We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.LG

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Machine Learning

Title: Practical Defences Against Model Inversion Attacks for Split Neural Networks

Abstract: We describe a threat model under which a split network-based federated learning system is susceptible to a model inversion attack by a malicious computational server. We demonstrate that the attack can be successfully performed with limited knowledge of the data distribution by the attacker. We propose a simple additive noise method to defend against model inversion, finding that the method can significantly reduce attack efficacy at an acceptable accuracy trade-off on MNIST. Furthermore, we show that NoPeekNN, an existing defensive method, protects different information from exposure, suggesting that a combined defence is necessary to fully protect private user data.
Comments: ICLR 2021 Workshop on Distributed and Private Machine Learning (DPML 2021)
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC)
Cite as: arXiv:2104.05743 [cs.LG]
  (or arXiv:2104.05743v2 [cs.LG] for this version)

Submission history

From: Pavlos Papadopoulos [view email]
[v1] Mon, 12 Apr 2021 18:12:17 GMT (783kb,D)
[v2] Wed, 21 Apr 2021 11:01:25 GMT (783kb,D)

Link back to: arXiv, form interface, contact.