Lessons Learned: Defending Against Property Inference Attacks

Joshua Stock; Jens Wettlaufer; Daniel Demmler; Hannes Federrath

doi:10.5220/0012049200003555

Lessons Learned: Defending Against Property Inference Attacks

Joshua Stock, Jens Wettlaufer, Daniel Demmler, Hannes Federrath

2023

Abstract

This work investigates and evaluates defense strategies against property inference attacks (PIAs), a privacy attack against machine learning models. While for other privacy attacks like membership inference, a lot of research on defense mechanisms has been published, this is the first work focusing on defending against PIAs. One of the mitigation strategies we test in this paper is a novel proposal called property unlearning. Extensive experiments show that while this technique is very effective when defending against specific adversaries, it is not able to generalize, i.e., protect against a whole class of PIAs. To investigate the reasons behind this limitation, we present the results of experiments with the explainable AI tool LIME and the visualization technique t-SNE. These show how ubiquitous statistical properties of training data are in the parameters of a trained machine learning model. Hence, we develop the conjecture that post-training techniques like property unlearning might not suffice to provide the desirable generic protection against PIAs. We conclude with a discussion of different defense approaches, a summary of the lessons learned and directions for future work.

Download

Paper Citation

in Harvard Style

Stock J., Wettlaufer J., Demmler D. and Federrath H. (2023). Lessons Learned: Defending Against Property Inference Attacks. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 312-323. DOI: 10.5220/0012049200003555

in Bibtex Style

@conference{secrypt23,
author={Joshua Stock and Jens Wettlaufer and Daniel Demmler and Hannes Federrath},
title={Lessons Learned: Defending Against Property Inference Attacks},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={312-323},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012049200003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Lessons Learned: Defending Against Property Inference Attacks
SN - 978-989-758-666-8
AU - Stock J.
AU - Wettlaufer J.
AU - Demmler D.
AU - Federrath H.
PY - 2023
SP - 312
EP - 323
DO - 10.5220/0012049200003555
PB - SciTePress