论文笔记:Understanding Membership Inferences on Well-Generalized Learning Models

最新推荐文章于 2024-11-06 10:55:54 发布
最新推荐文章于 2024-11-06 10:55:54 发布
阅读量515 收藏 1
点赞数
分类专栏: 论文笔记 文章标签: 机器学习 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ChangeOrange/article/details/112315272
版权
本文探讨了即使模型泛化良好,会员推断攻击(MIA)仍可能成功的问题,指出过度拟合不是信息泄露的根本原因,而是一些训练实例对学习模型的独特影响。提出了通用MIA(GMIA)方法,通过检测和分析易受攻击的目标记录来推断其成员身份。
摘要由CSDN通过智能技术生成

目录

Introduction

背景论文:Membership inference attacks against machine learning models
1.Membership inference attack (MIA) can succeed on overfitted models with only black-box access to the model
2.Attack model can be constructed using labeled datasets generated by a set of shadow models
3. MIA is effective when the target models are overfitted to training data

问题:whether it is feasible to perform MIA on well-generalized models with only black-box access

关于ML privacy risk,作者的思考方向与答案:

(1) Is overfitting a root cause of membership disclosure from a machine learning model?
Overfitting can be sufficient but is by no means necessary for exposing membership information from training data.
(2) Is generalization the right solution for membership disclosure?
Existing regularization approaches are insufficient to defeat MIA(这一点与背景论文中的结论不同)
(3) What is the fundamental cause of membership disclosure?
Such information leaks are caused by the unique influences a specific instance in the training set can have on the learning model

Overfitting is essentially a special case of such unique influences but the generic situation is much more complicated.
In detection of overfitting:look for an instance’s positive impact on a model’s accuracy for the training set and limited/negative impact for the testing set.
In detection of the unique influences in general:consider the case when an instance both contributes useful information to the model for predicting other instances and brings in noise uniquely characterizing itself.

The model generalization methods that suppress overfitting may reduce the noise introduced by training instances, but cannot completely remove their unique influences, particularly the influences essential for the model’s prediction power.

GMIA–Generalized MIA

overfitted models: answers (probabilities) to the queries on the training instances differ significantly from those to other queries
well-generalized model :behaves similarly on the training data and test data, therefore Cannot utilize shadow models to generate a meaningful training set for the attack model

GMIA: detecting and analyzing vulnerable target records (outliers) to infer their membership

