Top

Automatic Control and Computer Sciences

Published in:

01-12-2023

Confidentiality of Machine Learning Models

Authors: M. A. Poltavtseva, E. A. Rudnitskaya

Published in: Automatic Control and Computer Sciences | Issue 8/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This article is about ensuring the confidentiality of models using machine learning systems. The aim of this study is to ensure the confidentiality of models when using machine learning systems. This study analyzes attacks aimed at violating the confidentiality of these models and methods of protection from this type of attack, as a result of which the task of protecting against this type of attack is formulated as a search for anomalies in the input data. A method is proposed for detecting abnormalities in the input data based on the statistical data, taking into consideration the resumption of the attack by the intruder under a different account. The results obtained can be used as a base for designing components of machine learning security systems.

previous article Features of Detecting Malicious Installation Files Using Machine Learning Algorithms

next article Hybrid Method for the Detection of Evasion Attacks Aimed at Machine Learning Systems

Attacks against artificial intelligence. https://media.kaspersky.com/ru/business-security/attacks-on-artificial-intelligence-whitepaper.pdf. Cited December 25, 2021.

Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., and Loukas, G., A taxonomy and survey of attacks against machine learning, Comput. Sci. Rev., 2019, vol. 34, no. 4, p. 100199. https://doi.org/10.1016/j.cosrev.2019.100199MathSciNetCrossRef

Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., and Mukhopadhyay, D., Adversarial attacks and defenses: A survey, 2018. https://doi.org/10.48550/arXiv.1810.00069

Hayes, J., Melis, L., Danezis, G., and De Cristofaro, E., LOGAN: Membership inference attacks against generative models, PETS, 2019, pp. 133–152. https://doi.org/10.48550/arXiv.1705.07663CrossRef

Shokri, R., Stronati, M., Song, C., and Shmatikov, V., Membership inference attacks against machine learning models, 2017 IEEE Symp. on Security and Privacy (SP), San Jose, Calif., 2017, IEEE, 2017, pp. 3–18. https://doi.org/10.1109/sp.2017.41

Salem, A., Zhang, Ya., Humbert, M., Berrang, P., Fritz, M., and Backes, M., ML-Leaks: Model and data independent membership inference attacks and defenses on machine learning models, Proc. 2019 Annu. Network and Distributed System Security Symp. (NDSS), 2019, pp. 1–15. https://doi.org/10.48550/arXiv.1806.01246

Long, Y., Bindschaedler, V., Wang, L., Bu, D., Wang, X., Tang, H., Gunter, C.A., and Chen, K., Understanding membership inferences on well-generalized learning models, 2018, pp. 1–16. https://doi.org/10.48550/arXiv.1802.04889

Rahman, Md.A., Rahman, T., Laganiere, R., Mohammed, N., and Wang, Y., Membership inference attack against differentially private deep learning model, Trans. Data Privacy, 2018, vol. 11, no. 1, pp. 61–79.

Nasr, M., Shokri, R., and Houmansadr, A., Machine learning with membership privacy using adversarial regularization, Proc. 2018 ACM SIGSAC Conf. on Computer and Communications Security, Toronto, 2018, New York: Association for Computing Machinery, 2018, pp. 634–646. https://doi.org/10.1145/3243734.3243855

10.

Jia, J., Salem, A., Backes, M., Zhang, Ya., and Gong, N.Z., MemGuard: Defending against black-box membership inference attacks via adversarial examples, Proc. 2019 ACM SIGSAC Conf. on Computer and Communications Security, London, 2019, New York: Association for Computing Machinery, 2019, pp. 259–274. https://doi.org/10.1145/3319535.3363201

11.

Tonni, S.M., Farokhi, F., Vatsalan, D., Kaafar, D., Lu, Zh., and Tangari, G., Data and model dependencies of membership inference attack, Proc. Privacy Enhancing Technologies. âЂ“ 2020, pp. 1–17. https://doi.org/10.48550/arXiv.2002.06856

12.

Fredrikson, M., Jha, S., and Ristenpart, T., Model inversion attacks that exploit confidence information and basic countermeasures, Proc. 22nd ACM SIGSAC Conf. on Computer and Communications Security, Denver, Colo., 2015, New York: Association for Computing Machinery, 2015, pp. 1322–1333. https://doi.org/10.1145/2810103.2813677

13.

Park, C., Hong, D., and Seo, C., An attack-based evaluation method for differentially private learning against model inversion attack, IEEE Access, 2019, vol. 7, pp. 124988–124999. https://doi.org/10.1109/access.2019.2938759CrossRef

14.

Hidano, S., Murakami, T., Katsumata, S., Kiyomoto, S., and Hanaoka, G., Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes, 2017 15th Annu. Conf. on Privacy, Security and Trust (PST), Calgary, Canada, 2017, IEEE, 2017, pp. 115–126. https://doi.org/10.1109/pst.2017.00023

15.

