Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Li, Qi, Wang, Cheng-Long, Cao, Yinzhi, Wang, Di
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2411.15796
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866912131691053056
author Li, Qi
Wang, Cheng-Long
Cao, Yinzhi
Wang, Di
author_facet Li, Qi
Wang, Cheng-Long
Cao, Yinzhi
Wang, Di
contents In this work, we systematically explore the data privacy issues of dataset pruning in machine learning systems. Our findings reveal, for the first time, that even if data in the redundant set is solely used before model training, its pruning-phase membership status can still be detected through attacks. Since this is a fully upstream process before model training, traditional model output-based privacy inference methods are completely unsuitable. To address this, we introduce a new task called Data-Centric Membership Inference and propose the first ever data-centric privacy inference paradigm named Data Lineage Inference (DaLI). Under this paradigm, four threshold-based attacks are proposed, named WhoDis, CumDis, ArraDis and SpiDis. We show that even without access to downstream models, adversaries can accurately identify the redundant set with only limited prior knowledge. Furthermore, we find that different pruning methods involve varying levels of privacy leakage, and even the same pruning method can present different privacy risks at different pruning fractions. We conducted an in-depth analysis of these phenomena and introduced a metric called the Brimming score to offer guidance for selecting pruning methods with privacy protection in mind.
format Preprint
id arxiv_https___arxiv_org_abs_2411_15796
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Data Lineage Inference: Uncovering Privacy Vulnerabilities of Dataset Pruning
Li, Qi
Wang, Cheng-Long
Cao, Yinzhi
Wang, Di
Cryptography and Security
Artificial Intelligence
In this work, we systematically explore the data privacy issues of dataset pruning in machine learning systems. Our findings reveal, for the first time, that even if data in the redundant set is solely used before model training, its pruning-phase membership status can still be detected through attacks. Since this is a fully upstream process before model training, traditional model output-based privacy inference methods are completely unsuitable. To address this, we introduce a new task called Data-Centric Membership Inference and propose the first ever data-centric privacy inference paradigm named Data Lineage Inference (DaLI). Under this paradigm, four threshold-based attacks are proposed, named WhoDis, CumDis, ArraDis and SpiDis. We show that even without access to downstream models, adversaries can accurately identify the redundant set with only limited prior knowledge. Furthermore, we find that different pruning methods involve varying levels of privacy leakage, and even the same pruning method can present different privacy risks at different pruning fractions. We conducted an in-depth analysis of these phenomena and introduced a metric called the Brimming score to offer guidance for selecting pruning methods with privacy protection in mind.
title Data Lineage Inference: Uncovering Privacy Vulnerabilities of Dataset Pruning
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2411.15796