Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2409.17283 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866910620322889728 |
|---|---|
| author | Mazzone, Federico Badawi, Ahmad Al Polyakov, Yuriy Everts, Maarten Hahn, Florian Peter, Andreas |
| author_facet | Mazzone, Federico Badawi, Ahmad Al Polyakov, Yuriy Everts, Maarten Hahn, Florian Peter, Andreas |
| contents | The notion that collaborative machine learning can ensure privacy by just withholding the raw data is widely acknowledged to be flawed. Over the past seven years, the literature has revealed several privacy attacks that enable adversaries to extract information about a model's training dataset by exploiting access to model parameters during or after training. In this work, we study privacy attacks in the gray-box setting, where the attacker has only limited access - in terms of view and actions - to the model. The findings of our investigation provide new insights for the development of privacy-preserving collaborative learning solutions. We deploy SmartCryptNN, a framework that tailors homomorphic encryption to protect the portions of the model posing higher privacy risks. Our solution offers a trade-off between privacy and efficiency, which varies based on the extent and selection of the model components we choose to protect. We explore it on dense neural networks, where through extensive evaluation of diverse datasets and architectures, we uncover instances where a favorable sweet spot in the trade-off can be achieved by safeguarding only a single layer of the network. In one of such instances, our approach trains ~4 times faster compared to fully encrypted solutions, while reducing membership leakage by 17.8 times compared to plaintext solutions. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2409_17283 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Investigating Privacy Attacks in the Gray-Box Setting to Enhance Collaborative Learning Schemes Mazzone, Federico Badawi, Ahmad Al Polyakov, Yuriy Everts, Maarten Hahn, Florian Peter, Andreas Cryptography and Security The notion that collaborative machine learning can ensure privacy by just withholding the raw data is widely acknowledged to be flawed. Over the past seven years, the literature has revealed several privacy attacks that enable adversaries to extract information about a model's training dataset by exploiting access to model parameters during or after training. In this work, we study privacy attacks in the gray-box setting, where the attacker has only limited access - in terms of view and actions - to the model. The findings of our investigation provide new insights for the development of privacy-preserving collaborative learning solutions. We deploy SmartCryptNN, a framework that tailors homomorphic encryption to protect the portions of the model posing higher privacy risks. Our solution offers a trade-off between privacy and efficiency, which varies based on the extent and selection of the model components we choose to protect. We explore it on dense neural networks, where through extensive evaluation of diverse datasets and architectures, we uncover instances where a favorable sweet spot in the trade-off can be achieved by safeguarding only a single layer of the network. In one of such instances, our approach trains ~4 times faster compared to fully encrypted solutions, while reducing membership leakage by 17.8 times compared to plaintext solutions. |
| title | Investigating Privacy Attacks in the Gray-Box Setting to Enhance Collaborative Learning Schemes |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2409.17283 |