Wang, D., Si, Ch., and Xu, J., Regression model fitting under differential privacy and model inversion attack, Proc. 24th Int. Conf. on Artificial Intelligence, Buenos Aires, 2015, Yang, Q. and Wooldridge, M., Eds., AAAI Press, 2015, pp. 1003–1009.

16.

Basu, S., Izmailov, R., and Mesterharm, C., Membership model inversion attacks for deep networks, 2019, pp. 1–7. https://doi.org/10.48550/arXiv.1910.04257

17.

He, Z., Zhang, T., and Lee, R.B., Model inversion attacks against collaborative inference, Proc. 35th Annu. Computer Security Applications Conf., San Juan, P.R., 2019, New York: Association for Computing Machinery, 2019, pp. 148–162. https://doi.org/10.1145/3359789.3359824

18.

Chandrasekaran, V., Chaudhuri, K., Giacomelli, I., Jha, S., and Yan, S., Exploring connections between active learning and model extraction, Proc. 29th USENIX Conf. on Security Symp., USENIX Association, 2020, pp. 1309–1326. https://www.usenix.org/conference/usenixsecurity20/presentation/chandrasekaran.

19.

Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., and Ristenpart, T., Stealing machine learning models via prediction APIs, 25th USENIX Security Symp., Austin, TX: USENIX Association, 2016, pp. 601–618. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/tramer.

20.

Lowd, D. and Meek, C., Adversarial learning, Proc. Eleventh ACM SIGKDD Int. Conf. on Knowledge Discovery in Data Mining, Chicago, 2005, New York: Association for Computing Machinery, 2005, pp. 641–647. https://doi.org/10.1145/1081870.1081950

21.

Wang, B. and Gong, N.Z., Stealing hyperparameters in machine learning, 2018 IEEE Symp. on Security and Privacy (SP), San Francisco, 2018, IEEE, 2018, pp. 36–52. https://doi.org/10.1109/sp.2018.00038

22.

Takemura, T., Yanai, N., and Fujiwara, T., Model extraction attacks against recurrent neural networks, 2020, pp. 1–11. https://doi.org/10.48550/arXiv.2002.00123

23.

Yu, H., Yang, K., Zhang, T., Tsai, Yu.-Yu., Ho, Ts.-Yi., and Jin, Yi., CloudLeak: Large-scale deep learning models stealing through adversarial examples, Proc. 2020 Network and Distributed System Security Symp., Internet Society, 2020, pp. 1–16. https://doi.org/10.14722/ndss.2020.24178

24.

Lee, T., Edwards, B., Molloy, I., and Su, D., Defending against machine learning model stealing attacks using deceptive perturbations, pp. 1–8. https://doi.org/10.48550/arXiv.1806.00054

25.

Quiring, E., Arp, D., and Rieck, K., Forgotten siblings: Unifying attacks on machine learning and digital watermarking, 2018 IEEE Eur. Symp. on Security and Privacy (EuroS&P), London, 2018, IEEE, 2018, pp. 488–502. https://doi.org/10.1109/eurosp.2018.00041

26.

Juuti, M., Szyller, S., Marchal, S., and Asokan, N., PRADA: Protecting against DNN model stealing attacks, 2019 IEEE Eur. Symp. on Security and Privacy (EuroS&P), Stockholm, 2019, IEEE, 2019, pp. 512–527. https://doi.org/10.1109/eurosp.2019.00044

27.

Unguryanu, T.N. and Grjibovski, A.M., Brief recommendations on description, statistical analysis, and representation of data in scientific publications, Ekol. Chel., 2014, no. 5, pp. 55–60.

28.

CIFAR10. https://www.tensorflow.org/datasets/catalog/cifar10?hl=ru. Cited December 10, 2022.

29.

MNIST. https://www.tensorflow.org/datasets/catalog/mnist?hl=ru. Cited December 10, 2022.

Title: Confidentiality of Machine Learning Models
Authors: M. A. Poltavtseva
E. A. Rudnitskaya
Publication date: 01-12-2023
Publisher: Pleiades Publishing
Published in: Automatic Control and Computer Sciences / Issue 8/2023
Print ISSN: 0146-4116
Electronic ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411623080242

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2023

Graph-Based Self-Regulation for Different Types of Networks with Adaptive Topology

Approach for Protecting Mobile Device User’s Data Based on Multifactor Authentication, Visual Cryptography, and Steganography

Method for the Adaptive Neutralization of Structural Breaches in Cyber-Physical Systems Based on Graph Artificial Neural Networks

Early Detection of Network Attacks Based on Weight-Insensitive Neural Networks

Application of a Neocortex Model to Identify Contextual Anomalies in the Industrial Internet of Things Network Traffic

Assessment of the Effectiveness of an Information Security System