Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning

Nasr, Milad; Shokri, Reza; Houmansadr, Amir

doi:10.1109/sp.2019.00065

articleMay 1, 2019GOLD OA

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning

MNMilad Nasr RSReza Shokri AHAmir Houmansadr

University of Massachusetts Amherst · National University of Singapore

Indexed inarxivcrossref

Abstract

Deep neural networks are susceptible to various inference attacks as they remember information about their training data. We design white-box inference attacks to perform a comprehensive privacy analysis of deep learning models. We measure the privacy leakage through parameters of fully trained models as well as the parameter updates of models during training. We design inference algorithms for both centralized and federated learning, with respect to passive and active inference attackers, and assuming different adversary prior knowledge. We evaluate our novel white-box membership inference attacks against deep learning algorithms to trace their training data records. We show that a straightforward extension…

Citation impact

1,536

total citations

FWCI: 90.68
Percentile: 100%
References: 65

Citations per year

Authors

3

Topics & keywords

Topics

Keywords

Inference
Computer science
Deep learning
Artificial intelligence
Machine learning
White box
Black box
Artificial neural network

UN Sustainable Development Goals

Peace, Justice and strong institutions

No related works found for this paper.