Skip to main content
SpringerLink
Log in

Comprehensive Analysis of Privacy in Black-Box and White-Box Inference Attacks Against Generative Adversarial Network

  • Conference paper
  • First Online:
Future Data and Security Engineering (FDSE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 13076))

Included in the following conference series:

Abstract

Nowadays, deep learning models have many applications in social life. Specifically, the generative adversarial network (GAN) has many applications such as multimodal image-to-image translation, text to image, image filter, image editing, stylized images, data augmentation. However, deep neural networks are vulnerable to inference attacks as they memorize information about their training data. In this study, we set up black-box and white-box attacks to comprehensively evaluate the privacy of generalization models on the LFW dataset and CIFAR dataset. In addition, we measured the leakage of private information through the parameters of the fully trained model as well as the parameter updates of the model during training. In a white box attack setup, we evaluated inference attacks against GAN by monitoring their training data samples. In the black box attack setup, we divided it into two types of black box attacks with supporting information and without supporting information. We assumed that the attacker had about 10% to 20% of the target model training dataset in the black box attack with supporting information. Finally, we concluded the relationship between the number of training epochs and the GAN properties with information leakage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adomavicius, G., Tuzhilin, A.: Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions. IEEE Trans. Knowl. Data Eng. 17(6), 734–749 (2005)

    Article  Google Scholar 

  2. Huang, G.B., Mattar, M., Berg, T., Learned-Miller, E.: Labeled faces in the wild: a database for studying face recognition in unconstrained environments. In: Workshop on Faces in ‘Real-Life’ Images: Detection, Alignment, and Recognition, October 2008

    Google Scholar 

  3. Krizhevsky, A., Hinton, G.: Learning multiple layers of features from tiny images (2009)

    Google Scholar 

  4. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, pp. 173–187, May 2009

    Google Scholar 

  5. Bengio, Y., Yao, L., Alain, G., Vincent, P.: Generalized denoising auto-encoders as generative models. In: Proceedings of the 27th International Conference on Neural Information Processing Systems, pp. 899–907 (2013)

    Google Scholar 

  6. Goodfellow, I., et al.: Generative adversarial nets. In: Proceedings of the 27th International Conference on Neural Information Processing Systems, pp. 2672–2680 (2014)

    Google Scholar 

  7. Mirza, M., Osindero, S.: Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014)

  8. Ateniese, G., Mancini, L.V., Spognardi, A., Villani, A., Vitali, D., Felici, G.: Hacking smart machines with smarter ones: how to extract meaningful data from machine learning classifiers. Int. J. Secur. Netw. 10(3), 137–150 (2015)

    Article  Google Scholar 

  9. Ji, S., Li, W., Gong, N.Z., Mittal, P., Beyah, R.A.: On your social network de-anonymizablity: quantification and large-scale evaluation with seed knowledge. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2015

    Google Scholar 

  10. Asghar, H.J., Melis, L., Soldani, C., De Cristofaro, E., Kaafar, M.A., Mathy, L.: Splitbox: toward efficient private network function virtualization. In: Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Middleboxes and Network Function Virtualization, pp. 7–13, August 2016

    Google Scholar 

  11. Zhu, J.-Y., Krähenbühl, P., Shechtman, E., Efros, A.A.: Generative visual manipulation on the natural image manifold. In: Leibe, B., Matas, J., Sebe, N., Welling, M. (eds.) ECCV 2016. LNCS, vol. 9909, pp. 597–613. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46454-1_36

    Chapter  Google Scholar 

  12. Oord, A.V.D., Kalchbrenner, N., Vinyals, O., Espeholt, L., Graves, A., Kavukcuoglu, K.: Conditional image generation with PixelCNN decoders. In: Proceedings of the 30th International Conference on Neural Information Processing Systems, pp. 4797–4805 (2016)

    Google Scholar 

  13. Qian, J., Li, X.Y., Zhang, C., Chen, L.: De-anonymizing social networks and inferring private attributes using knowledge graphs. In: Proceedings of the 35th Annual IEEE International Conference on Computer Communications, pp. 1–9, April 2016

    Google Scholar 

  14. Salimans, T., Goodfellow, I., Zaremba, W., Cheung, V., Radford, A., Chen, X.: Improved techniques for training GANs. In: Proceedings of the 30th International Conference on Neural Information Processing Systems, pp. 2234–2242, December 2016