  1. extracting high-level feature vector from the intermediate outputs of models trained on the data(accessible to the adversary) to estimate whether a given instance is an outlier
    假设前提:an outlier is more likely to be a vulnerable target record when it
最低0.47元/天 解锁文章
ChangeOrange
关注
专栏目录
【ai】tx2 nx:ubuntu18.04 yolov4-triton-tensorrt 成功部署server 运行
突围
06-25 219
yolov4-triton-tensorrt
论文记录】Membership Inference Attacks Against Machine Learning Models
Liu, Q. B. 的博客
07-04 2009
Introduction 本文主要贡献 : quantify membership information leakage through the prediction outputs of machine learning models. 方法 : turn machine learning against itself and train an attack model
理解广义学习模型的成员推论.zh-CN.docx
06-11
理解广义学习模型的成员推论 Understanding Membership Inferences on Well-Generalized Learning Models 中文翻译
成员推断攻击:Membership Inference Attacks Again Machine Learning Models
zyz20001028的博客
05-04 3847
成员推断攻击 Membership Inference Attacks Again Machine Learning Models 看了成员推断攻击笔记经典的论文,做一点记录 概念 成员推断攻击的定义: 判断某一个数据记录是否在模型的训练集中的 核心问题:给定数据记录,和黑盒模型查询的权限,判断数据是否在训练集中 指标的选择: Precision: 推断是训练数据的数据占实际的(what fraction of records inferred as members are indeed members
mhaghighat-Generalized_Discriminant_Analysis
10-26
GeneralizedDiscriminantAnalysis
2020 IJCAI 接受论文 list 分类排列(二)
热门推荐
u014546828的博客
08-23 2万+
2020 IJCAI 接受论文 list 分类排列(一) 2020 IJCAI 接受论文 list 分类排列(二) 2020 IJCAI 接受论文 list 分类排列(三) 目录 Main track (Humans and AI) Main track (Knowledge Representation and Reasoning) Main track (Machine Learning) Main track (Machine Learning Applications) Mai.
第三十四周学习笔记
Peter的脱发日记
03-29 513
第三十四周学习笔记 CS231n Visualizing and Understanding 可视化第一层 通过visualize卷积核,可以得到卷积核寻找的pattern,因为图像的局部与卷积核越接近,内积越大,激活图的值就越大 可视化第二层 第二层的可视化不如第一层那么简单直接,因为,第二层的卷积核维度很大,且不与输入直接关联 可视化最后一层 最后一层的可视化,将不同图片最后一层的输出向量...
论文解析:Membership Inference Attacks Against Machine Learning Models(一看即懂)
ZXISABOY的博客
10-27 6329
论文解析:Membership Inference Attacks Against Machine Learning Models(一看即懂,超详细版本) Membership Inference Attacks Against Machine Learning Models 摘要:这篇文章致力于探索机器学习模型如何泄露训练集中的信息,专注于基本的成员推理攻击,即给出一个机器学习模型和一条记录,判断该样本是否被用作训练集中的一部分。 我们对“机器学习即服务(machine learning as a ser
论文笔记:ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learn
xff1994的博客
05-10 3116
这篇文章是上一篇Membership Inference Attacks Against Machine Learning Models的跟踪研究,其提出了三个攻击模型,将上一篇中的模型一步步简化。 第一个攻击模型是将上一篇中的影子模型数量降到一个,发现实验效果不会有啥下降。 第二个模型放宽攻击者对目标模型训练集的限制,认为攻击者可以对其一无所知。影子模型的训练集采用的是和目标模型不同领域的数据集...
最近读的文章
qq_41727987的博客
07-19 548
Privacy Preserving Machine Learning: Threats and Solutions, 2018 IEEE Security and Privacy Magazine 一篇综述,老师说和我们打算写的比较接近的文,所以读读看。【写得挺差】 intro:本文旨在联立ml与安全 ml:ml流程:分为有/无/半监督 threats:要面临的威胁: Private ...
论文笔记Membership Inference Attacks Against Machine Learning Models
xff1994的博客
05-08 1万+
Membership Inference Attacks Against Machine Learning Models 简介:这篇文章关注机器学习模型的隐私泄露问题,提出了一种成员推理攻击:给出一条样本,可以推断该样本是否在模型的训练数据集中——即便对模型的参数、结构知之甚少,该攻击仍然有效。其核心在于其提出的shadow learning技术。 问题设定 考虑多分类问题,模型的输出是一个预测向...
ICLR2020国际会议精彩演讲抢先看(含源码)!!
yinizhilianlove的博客
02-21 2万+
来源:AINLPer微信公众号(点击了解一下吧) 编辑: ShuYini 校稿: ShuYini 时间: 2020-02-21     2020年的ICLR会议将于今年的4月26日-4月30日在Millennium Hall, Addis Ababa ETHIOPIA(埃塞俄比亚首都亚的斯亚贝巴 千禧大厅)举行。     2020年ICLR会议(Eighth International Con...
【全文翻译】Membership Inference Attacks Against Machine Learning Models
weixin_43682519的博客
12-03 5654
摘要—我们定量研究了机器学习模型如何泄漏有关对其进行训练的单个数据记录的信息。 我们专注于基本的成员推理攻击:给定数据记录和对模型的黑匣子访问,确定记录是否在模型的训练数据集中。 为了针对目标模型执行成员推理,我们在对抗中使用了机器学习,并训练了自己的推理模型,以识别目标模型在训练后的输入与未训练在输入上的预测之间的差异。 我们对由商业“机器学习即服务”提供商(例如Google和Amazon)训练的分类模型进行经验评估,以评估我们的推理技术。 使用现实的数据集和分类任务,包括其出入会受到隐私角度影响的医院
机器学习攻击综述总结
Billy1900的博客
07-01 2945
Attacks on Machine Learning 文章目录Attacks on Machine Learning1. The first one of attacks categories1.1 Espionage1.2 Sabotage1.3 Fraud2.The second one of attacks categories2.1 Evasion (Adversarial Examples)Research Work2.2 Poisoning:Widespread.2.3 TrojianingR
秩和检验-matlab函数ranksum用法详解
qq_43015237的博客
03-19 1万+
Wilcoxon 检验之秩和检验rank-sum test
图上的对抗与攻击精选论文列表(​2021相关论文一览)
数据派THU
07-02 882
来源:深度学习与图网络 本文约1400字,建议阅读5分钟本文为你分享图上的对抗与攻击精选论文。 2021相关论文一览大规模攻击图神经网络图神经网络的黑盒梯度攻击:更深入洞察图的攻击和防御...
机器学习—矩阵乘法
最新发布
yn3535_的博客
11-06 590
让我们来看看向量矩阵乘法,也就是当你把一个向量乘以一个矩阵,又得到一个向量,列向量a转置后得到行向量a,所以与其把这看作是一个2×1的矩阵,转置后就变成了1×2的矩阵,现在用这四个元素创建一个2×2的矩阵w,如果你想计算Z,Z=a转置W,结果z是一个2×1的矩阵,计算z的第一个值,我们要做一个a转置乘w1,所以要计算z的第一个元素,最终得到(1*3)+(2*4),然后计算第二个元素,现在将转置乘w2,,所以计算第二个元素,最终得到(1*5)+(2*6)。如何在向量之间取点积?
机器学习系列----介绍前馈神经网络和卷积神经网络 (CNN)
DK22151的博客
11-05 1388
前馈神经网络(FNN)是一种最基本的神经网络结构,信息在网络中按单向流动,没有任何循环或反馈连接。它由输入层、若干隐藏层和输出层组成。输入层:接收原始数据,传递给网络中的隐藏层。隐藏层:通过神经元和激活函数处理数据,捕捉数据中的特征。输出层:输出网络最终的预测结果。FNN 是最简单的神经网络结构,通常用于分类和回归问题。卷积神经网络(CNN)是一种专门用于处理具有网格结构的数据的深度学习算法,最常用于图像处理任务。
TAR: SQL Guided Pre-Training for Context-dependent Text-to-SQL Parsing
03-31
TAR (Table-aware Pre-training with Abstract Reasoning) is a pre-training framework for context-dependent text-to-SQL parsing. It leverages SQL knowledge and utilizes abstract reasoning to better understand the context of a natural language query and generate accurate SQL queries. The TAR model works by first pre-training on a large corpus of text and SQL pairs to learn the general patterns and structures of SQL queries. It then fine-tunes on a smaller dataset of context-dependent text-to-SQL examples to adapt to specific contexts and improve accuracy. One unique aspect of TAR is its use of table-aware pre-training, which allows the model to incorporate information from the table schema into the pre-training process. This helps the model better understand the relationships between tables and columns, and improves its ability to generate accurate SQL queries. TAR also incorporates abstract reasoning, which allows the model to make inferences and understand implicit relationships between words and concepts. This helps the model handle more complex queries and improves its overall performance. Overall, TAR is a promising approach to improving context-dependent text-to-SQL parsing, and has shown strong results on several benchmark datasets.
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值