Skip to main content
SpringerLink
Log in

Confidentiality of Machine Learning Models

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

This article is about ensuring the confidentiality of models using machine learning systems. The aim of this study is to ensure the confidentiality of models when using machine learning systems. This study analyzes attacks aimed at violating the confidentiality of these models and methods of protection from this type of attack, as a result of which the task of protecting against this type of attack is formulated as a search for anomalies in the input data. A method is proposed for detecting abnormalities in the input data based on the statistical data, taking into consideration the resumption of the attack by the intruder under a different account. The results obtained can be used as a base for designing components of machine learning security systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.

REFERENCES

  1. Attacks against artificial intelligence. https://media.kaspersky.com/ru/business-security/attacks-on-artificial-intelligence-whitepaper.pdf. Cited December 25, 2021.

  2. Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., and Loukas, G., A taxonomy and survey of attacks against machine learning, Comput. Sci. Rev., 2019, vol. 34, no. 4, p. 100199. https://doi.org/10.1016/j.cosrev.2019.100199

    Article  MathSciNet  Google Scholar 

  3. Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., and Mukhopadhyay, D., Adversarial attacks and defenses: A survey, 2018. https://doi.org/10.48550/arXiv.1810.00069

  4. Hayes, J., Melis, L., Danezis, G., and De Cristofaro, E., LOGAN: Membership inference attacks against generative models, PETS, 2019, pp. 133–152. https://doi.org/10.48550/arXiv.1705.07663

    Book  Google Scholar 

  5. Shokri, R., Stronati, M., Song, C., and Shmatikov, V., Membership inference attacks against machine learning models, 2017 IEEE Symp. on Security and Privacy (SP), San Jose, Calif., 2017, IEEE, 2017, pp. 3–18. https://doi.org/10.1109/sp.2017.41

  6. Salem, A., Zhang, Ya., Humbert, M., Berrang, P., Fritz, M., and Backes, M., ML-Leaks: Model and data independent membership inference attacks and defenses on machine learning models, Proc. 2019 Annu. Network and Distributed System Security Symp. (NDSS), 2019, pp. 1–15. https://doi.org/10.48550/arXiv.1806.01246

  7. Long, Y., Bindschaedler, V., Wang, L., Bu, D., Wang, X., Tang, H., Gunter, C.A., and Chen, K., Understanding membership inferences on well-generalized learning models, 2018, pp. 1–16. https://doi.org/10.48550/arXiv.1802.04889

  8. Rahman, Md.A., Rahman, T., Laganiere, R., Mohammed, N., and Wang, Y., Membership inference attack against differentially private deep learning model, Trans. Data Privacy, 2018, vol. 11, no. 1, pp. 61–79.

    Google Scholar 

  9. Nasr, M., Shokri, R., and Houmansadr, A., Machine learning with membership privacy using adversarial regularization, Proc. 2018 ACM SIGSAC Conf. on Computer and Communications Security, Toronto, 2018, New York: Association for Computing Machinery, 2018, pp. 634–646. https://doi.org/10.1145/3243734.3243855

  10. Jia, J., Salem, A., Backes, M., Zhang, Ya., and Gong, N.Z., MemGuard: Defending against black-box membership inference attacks via adversarial examples, Proc. 2019 ACM SIGSAC Conf. on Computer and Communications Security, London, 2019, New York: Association for Computing Machinery, 2019, pp. 259–274. https://doi.org/10.1145/3319535.3363201

  11. Tonni, S.M., Farokhi, F., Vatsalan, D., Kaafar, D., Lu, Zh., and Tangari, G., Data and model dependencies of membership inference attack, Proc. Privacy Enhancing Technologies. âЂ“ 2020, pp. 1–17. https://doi.org/10.48550/arXiv.2002.06856

  12. Fredrikson, M., Jha, S., and Ristenpart, T., Model inversion attacks that exploit confidence information and basic countermeasures, Proc. 22nd ACM SIGSAC Conf. on Computer and Communications Security, Denver, Colo., 2015, New York: Association for Computing Machinery, 2015, pp. 1322–1333. https://doi.org/10.1145/2810103.2813677

  13. Park, C., Hong, D., and Seo, C., An attack-based evaluation method for differentially private learning against model inversion attack, IEEE Access, 2019, vol. 7, pp. 124988–124999. https://doi.org/10.1109/access.2019.2938759

    Article  Google Scholar 

  14. Hidano, S., Murakami, T., Katsumata, S., Kiyomoto, S., and Hanaoka, G., Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes, 2017 15th Annu. Conf. on Privacy, Security and Trust (PST), Calgary, Canada, 2017, IEEE, 2017, pp. 115–126. https://doi.org/10.1109/pst.2017.00023

  15. Wang, D., Si, Ch., and Xu, J., Regression model fitting under differential privacy and model inversion attack, Proc. 24th Int. Conf. on Artificial Intelligence, Buenos Aires, 2015, Yang, Q. and Wooldridge, M., Eds., AAAI Press, 2015, pp. 1003–1009.

