Inferring Class Label Distribution of Training Data from Classifiers: An Accuracy-Augmented Meta-Classifier Attack

Property inference attacks against machine learning (ML) models aim to infer properties of the training data that are unrelated to the primary task of the model, and have so far been formulated as binary decision problems, i.e., whether or not the training data have a certain property. However, in industrial and healthcare applications, the proportion of labels in the training data is quite often also considered sensitive information. In this paper we introduce a new type of property inference attack that unlike binary decision problems in literature, aim at inferring the class label distribution of the training data from parameters of ML classifier models. We propose a method based on \emph{shadow training} and a \emph{meta-classifier} trained on the parameters of the shadow classifiers augmented with the accuracy of the classifiers on auxiliary data. We evaluate the proposed approach for ML classifiers with fully connected neural network architectures. We find that the proposed \emph{meta-classifier} attack provides a maximum relative improvement of $52\%$ over state of the art.Comment: 12 pages, 2022 Trustworthy and Socially Responsible Machine Learning (TSRML 2022) co-located with NeurIPS 202

Differential Privacy for Class-based Data: A Practical Gaussian Mechanism

In this paper, we present a notion of differential privacy (DP) for data that comes from different classes. Here, the class-membership is private information that needs to be protected. The proposed method is an output perturbation mechanism that adds noise to the release of query response such that the analyst is unable to infer the underlying class-label. The proposed DP method is capable of not only protecting the privacy of class-based data but also meets quality metrics of accuracy and is computationally efficient and practical. We illustrate the efficacy of the proposed method empirically while outperforming the baseline additive Gaussian noise mechanism. We also examine a real-world application and apply the proposed DP method to the autoregression and moving average (ARMA) forecasting method, protecting the privacy of the underlying data source. Case studies on the real-world advanced metering infrastructure (AMI) measurements of household power consumption validate the excellent performance of the proposed DP method while also satisfying the accuracy of forecasted power consumption measurements.Comment: Under review in IEEE Transactions on Information Forensics & Securit

Differential Privacy for Class-based Data: A Practical Gaussian Mechanism

In this paper, we present a notion of differential privacy (DP) for data that comes from different classes. Here, the class-membership is private information that needs to be protected. The proposed method is an output perturbation mechanism that adds noise to the release of query response such that the analyst is unable to infer the underlying class-label. The proposed DP method is capable of not only protecting the privacy of class-based data but also meets quality metrics of accuracy and is computationally efficient and practical. We illustrate the efficacy of the proposed method empirically while outperforming the baseline additive Gaussian noise mechanism.We also examine a real-world application and apply the proposed DP method to the autoregression and moving average (ARMA) forecasting method, protecting the privacy of the underlying data source. Case studies on the real-world advanced metering infrastructure (AMI) measurements of household power consumption validate the excellent performance of the proposed DP method while also satisfying the accuracy of forecasted power consumption measurements

Model-Based Interference Cartography and Visualization

In this work, we present a tool to construct and visualize the spatio-temporal variations of power. A dataset of real-world power measurements is collected over a geographical area of interest. Relevant parameters of the environment such as the path loss exponent and the decorrelation time of the lognormal shadow fading are extracted from the dataset. Also, the average powers measured at a finite set of known locations are interpolated to obtain the average power distribution over the area. Using the parameters of the lognormal shadow fading, synthetic data with the same temporal behavior of the dataset is generated, and multiplied with the average power distribution. The resulting spatio-temporal power map is displayed on the screen through a graphical user interface developed in-house. The proposed approaches for interpolation and parameter extraction are validated using test datasets generated using the well-accepted modified Gudmundson model for the spatio-temporal correlation of lognormal shadow fading. We also undertake a comparative study of three different interpolation techniques: linear interpolation, inverse distance weighing and ordinary kriging. Further, we compare a model-based approach with a model-free approach for interpolation, and find that model-based ordinary kriging provides the best mean absolute percentage error performance

TECoSA – Trends, Drivers, and Strategic Directions for Trustworthy Edge Computing in Industrial Applications

TECoSA – a university-based research center in collaboration with industry – was established early in 2020, focusing on Trustworthy Edge Computing Systems and Applications. This article summarizes and assesses the current trends and drivers regarding edge computing. In our analysis, edge computing provided by mobile network operators will be the initial dominating form of this new computing paradigm for the coming decade. These insights form the basis for the research agenda of the TECoSA center, highlighting more advanced use cases, including AR/VR/Cognitive Assistance, cyber-physical systems, and distributed machine learning. The article further elaborates on the identified strategic directions given these trends, emphasizing testbeds and collaborative multidisciplinary research.QC 20230626TECoSA center (https://www.tecosa.center.kth.se/