differential privacy protection against membership inference attack on machine learning for genomic data. In: Proceedings of the Pacific Symposium Biocomputing, vol. 26, pp. 26–37 (2021)

    Google Scholar 

  16. Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308–318, October 2016. https://doi.org/10.1145/2976749.2978318

  17. Du, J., Li, S., Feng, M., Chen, S.: Dynamic differential-privacy preserving SGD (2021)

    Google Scholar 

  18. Yann, L., Corinna, C., Christopher, J.C.B.: MNIST handwritten digit database, Yann LeCun, Corinna Cortes and Chris Burges. http://yann.lecun.com/exdb/mnist/

  19. TensorFlow Privacy. Tensorflow (2022). https://github.com/tensorflow/privacy. Accessed 8 Mar 2022

  20. Fawcett, T.: ROC graphs: notes and practical considerations for researchers. Mach. Learn. 31, 1–38 (2004)

    MathSciNet  Google Scholar 

  21. Li, J., Li, N., Ribeiro, B.: Membership inference attacks and defenses in classification models. In: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, New York, NY, USA, pp. 5–16 (2021). https://doi.org/10.1145/3422337.3447836

  22. Choquette-Choo, C.A., Tramer, F., Carlini, N., Papernot, N.: Label-only membership inference attacks. In: Proceedings of the 38th International Conference on Machine Learning, pp. 1964–1974, July 2021

    Google Scholar 

  23. Jia, J., Salem, A., Backes, M., Zhang, Y., Gong, N.Z.: MemGuard: defending against black-box membership inference attacks via adversarial examples. arXiv:1909.10594 [cs], December 2019

    Google Scholar 

  24. Yang, Z., Shao, B., Xuan, B., Chang, E.-C., Zhang, F.: Defending model inversion and membership inference attacks via prediction purification. arXiv:2005.03915 [cs], August 2020

    Google Scholar 

  25. Hanzlik, L., et al.: MLCapsule: guarded offline deployment of machine learning as a service, pp. 3300–3309 (2021)

    Google Scholar 

  26. Ben Hamida, S., Mrabet, H., Belguith, S., Alhomoud, A., Jemai, A.: Towards securing machine learning models against membership inference attacks. Comput. Mater. Continua (2021)

    Google Scholar 

  27. Kaya, Y., Dumitras, T.: When does data augmentation help with membership inference attacks?. In: Proceedings of the 38th International Conference on Machine Learning, pp. 5345–5355, July 2021

    Google Scholar 

  28. Yu, D., Zhang, H., Chen, W., Yin, J., Liu, T.-Y.: How does data augmentation affect privacy in machine learning? (2021)

    Google Scholar 

  29. Hayes, J., Melis, L., Danezis, G., De Cristofaro, E.: LOGAN: membership inference attacks against generative models. In: Proceedings on Privacy Enhancing Technologies, vol. 2019, no 1, pp. 133–152, January 2019. https://doi.org/10.2478/popets-2019-0008

  30. Leino, K., Fredrikson, M.: Stolen memories: leveraging model memorization for calibrated {white-box} membership inference, pp. 1605–1622 (2020)

    Google Scholar 

  31. Saeidian, S., Cervia, G., Oechtering, T.J., Skoglund, M.: Quantifying membership privacy via information leakage. IEEE Trans. Inf. Forensics Secur. 16, 3096–3108 (2021). https://doi.org/10.1109/TIFS.2021.3073804

  32. Shejwalkar, V., Houmansadr, A.: Membership privacy for machine learning models through knowledge transfer | researchain. In: AAAI Conference on Artificial Intelligence, pp. 9549–9557 (2021)

    Google Scholar 

  33. Bernau, D., Robl, J., Grassal, P.W., Schneider, S., Kerschbaum, F.: Comparing local and central differential privacy using membership inference attacks. In: Barker, K., Ghazinour, K. (eds.) DBSec 2021. LNCS, vol. 12840, pp. 22–42. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81242-3_2. https://www.springerprofessional.de/en/comparing-local-and-central-differential-privacy-using-membershi/19361800

  34. Tang, X., et al.: Mitigating membership inference attacks by self-distillation through a novel ensemble architecture. arXiv:2110.08324 [cs], October 2021. http://arxiv.org/abs/2110.08324. Consulté le: 12 mars 2022. [En ligne]. Disponible sur

  35. Zheng, J., Cao, Y., Wang, H.: Resisting membership inference attacks through knowledge distillation. Neurocomputing 452, 114–126 (2021). https://doi.org/10.1016/j.neucom.2021.04.082

  36. Jarin, I., Eshete, B.: DP-UTIL: comprehensive utility analysis of differential privacy in machine learning. arXiv:2112.12998 [cs], December 2021

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Higher Institute of Technological Studies of Gabes, General Directorate of Technological Studies, 2098, Rades, Tunisia

    Sana Ben Hamida

  2. Research Team on Intelligent Machines, National Engineering School of Gabes, Gabes University, 6072, Gabes, Tunisia

    Sana Ben Hamida

  3. ESST-HS, SERCOM-Laboratory, Tunisia Polytechnic School, Carthage University, 1054, Tunis, Tunisia

    Hichem Mrabet

  4. INSAT, SERCOM-Laboratory, Tunisia Polytechnic School, Carthage University, 1080, Tunis, Tunisia

    Abderrazak Jemai

Authors
  1. Sana Ben Hamida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hichem Mrabet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abderrazak Jemai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sana Ben Hamida .

Editor information

Editors and Affiliations

  1. University of Craiova, Craiova, Romania

    Costin Bădică

  2. Vrije Universiteit Amsterdam, Amsterdam, The Netherlands

    Jan Treur

  3. Claude Bernard University Lyon 1, Villeurbanne Cedex, France

    Djamal Benslimane

  4. Wrocław University of Science and Technology, Wrocław, Poland

    Bogumiła Hnatkowska

  5. Wrocław University of Science and Technology, Wrocław, Poland

    Marek Krótkiewicz

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ben Hamida, S., Mrabet, H., Jemai, A. (2022). How Differential Privacy Reinforces Privacy of Machine Learning Models?. In: Bădică, C., Treur, J., Benslimane, D., Hnatkowska, B., Krótkiewicz, M. (eds) Advances in Computational Collective Intelligence. ICCCI 2022. Communications in Computer and Information Science, vol 1653. Springer, Cham. https://doi.org/10.1007/978-3-031-16210-7_54

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16210-7_54

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16209-1

  • Online ISBN: 978-3-031-16210-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation