A Novel User Membership Leakage Attack in Collaborative Deep Learning
2019 11th International Conference on Wireless Communications and Signal Processing (WCSP)(2019)
摘要
Collaborative deep learning can provide high learning accuracy even participanted users' datasets are small. In the training process, users only share their locally obtained parameters, therefore it is believed that the privacy of users' original datasets can be protected. However, we present an attack approach against users' privacy in collaborative deep learning by utilizing Generative Adversarial Network (GAN) and Membership Inference. In this attack, an attacker builds a discriminator based on users' shared parameters and then trains a GAN network locally. The GAN can refactor the training records of the collaborative deep learning system. According to the generated records, the attacker uses the extent of model overfitting on an input and gets the membership of each group of records by the simplified Membership Inference attack. We evaluate the presented attack model over datasets of complex representations of handwritten digits (MINIST) and face images (CelebA). The results show that an attacker can easily generate the original training sets and classify them to obtain the membership between users' records and their identities in the collaborative deep learning.
更多查看译文
关键词
Privacy,Collaborative deep learning,GAN,Membership Inference
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络