11 research outputs found
Inferring Class Label Distribution of Training Data from Classifiers: An Accuracy-Augmented Meta-Classifier Attack
Property inference attacks against machine learning (ML) models aim to infer
properties of the training data that are unrelated to the primary task of the
model, and have so far been formulated as binary decision problems, i.e.,
whether or not the training data have a certain property. However, in
industrial and healthcare applications, the proportion of labels in the
training data is quite often also considered sensitive information. In this
paper we introduce a new type of property inference attack that unlike binary
decision problems in literature, aim at inferring the class label distribution
of the training data from parameters of ML classifier models. We propose a
method based on \emph{shadow training} and a \emph{meta-classifier} trained on
the parameters of the shadow classifiers augmented with the accuracy of the
classifiers on auxiliary data. We evaluate the proposed approach for ML
classifiers with fully connected neural network architectures. We find that the
proposed \emph{meta-classifier} attack provides a maximum relative improvement
of over state of the art.Comment: 12 pages, 2022 Trustworthy and Socially Responsible Machine Learning
(TSRML 2022) co-located with NeurIPS 202
Differential Privacy for Class-based Data: A Practical Gaussian Mechanism
In this paper, we present a notion of differential privacy (DP) for data that
comes from different classes. Here, the class-membership is private information
that needs to be protected. The proposed method is an output perturbation
mechanism that adds noise to the release of query response such that the
analyst is unable to infer the underlying class-label. The proposed DP method
is capable of not only protecting the privacy of class-based data but also
meets quality metrics of accuracy and is computationally efficient and
practical. We illustrate the efficacy of the proposed method empirically while
outperforming the baseline additive Gaussian noise mechanism. We also examine a
real-world application and apply the proposed DP method to the autoregression
and moving average (ARMA) forecasting method, protecting the privacy of the
underlying data source. Case studies on the real-world advanced metering
infrastructure (AMI) measurements of household power consumption validate the
excellent performance of the proposed DP method while also satisfying the
accuracy of forecasted power consumption measurements.Comment: Under review in IEEE Transactions on Information Forensics & Securit
Recommended from our members
Differential Privacy for Class-based Data: A Practical Gaussian Mechanism
In this paper, we present a notion of differential privacy (DP) for data that comes from different classes. Here, the class-membership is private information that needs to be protected. The proposed method is an output perturbation mechanism that adds noise to the release of query response such that the analyst is unable to infer the underlying class-label. The proposed DP method is capable of not only protecting the privacy of class-based data but also meets quality metrics of accuracy and is computationally efficient and practical. We illustrate the efficacy of the proposed method empirically while outperforming the baseline additive Gaussian noise mechanism.We also examine a real-world application and apply the proposed DP method to the autoregression and moving average (ARMA) forecasting method, protecting the privacy of the underlying data source. Case studies on the real-world advanced metering infrastructure (AMI) measurements of household power consumption validate the excellent performance of the proposed DP method while also satisfying the accuracy of forecasted power consumption measurements
Model-Based Interference Cartography and Visualization
In this work, we present a tool to construct and visualize the spatio-temporal variations of power. A dataset of real-world power measurements is collected over a geographical area of interest. Relevant parameters of the environment such as the path loss exponent and the decorrelation time of the lognormal shadow fading are extracted from the dataset. Also, the average powers measured at a finite set of known locations are interpolated to obtain the average power distribution over the area. Using the parameters of the lognormal shadow fading, synthetic data with the same temporal behavior of the dataset is generated, and multiplied with the average power distribution. The resulting spatio-temporal power map is displayed on the screen through a graphical user interface developed in-house. The proposed approaches for interpolation and parameter extraction are validated using test datasets generated using the well-accepted modified Gudmundson model for the spatio-temporal correlation of lognormal shadow fading. We also undertake a comparative study of three different interpolation techniques: linear interpolation, inverse distance weighing and ordinary kriging. Further, we compare a model-based approach with a model-free approach for interpolation, and find that model-based ordinary kriging provides the best mean absolute percentage error performance
TECoSA – Trends, Drivers, and Strategic Directions for Trustworthy Edge Computing in Industrial Applications
TECoSA – a university-based research center in collaboration with industry – was established early in 2020, focusing on Trustworthy Edge Computing Systems and Applications. This article summarizes and assesses the current trends and drivers regarding edge computing. In our analysis, edge computing provided by mobile network operators will be the initial dominating form of this new computing paradigm for the coming decade. These insights form the basis for the research agenda of the TECoSA center, highlighting more advanced use cases, including AR/VR/Cognitive Assistance, cyber-physical systems, and distributed machine learning. The article further elaborates on the identified strategic directions given these trends, emphasizing testbeds and collaborative multidisciplinary research.QC 20230626TECoSA center (https://www.tecosa.center.kth.se/