TY - GEN
T1 - CoReg
T2 - 8th International Conference on Data Science in Cyberspace, DSC 2023
AU - Yang, Yungcong
AU - Lai, Minghao
AU - Han, Xiao
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Machine learning is widely used in many areas, however, it has been proved that machine learning models are prone to leak sensitive information of the training data. For instance, the adversary could precisely infer whether a sample belongs to the target model's training set with membership inference attacks (MIAs). To mitigate the membership inference risks, we propose a novel defense framework, named CoReg. It trains multiple sub-models and they regularize each other with a novel collaborative regularization. With this method, we could reduce the membership leakage risks by enforcing the model to have similar behavior on members and non-members, while maintaining high classification performances. Furthermore, we propose an adversarial output control module to select the output of the least risky sub-model as the final output. We carry out extensive experiments on three datasets and verify that CoReg could achieve better protection effects against MIAs than baselines while maintaining high classification accuracy.
AB - Machine learning is widely used in many areas, however, it has been proved that machine learning models are prone to leak sensitive information of the training data. For instance, the adversary could precisely infer whether a sample belongs to the target model's training set with membership inference attacks (MIAs). To mitigate the membership inference risks, we propose a novel defense framework, named CoReg. It trains multiple sub-models and they regularize each other with a novel collaborative regularization. With this method, we could reduce the membership leakage risks by enforcing the model to have similar behavior on members and non-members, while maintaining high classification performances. Furthermore, we propose an adversarial output control module to select the output of the least risky sub-model as the final output. We carry out extensive experiments on three datasets and verify that CoReg could achieve better protection effects against MIAs than baselines while maintaining high classification accuracy.
KW - Machine learning
KW - membership inference attacks
KW - privacy protection
UR - https://www.scopus.com/pages/publications/85184346338
U2 - 10.1109/DSC59305.2023.00027
DO - 10.1109/DSC59305.2023.00027
M3 - 会议稿件
AN - SCOPUS:85184346338
T3 - Proceedings - 2023 8th International Conference on Data Science in Cyberspace, DSC 2023
SP - 120
EP - 127
BT - Proceedings - 2023 8th International Conference on Data Science in Cyberspace, DSC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 August 2023 through 20 August 2023
ER -