Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (4): 373-380.doi: 10.11896/jsjkx.230100024

• Information Security • Previous Articles     Next Articles

Active Membership Inference Attack Method Based on Multiple Redundant Neurons

WANG Degang, SUN Yi, GAO Qi   

  1. School of Cryptographic Engineering,Information Engineering University,Zhengzhou 450001,China
  • Received:2023-01-04 Revised:2023-05-04 Online:2024-04-15 Published:2024-04-10

PDF (PC)

46

Abstract: Federated learning provides privacy protection for source data by exchanging model parameters or gradients.However,it still faces the problem of privacy disclosure.For example,membership inference attack can infer whether the target data samples are used to train machine learning models in federated learning.Aiming at the problem that the existing active membership inference attack based on model parameter construction in federated learning are less robust to dropout operations,an active membership inference attack method is proposed.This method makes use of the characteristic that the input of ReLU activation function is negative and the output is zero,constructs model parameters according to the target data,and inferences membership through the difference between member data and non-member data in updating model parameters.The redundancy of model neurons is used to construct multiple paths to achieve robustness to dropout.Experiments on MNIST,CIFAR10 and CIFAR100 datasets proves the effectiveness of our method.When dropout is used in model training,the proposed method can still achieve an accuracy of 100%.

Key words: Federated learning, Machine learning model, multiple redundant neurons, Active membership inference attack

CLC Number: 

