Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity

M. Parisot; null Balázs; D. Spagnuelo

doi:10.5220/0010555607150721

Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity

M. Parisot, Balázs, D. Spagnuelo

Business Web and Media

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reservedMachine learning models’ goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model’s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model’s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone’s mouth is open. Our attacks’ goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model’s complexity: for all studied architectures, the attack’s accuracy is clearly over the baseline.

Original language	English
Title of host publication	Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021
Editors	S.De.C. di Vimercati, P. Samarati
Publisher	SciTePress
Pages	715-721
ISBN (Electronic)	9789897585241
DOIs	https://doi.org/10.5220/0010555607150721
Publication status	Published - 2021
Event	18th International Conference on Security and Cryptography, SECRYPT 2021 - Virtual, Online Duration: 6 Jul 2021 → 8 Jul 2021

Conference

Conference	18th International Conference on Security and Cryptography, SECRYPT 2021
City	Virtual, Online
Period	6/07/21 → 8/07/21

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.5220/0010555607150721

Persistent URL (handle)

Persistent link

11 Citations
1 Working paper

Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity
Parisot, M. P. M., Pejo, B. & Spagnuelo, D., 27 Apr 2021.
Research output: Working paper / Preprint › Working paper › Academic

File

Cite this

Parisot, M., Balázs, & Spagnuelo, D. (2021). Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity. In S. D. C. di Vimercati, & P. Samarati (Eds.), Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021 (pp. 715-721). SciTePress. https://doi.org/10.5220/0010555607150721

@inproceedings{e532196f521a4453a6a992a8c1700645,

title = "Property inference attacks on convolutional neural networks: Influence and implications of target model{\textquoteright}s complexity",

abstract = "Copyright {\textcopyright} 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reservedMachine learning models{\textquoteright} goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model{\textquoteright}s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model{\textquoteright}s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone{\textquoteright}s mouth is open. Our attacks{\textquoteright} goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model{\textquoteright}s complexity: for all studied architectures, the attack{\textquoteright}s accuracy is clearly over the baseline.",

author = "M. Parisot and Bal{\'a}zs and D. Spagnuelo",

year = "2021",

doi = "10.5220/0010555607150721",

language = "English",

pages = "715--721",

editor = "{di Vimercati}, S.De.C. and P. Samarati",

booktitle = "Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021",

publisher = "SciTePress",

note = "18th International Conference on Security and Cryptography, SECRYPT 2021 ; Conference date: 06-07-2021 Through 08-07-2021",

}

Parisot, M, Balázs & Spagnuelo, D 2021, Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity. in SDC di Vimercati & P Samarati (eds), Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021. SciTePress, pp. 715-721, 18th International Conference on Security and Cryptography, SECRYPT 2021, Virtual, Online, 6/07/21. https://doi.org/10.5220/0010555607150721

Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity. / Parisot, M.; Balázs; Spagnuelo, D.
Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021. ed. / S.De.C. di Vimercati; P. Samarati. SciTePress, 2021. p. 715-721.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Property inference attacks on convolutional neural networks

T2 - 18th International Conference on Security and Cryptography, SECRYPT 2021

AU - Parisot, M.

AU - Balázs, null

AU - Spagnuelo, D.

PY - 2021

Y1 - 2021

N2 - Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reservedMachine learning models’ goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model’s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model’s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone’s mouth is open. Our attacks’ goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model’s complexity: for all studied architectures, the attack’s accuracy is clearly over the baseline.

AB - Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reservedMachine learning models’ goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model’s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model’s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone’s mouth is open. Our attacks’ goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model’s complexity: for all studied architectures, the attack’s accuracy is clearly over the baseline.

U2 - 10.5220/0010555607150721

DO - 10.5220/0010555607150721

M3 - Conference contribution

SP - 715

EP - 721

BT - Proceedings of the 18th International Conference on Security and Cryptography, SECRYPT 2021

A2 - di Vimercati, S.De.C.

A2 - Samarati, P.

PB - SciTePress

Y2 - 6 July 2021 through 8 July 2021

ER -

Property inference attacks on convolutional neural networks: Influence and implications of target model’s complexity

Abstract

Conference

UN SDGs

Access to Document

Persistent URL (handle)

Fingerprint

Research output

Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity

Cite this