Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 56674 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jafari Sivoshani, Mahdi; Rohban, Mohammad Hossein
- Abstract:
- Membership inference attacks are one of the most important privacy-violating attacks in machine learning, as well as infrastructure of more serious attacks such as data extraction attacks. Since membership inference attack is used as a measure to evaluate the level of privacy protection of machine learning models, different researches have investigated and provided new methods for this attack. However, the accuracy of these attacks has not been investigated on models trained with the latest techniques such as data augmentation and regularization techniques. In this research, we see that the Lira attack, the latest membership inference attack, which has much more power compared to previous attacks, can also be prevented with simple methods. We are able to reduce attack accuracy without reducing the utility of the machine learning model. So, we will first examine the new techniques of model training and their effect on the result of the MIA attack. Then, based on the available observations, we examine the relationship between the attack accuracy and the generalizability of the target model. To examine this relationship more accurately, we have fixed other effective factors such as the target model structure and its training data set. Then, concluded that the combination of the accuracy gap and test accuracy of the target model is a good estimator for this model MIA vulnerability. Finally, by introducing a new white-box attack, we attempt to increase the accuracy of the membership inference attack, even where existing attacks are not responsive. The attack presented in this part has a structure similar to the Lira attack, except that it uses the information in the internal layers of the model
- Keywords:
- Privacy ; Machine Learning ; Generalization ; White-Box Attack ; Membership Inference Attack ; Federated Learning
Digital Object List
محتواي کتاب
Bookmark