VAE-Based Membership Cleanser Against Membership Inference Attacks

Li Hu; Hongyang Yan; Yun Peng; Haibo Hu; Shaowei Wang; Jin Li

doi:10.1109/TDSC.2024.3429203

VAE-Based Membership Cleanser Against Membership Inference Attacks

Li Hu
, Hongyang Yan
, Yun Peng
, Haibo Hu
, Shaowei Wang
, Jin Li

Research output: Journal article publication › Journal article › Academic research › peer-review

1 Citation (Scopus)

Abstract

Membership inference attacks (MIAs) compromise the privacy of training data through interrogating a victim machine learning model and inferring whether or not a query sample is in the training data. Existing defenses against MIAs include preprocessing the training data of the model, modifying loss functions, and perturbing the inference output. However, all these mechanisms have to change either the training or inference process, which might be out of reach of the defenders, especially when the models are deployed in a third-party cloud service. In this paper, we propose preprocessing the query samples before feeding them into the models for inference. Specifically, we design a Membership Cleanser module to remove the member information in the query sample by moving it closer to non-member area in the feature space. The membership cleanser does not modify the training or inference process of the machine learning model, so it can be applied to any machine learning system. Through extensive evaluation on four datasets against different models, our approach consistently outperforms the state-of-the-art defense mechanisms in resilience and practicality against various MIAs while retaining good inference accuracy.

Original language	English
Pages (from-to)	1-12
Number of pages	12
Journal	IEEE Transactions on Dependable and Secure Computing
DOIs	https://doi.org/10.1109/TDSC.2024.3429203
Publication status	Published - Jul 2024

Keywords

Data models
Data privacy
Decoding
Defense
membership inference attack
non-member representation space
Optimization
Standards
Training
Training data

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering

More information

10.1109/TDSC.2024.3429203

Cite this

@article{7b35a8c003fa4a07b58704badff1ff9d,

title = "VAE-Based Membership Cleanser Against Membership Inference Attacks",

abstract = "Membership inference attacks (MIAs) compromise the privacy of training data through interrogating a victim machine learning model and inferring whether or not a query sample is in the training data. Existing defenses against MIAs include preprocessing the training data of the model, modifying loss functions, and perturbing the inference output. However, all these mechanisms have to change either the training or inference process, which might be out of reach of the defenders, especially when the models are deployed in a third-party cloud service. In this paper, we propose preprocessing the query samples before feeding them into the models for inference. Specifically, we design a Membership Cleanser module to remove the member information in the query sample by moving it closer to non-member area in the feature space. The membership cleanser does not modify the training or inference process of the machine learning model, so it can be applied to any machine learning system. Through extensive evaluation on four datasets against different models, our approach consistently outperforms the state-of-the-art defense mechanisms in resilience and practicality against various MIAs while retaining good inference accuracy.",

keywords = "Data models, Data privacy, Decoding, Defense, membership inference attack, non-member representation space, Optimization, Standards, Training, Training data",

author = "Li Hu and Hongyang Yan and Yun Peng and Haibo Hu and Shaowei Wang and Jin Li",

note = "Publisher Copyright: IEEE",

year = "2024",

month = jul,

doi = "10.1109/TDSC.2024.3429203",

language = "English",

pages = "1--12",

journal = "IEEE Transactions on Dependable and Secure Computing",

issn = "1545-5971",

publisher = "IEEE",

}

TY - JOUR

T1 - VAE-Based Membership Cleanser Against Membership Inference Attacks

AU - Hu, Li

AU - Yan, Hongyang

AU - Peng, Yun

AU - Hu, Haibo

AU - Wang, Shaowei

AU - Li, Jin

N1 - Publisher Copyright: IEEE

PY - 2024/7

Y1 - 2024/7

N2 - Membership inference attacks (MIAs) compromise the privacy of training data through interrogating a victim machine learning model and inferring whether or not a query sample is in the training data. Existing defenses against MIAs include preprocessing the training data of the model, modifying loss functions, and perturbing the inference output. However, all these mechanisms have to change either the training or inference process, which might be out of reach of the defenders, especially when the models are deployed in a third-party cloud service. In this paper, we propose preprocessing the query samples before feeding them into the models for inference. Specifically, we design a Membership Cleanser module to remove the member information in the query sample by moving it closer to non-member area in the feature space. The membership cleanser does not modify the training or inference process of the machine learning model, so it can be applied to any machine learning system. Through extensive evaluation on four datasets against different models, our approach consistently outperforms the state-of-the-art defense mechanisms in resilience and practicality against various MIAs while retaining good inference accuracy.

AB - Membership inference attacks (MIAs) compromise the privacy of training data through interrogating a victim machine learning model and inferring whether or not a query sample is in the training data. Existing defenses against MIAs include preprocessing the training data of the model, modifying loss functions, and perturbing the inference output. However, all these mechanisms have to change either the training or inference process, which might be out of reach of the defenders, especially when the models are deployed in a third-party cloud service. In this paper, we propose preprocessing the query samples before feeding them into the models for inference. Specifically, we design a Membership Cleanser module to remove the member information in the query sample by moving it closer to non-member area in the feature space. The membership cleanser does not modify the training or inference process of the machine learning model, so it can be applied to any machine learning system. Through extensive evaluation on four datasets against different models, our approach consistently outperforms the state-of-the-art defense mechanisms in resilience and practicality against various MIAs while retaining good inference accuracy.

KW - Data models

KW - Data privacy

KW - Decoding

KW - Defense

KW - membership inference attack

KW - non-member representation space

KW - Optimization

KW - Standards

KW - Training

KW - Training data

UR - https://www.scopus.com/pages/publications/85199529704

U2 - 10.1109/TDSC.2024.3429203

DO - 10.1109/TDSC.2024.3429203

M3 - Journal article

AN - SCOPUS:85199529704

SN - 1545-5971

SP - 1

EP - 12

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

ER -

VAE-Based Membership Cleanser Against Membership Inference Attacks

Abstract

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this