1,104 research outputs found
Privacy-Preserving Synthetic Smart Meters Data
Power consumption data is very useful as it allows to optimize power grids,
detect anomalies and prevent failures, on top of being useful for diverse
research purposes. However, the use of power consumption data raises
significant privacy concerns, as this data usually belongs to clients of a
power company. As a solution, we propose a method to generate synthetic power
consumption samples that faithfully imitate the originals, but are detached
from the clients and their identities. Our method is based on Generative
Adversarial Networks (GANs). Our contribution is twofold. First, we focus on
the quality of the generated data, which is not a trivial task as no standard
evaluation methods are available. Then, we study the privacy guarantees
provided to members of the training set of our neural network. As a minimum
requirement for privacy, we demand our neural network to be robust to
membership inference attacks, as these provide a gateway for further attacks in
addition to presenting a privacy threat on their own. We find that there is a
compromise to be made between the privacy and the performance provided by the
algorithm
NeuGuard: Lightweight Neuron-Guided Defense against Membership Inference Attacks
Membership inference attacks (MIAs) against machine learning models can lead
to serious privacy risks for the training dataset used in the model training.
In this paper, we propose a novel and effective Neuron-Guided Defense method
named NeuGuard against membership inference attacks (MIAs). We identify a key
weakness in existing defense mechanisms against MIAs wherein they cannot
simultaneously defend against two commonly used neural network based MIAs,
indicating that these two attacks should be separately evaluated to assure the
defense effectiveness. We propose NeuGuard, a new defense approach that jointly
controls the output and inner neurons' activation with the object to guide the
model output of training set and testing set to have close distributions.
NeuGuard consists of class-wise variance minimization targeting restricting the
final output neurons and layer-wise balanced output control aiming to constrain
the inner neurons in each layer. We evaluate NeuGuard and compare it with
state-of-the-art defenses against two neural network based MIAs, five strongest
metric based MIAs including the newly proposed label-only MIA on three
benchmark datasets. Results show that NeuGuard outperforms the state-of-the-art
defenses by offering much improved utility-privacy trade-off, generality, and
overhead
- …