  16. Basu, S., Izmailov, R., and Mesterharm, C., Membership model inversion attacks for deep networks, 2019, pp. 1–7. https://doi.org/10.48550/arXiv.1910.04257

  17. He, Z., Zhang, T., and Lee, R.B., Model inversion attacks against collaborative inference, Proc. 35th Annu. Computer Security Applications Conf., San Juan, P.R., 2019, New York: Association for Computing Machinery, 2019, pp. 148–162. https://doi.org/10.1145/3359789.3359824

  18. Chandrasekaran, V., Chaudhuri, K., Giacomelli, I., Jha, S., and Yan, S., Exploring connections between active learning and model extraction, Proc. 29th USENIX Conf. on Security Symp., USENIX Association, 2020, pp. 1309–1326. https://www.usenix.org/conference/usenixsecurity20/presentation/chandrasekaran.

    Google Scholar 

  19. Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., and Ristenpart, T., Stealing machine learning models via prediction APIs, 25th USENIX Security Symp., Austin, TX: USENIX Association, 2016, pp. 601–618. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/tramer.

    Google Scholar 

  20. Lowd, D. and Meek, C., Adversarial learning, Proc. Eleventh ACM SIGKDD Int. Conf. on Knowledge Discovery in Data Mining, Chicago, 2005, New York: Association for Computing Machinery, 2005, pp. 641–647. https://doi.org/10.1145/1081870.1081950

  21. Wang, B. and Gong, N.Z., Stealing hyperparameters in machine learning, 2018 IEEE Symp. on Security and Privacy (SP), San Francisco, 2018, IEEE, 2018, pp. 36–52. https://doi.org/10.1109/sp.2018.00038

  22. Takemura, T., Yanai, N., and Fujiwara, T., Model extraction attacks against recurrent neural networks, 2020, pp. 1–11. https://doi.org/10.48550/arXiv.2002.00123

  23. Yu, H., Yang, K., Zhang, T., Tsai, Yu.-Yu., Ho, Ts.-Yi., and Jin, Yi., CloudLeak: Large-scale deep learning models stealing through adversarial examples, Proc. 2020 Network and Distributed System Security Symp., Internet Society, 2020, pp. 1–16. https://doi.org/10.14722/ndss.2020.24178

  24. Lee, T., Edwards, B., Molloy, I., and Su, D., Defending against machine learning model stealing attacks using deceptive perturbations, pp. 1–8. https://doi.org/10.48550/arXiv.1806.00054

  25. Quiring, E., Arp, D., and Rieck, K., Forgotten siblings: Unifying attacks on machine learning and digital watermarking, 2018 IEEE Eur. Symp. on Security and Privacy (EuroS&P), London, 2018, IEEE, 2018, pp. 488–502. https://doi.org/10.1109/eurosp.2018.00041

  26. Juuti, M., Szyller, S., Marchal, S., and Asokan, N., PRADA: Protecting against DNN model stealing attacks, 2019 IEEE Eur. Symp. on Security and Privacy (EuroS&P), Stockholm, 2019, IEEE, 2019, pp. 512–527. https://doi.org/10.1109/eurosp.2019.00044

  27. Unguryanu, T.N. and Grjibovski, A.M., Brief recommendations on description, statistical analysis, and representation of data in scientific publications, Ekol. Chel., 2014, no. 5, pp. 55–60.

  28. CIFAR10. https://www.tensorflow.org/datasets/catalog/cifar10?hl=ru. Cited December 10, 2022.

  29. MNIST. https://www.tensorflow.org/datasets/catalog/mnist?hl=ru. Cited December 10, 2022.

Download references

Funding

This work was supported by ongoing institutional funding. No additional grants to carry out or direct this particular research were obtained.

Author information

Authors and Affiliations

  1. Peter the Great St. Petersburg Polytechnic University, 195251, St. Petersburg, Russia

    M. A. Poltavtseva & E. A. Rudnitskaya

Authors
  1. M. A. Poltavtseva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. A. Rudnitskaya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to E. A. Rudnitskaya.

Ethics declarations

The authors of this work declare that they have no conflicts of interest.

Additional information

Translated by S. Kuznetsov

Publisher’s Note.

Allerton Press remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Poltavtseva, M.A., Rudnitskaya, E.A. Confidentiality of Machine Learning Models. Aut. Control Comp. Sci. 57, 975–982 (2023). https://doi.org/10.3103/S0146411623080242

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411623080242

Keywords:

Search

Navigation