    Google Scholar 

  15. Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: Proceedings of the 34th International Conference on Machine Learning, vol. 70, pp. 214–223, August 2017

    Google Scholar 

  16. Gulrajani, I., Ahmed, F., Arjovsky, M., Dumoulin, V., Courville, A.: Improved training of Wasserstein GANs. In: Proceedings of the 31st International Conference on Neural Information Processing Systems, pp. 5769–5779, December 2017

    Google Scholar 

  17. Ledig, C., et al.: Photo-realistic single image super-resolution using a generative adversarial network. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4681–4690 (2017)

    Google Scholar 

  18. Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: Proceedings of the 38th IEEE Symposium on Security and Privacy (SP), pp. 3–18, May 2017

    Google Scholar 

  19. Wu, B., Duan, H., Liu, Z., Sun, G.: SRPGAN: perceptual generative adversarial network for single image super resolution. arXiv preprint arXiv:1712.05927 (2017)

  20. Zhu, J.Y., Park, T., Isola, P., Efros, A.A.: Unpaired image-to-image translation using cycle-consistent adversarial networks. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 2223–2232 (2017)

    Google Scholar 

  21. Chen, Y., Lai, Y.K., Liu, Y.J.: CartoonGAN: generative adversarial networks for photo cartoonization. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 9465–9474 (2018)

    Google Scholar 

  22. Karras, T., Laine, S., Aila, T.: A style-based generator architecture for generative adversarial networks. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 4401–4410 (2019)

    Google Scholar 

  23. Ha, T., Dang, T.K., Dang, T.T., Truong, T.A., Nguyen, M.T.: Differential privacy in deep learning: an overview. In: Proceedings of the 13th International Conference on Advanced Computing and Applications (ACOMP), pp. 97–102, November 2019

    Google Scholar 

  24. Melis, L., Song, C., De Cristofaro, E., Shmatikov, V.: Exploiting unintended feature leakage in collaborative learning. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (SP), pp. 497–512, April 2019

    Google Scholar 

  25. Nasr, M., Shokri, R., Houmansadr, A.: Comprehensive privacy analysis of deep learning: passive and active white-box inference attacks against centralized and federated learning. In: Proceedings of the 40th IEEE Symposium on Security and Privacy (SP), pp. 1021–1035, April 2019

    Google Scholar 

  26. Shen, Y., Gu, J., Tang, X., Zhou, B.: Interpreting the latent space of GANs for semantic face editing. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9243–9252 (2020)

    Google Scholar 

  27. Ha, T., Dang, T.K., Le, H., Truong, T.A.: Security and privacy issues in deep learning: a brief review. SN Comput. Sci. 1(5), 1–15 (2020)

    Article  Google Scholar 

Download references

Acknowledgment

This work is supported by a project with the Department of Science and Technology, Ho Chi Minh City, Vietnam (contract with HCMUT No. 42/2019/HD-QPTKHCN, dated 11/7/2019). We also thank all members of AC Lab and D-STAR Lab for their great supports and comments during the preparation of this paper.

Author information

Authors and Affiliations

  1. University of Information Technology, VNU-HCM, Thu Duc City, Vietnam

    Trung Ha

  2. Ho Chi Minh City University of Technology (HCMUT), VNU-HCM, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  3. H2A Technology Solutions Joint-Stock Company, Bien Hoa, Dong Nai, Vietnam

    Nhan Nguyen-Tan

Authors
  1. Trung Ha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tran Khanh Dang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhan Nguyen-Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tran Khanh Dang .

Editor information

Editors and Affiliations

  1. HCMC University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Sungkyunkwan University, Suwon, Korea (Republic of)

    Tai M. Chung

  4. Hosei University, Koganei-shi, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ha, T., Dang, T.K., Nguyen-Tan, N. (2021). Comprehensive Analysis of Privacy in Black-Box and White-Box Inference Attacks Against Generative Adversarial Network. In: Dang, T.K., Küng, J., Chung, T.M., Takizawa, M. (eds) Future Data and Security Engineering. FDSE 2021. Lecture Notes in Computer Science(), vol 13076. Springer, Cham. https://doi.org/10.1007/978-3-030-91387-8_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91387-8_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91386-1

  • Online ISBN: 978-3-030-91387-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation