Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning
In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We ref...
Guardado en:
| Autores principales: | , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
Sciendo
2022
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/56cd977fda7b4e01ba8ccebbda7d6e6e |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:56cd977fda7b4e01ba8ccebbda7d6e6e |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:56cd977fda7b4e01ba8ccebbda7d6e6e2021-12-05T14:11:10ZZen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning2299-098410.2478/popets-2022-0014https://doaj.org/article/56cd977fda7b4e01ba8ccebbda7d6e6e2022-01-01T00:00:00Zhttps://doi.org/10.2478/popets-2022-0014https://doaj.org/toc/2299-0984In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We refer to such mitigations as model adaptation. Through extensive experimentation on both, benchmark and real-life datasets, we establish a more practical threat model for collaborative learning scenarios. In particular, we evaluate the impact of model adaptation by implementing a range of attacks belonging to the broader categories of model inversion and membership inference. Our experiments yield two noteworthy outcomes: they demonstrate the difficulty of actually conducting successful attacks under realistic settings when model adaptation is employed and they highlight the challenge inherent in successfully combining model adaptation and formal privacy-preserving techniques to retain the optimal balance between model utility and attack resilience.Usynin DmitriiRueckert DanielPasserat-Palmbach JonathanKaissis GeorgiosSciendoarticleprivacycomputer visionfederated learningmembership inferencemodel inversionEthicsBJ1-1725Electronic computers. Computer scienceQA75.5-76.95ENProceedings on Privacy Enhancing Technologies, Vol 2022, Iss 1, Pp 274-290 (2022) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
privacy computer vision federated learning membership inference model inversion Ethics BJ1-1725 Electronic computers. Computer science QA75.5-76.95 |
| spellingShingle |
privacy computer vision federated learning membership inference model inversion Ethics BJ1-1725 Electronic computers. Computer science QA75.5-76.95 Usynin Dmitrii Rueckert Daniel Passerat-Palmbach Jonathan Kaissis Georgios Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| description |
In this study, we aim to bridge the gap between the theoretical understanding of attacks against collaborative machine learning workflows and their practical ramifications by considering the effects of model architecture, learning setting and hyperparameters on the resilience against attacks. We refer to such mitigations as model adaptation. Through extensive experimentation on both, benchmark and real-life datasets, we establish a more practical threat model for collaborative learning scenarios. In particular, we evaluate the impact of model adaptation by implementing a range of attacks belonging to the broader categories of model inversion and membership inference. Our experiments yield two noteworthy outcomes: they demonstrate the difficulty of actually conducting successful attacks under realistic settings when model adaptation is employed and they highlight the challenge inherent in successfully combining model adaptation and formal privacy-preserving techniques to retain the optimal balance between model utility and attack resilience. |
| format |
article |
| author |
Usynin Dmitrii Rueckert Daniel Passerat-Palmbach Jonathan Kaissis Georgios |
| author_facet |
Usynin Dmitrii Rueckert Daniel Passerat-Palmbach Jonathan Kaissis Georgios |
| author_sort |
Usynin Dmitrii |
| title |
Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| title_short |
Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| title_full |
Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| title_fullStr |
Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| title_full_unstemmed |
Zen and the art of model adaptation: Low-utility-cost attack mitigations in collaborative machine learning |
| title_sort |
zen and the art of model adaptation: low-utility-cost attack mitigations in collaborative machine learning |
| publisher |
Sciendo |
| publishDate |
2022 |
| url |
https://doaj.org/article/56cd977fda7b4e01ba8ccebbda7d6e6e |
| work_keys_str_mv |
AT usynindmitrii zenandtheartofmodeladaptationlowutilitycostattackmitigationsincollaborativemachinelearning AT rueckertdaniel zenandtheartofmodeladaptationlowutilitycostattackmitigationsincollaborativemachinelearning AT passeratpalmbachjonathan zenandtheartofmodeladaptationlowutilitycostattackmitigationsincollaborativemachinelearning AT kaissisgeorgios zenandtheartofmodeladaptationlowutilitycostattackmitigationsincollaborativemachinelearning |
| _version_ |
1718371300771102720 |