Colloquium Computer Science - Dr. Hassan Asghar, University of Macquarie

Title: Infeasibility of Attribute Inference Attacks and Private Assurance of the Value of Collaboration in Machine Learning

Abstract:

In this two part talk, we will first discuss the privacy vulnerabilities in the form of membership and attribute inference attacks on machine learning models, and their relationship. We first show in theory that membership inference attacks on their own cannot be used to infer unknown attributes (attribute inference attack) by an attacker given black or white-box access to a machine learning model. We then define a new class of membership inference attacks, called strong membership inference, and show that they are necessary to launch attribute inference attacks. We show that existing membership inference attacks do not satisfy this definition and hence are unable to distinguish between members and nearby non-members. We validate our findings with experiments on multiple datasets and machine learning models.

In the second part of the talk, we look at a solution to the following problem: Two parties wish to collaborate on their datasets. However, before they reveal their datasets to each other, the parties want to have the guarantee that the collaboration would be fruitful. We look at this problem from the point of view of machine learning, where one party is promised an improvement on its prediction model by incorporating data from the other party. The parties would only wish to collaborate further if the updated model shows an improvement in accuracy. Before this is ascertained, the two parties would not want to disclose their models and datasets. In this work, we construct an interactive protocol for this problem based on the fully homomorphic encryption scheme over the Torus (TFHE), and label differential privacy, where the underlying machine learning model is a neural network.