  • TP309
[1]MCMAHAN B,MOORE E,RAMAGE D,et al.Communication-efficient learning of deep networks from decentralized data[C]//Artificial Intelligence and Statistics.PMLR,2017:1273-1282.
[2]MELIS L,SONG C,DE CRISTOFARO E,et al.Exploiting unintended feature leakage in collaborative learning[C]//2019 IEEE Symposium on Security and Privacy(SP).IEEE,2019:691-706.
[3]NASR M,SHOKRI R,HOUMANSADR A.Comprehensive privacy analysis of deep learning:Passive and active white-box inference attacks against centralized and federated learning[C]//2019 IEEE Symposium on Security and Privacy(SP).IEEE,2019:739-753.
[4]PICHLER G,ROMANELLI M,VEGA L R,et al.Perfectly Accurate Membership Inference by a Dishonest Central Server in Federated Learning[J].arXiv:2203.16463,2022.
[5]HU H,SALCIC Z,SUN L,et al.Membership inference attacks on machine learning:A survey[J].ACM Computing Surveys(CSUR),2022,54(11s):1-37.
[6]SHOKRI R,STRONATI M,SONG C,et al.Membership Infe-rence Attacks Against Machine Learning Models[C]//2017 IEEE Symposium on Security and Privacy(SP):IEEE,2017:3-18.
[7]SALEM A,ZHANG Y,HUMBERT M,et al.Ml-leaks:Model and data independent membership inference attacks and defenses on machine learning models[J].arXiv:1806.01246,2018.
[8]YEOM S,GIACOMELLI I,FREDRIKSON M,et al.Privacyrisk in machine learning:Analyzing the connection to overfitting[C]//2018 IEEE 31st Computer Security Foundations Sympo-sium(CSF).IEEE,2018:268-282.
[9]SONG L,MITTAL P.Systematic evaluation of privacy risks of machine learning models[C]//30th USENIX Security Sympo-sium(USENIX Security 21).2021.
[10]LI Z,ZHANG Y.Membership leakage in label-only exposures[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:880-895.
[11]CHOQUETTE-CHOO C A,TRAMER F,CARLINI N,et al.Label-only membership inference attacks[C]//International Conference on Machine Learning.PMLR,2021:1964-1974.
[12]RAHIMIAN S,OREKONDY T,FRITZ M.Differential privacy defenses and sampling attacks for membership inference[C]//Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security.2021:193-202.
[13]LEINO K,FREDRIKSON M.Stolen memories:Leveraging model memorization for calibrated white-box membership inference[C]//29th USENIX Security Symposium(USENIX Security 20).2020:1605-1622.
[14]CHEN D,YU N,ZHANG Y,et al.GAN-Leaks:A Taxonomy of Membership Inference Attacks against Generative Models[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security(CCS '20).Association for Computing Machinery,343-362
[15]HAYES J,MELIS L,DANEZIS G,et al.Logan:Membership inference attacks against generative models[C]//Proceedings on Privacy Enhancing Technologies(PoPETs).2019:133-152.
[16]KAYA Y,HONG S,DUMITRAS T.On the effectiveness ofregularization against membership inference attacks[J].arXiv:2006.05336,2020.
[17]HOUMANSADR V S A.Membership Privacy for MachineLearning Models Through Knowledge Transfer[C]//Procee-dings of the AAAI Conference on Artificial Intelligence.2021,35(11):9549-9557.
[18]NASR M,SHOKRI R,HOUMANSADR A.Machine learningwith membership privacy using adversarial regularization[C]//Proceedings of the 2018 ACM SIGSAC Conference on Compu-ter and Communications Security.2018:634-646.
[19]LI J,LI N,RIBEIRO B.Membership Inference Attacks and Defenses in Classification Models[C]//Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy(CODASPY '21).2020:5-16.
[20]DWORK C,MCSHERRY F,NISSIM K,et al.Calibrating noise to sensitivity in private data analysis[C]//Theory of Cryptography Conference.Springer,2006:265-284.
[21]RAHMAN M A,RAHMAN T,LAGANIÈRE R,et al.Membership Inference Attack against Differentially Private Deep Learning Model[J].Trans.Data Priv.,2018,11(1):61-79.
[22]JAYARAMAN B,EVANS D.Evaluating differentially private machine learning in practice[C]//28th USENIX Security Symposium(USENIX Security 19).2019:1895-1912.
[23]RAHIMIAN S,OREKONDY T,FRITZ M.Sampling attacks:Amplification of membership inference attacks by repeated queries[J].arXiv:2009.00395,2020.
[24]ABADI M,CHU A,GOODFELLOW I,et al.Deep learning with differential privacy[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:308-318.
[25]BA J,CARUANA R.Do deep nets really need to be deep?[J].Advances Neural Information Processing Systems,2014,3:2654-2662.
[26]ZHENG J,CAO Y,WANG H.Resisting membership inference attacks through knowledge distillation[J].Neurocomputing,2021,452:114-126.
[27]BEUTEL D J,TOPAL T,MATHUR A,et al.Flower:A frien-dly federated learning research framework[J].arXiv:2007.14390,2020.
[1] LU Yanfeng, WU Tao, LIU Chunsheng, YAN Kang, QU Yuben. Survey of UAV-assisted Energy-Efficient Edge Federated Learning [J]. Computer Science, 2024, 51(4): 270-279.
[2] WANG Xin, HUANG Weikou, SUN Lingyun. Survey of Incentive Mechanism for Cross-silo Federated Learning [J]. Computer Science, 2024, 51(3): 20-29.
[3] HUANG Nan, LI Dongdong, YAO Jia, WANG Zhe. Decentralized Federated Continual Learning Method Combined with Meta-learning [J]. Computer Science, 2024, 51(3): 271-279.
[4] WANG Xun, XU Fangmin, ZHAO Chenglin, LIU Hongfu. Defense Method Against Backdoor Attack in Federated Learning for Industrial Scenarios [J]. Computer Science, 2024, 51(1): 335-344.
[5] WANG Zhousheng, YANG Geng, DAI Hua. Lightweight Differential Privacy Federated Learning Based on Gradient Dropout [J]. Computer Science, 2024, 51(1): 345-354.
[6] ZHAO Yuhao, CHEN Siguang, SU Jian. Privacy-enhanced Federated Learning Algorithm Against Inference Attack [J]. Computer Science, 2023, 50(9): 62-67.
[7] LIN Xinyu, YAO Zewei, HU Shengxi, CHEN Zheyi, CHEN Xing. Task Offloading Algorithm Based on Federated Deep Reinforcement Learning for Internet of Vehicles [J]. Computer Science, 2023, 50(9): 347-356.
[8] LI Rongchang, ZHENG Haibin, ZHAO Wenhong, CHEN Jinyin. Data Reconstruction Attack for Vertical Graph Federated Learning [J]. Computer Science, 2023, 50(7): 332-338.
[9] ZHANG Lianfu, TAN Zuowen. Robust Federated Learning Algorithm Based on Adaptive Weighting [J]. Computer Science, 2023, 50(6A): 230200188-9.
[10] ZHONG Jialin, WU Yahui, DENG Su, ZHOU Haohao, MA Wubin. Multi-objective Federated Learning Evolutionary Algorithm Based on Improved NSGA-III [J]. Computer Science, 2023, 50(4): 333-342.
[11] WU Fei, SONG Yibo, JI Yimu, XU Xi, WANG Musen, JING Xiaoyuan. Contribution-based Federated Learning Approach for Global Imbalanced Problem [J]. Computer Science, 2023, 50(12): 343-348.
[12] LI Renjie, YAN Qiao. Inter-cluster Optimization for Cluster Federated Learning [J]. Computer Science, 2023, 50(11A): 221000243-5.
[13] WANG Chundong, DU Yingqi, MO Xiuliang, FU Haoran. Enhanced Federated Learning Frameworks Based on CutMix [J]. Computer Science, 2023, 50(11A): 220800021-8.
[14] ZHANG Lianfu, TAN Zuowen. Federated Learning Privacy-preserving Approach for Multimodal Medical Data [J]. Computer Science, 2023, 50(11A): 230800021-8.
[15] FENG Chen, GU Jingjing. Efficient Distributed Training Framework for Federated Learning [J]. Computer Science, 2023, 50(11): 317-326.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.