Ahmed Salem (CISPA Helmholtz Center for Information Security), Yang Zhang (CISPA Helmholtz Center for Information Security), Mathias Humbert (Swiss Data Science Center, ETH Zurich/EPFL), Pascal Berrang (CISPA Helmholtz Center for Information Security), Mario Fritz (CISPA Helmholtz Center for Information Security), Michael Backes (CISPA Helmholtz Center for Information Security)

Machine learning (ML) has become a core component of many real-world applications and training data is a key factor that drives current progress. This huge success has led Internet companies to deploy machine learning as a service (MLaaS). Recently, the first membership inference attack has shown that extraction of information on the training set is possible in such MLaaS settings, which has severe security and privacy implications.

However, the early demonstrations of the feasibility of such attacks have many assumptions on the adversary, such as using multiple so-called shadow models, knowledge of the target model structure, and having a dataset from the same distribution as the target model's training data. We relax all these key assumptions, thereby showing that such attacks are very broadly applicable at low cost and thereby pose a more severe risk than previously thought. We present the most comprehensive study so far on this emerging and developing threat using eight diverse datasets which show the viability of the proposed attacks across domains.

In addition, we propose the first effective defense mechanisms against such broader class of membership inference attacks that maintain a high level of utility of the ML model.

View More Papers

Countering Malicious Processes with Process-DNS Association

Suphannee Sivakorn (Columbia University), Kangkook Jee (NEC Labs America), Yixin Sun (Princeton University), Lauri Korts-Pärn (Cyber Defense Institute), Zhichun Li (NEC Labs America), Cristian Lumezanu (NEC Labs America), Zhenyu Wu (NEC Labs America), Lu-An Tang (NEC Labs America), Ding Li (NEC Labs America)

Read More

Profit: Detecting and Quantifying Side Channels in Networked Applications

Nicolás Rosner (University of California, Santa Barbara), Ismet Burak Kadron (University of California, Santa Barbara), Lucas Bang (Harvey Mudd College), Tevfik Bultan (University of California, Santa Barbara)

Read More

Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics...

Daimeng Wang (University of California Riverside), Ajaya Neupane (University of California Riverside), Zhiyun Qian (University of California Riverside), Nael Abu-Ghazaleh (University of California Riverside), Srikanth V. Krishnamurthy (University of California Riverside), Edward J. M. Colbert (Virginia Tech), Paul Yu (U.S. Army Research Lab (ARL))

Read More

Latex Gloves: Protecting Browser Extensions from Probing and Revelation...

Alexander Sjösten (Chalmers University of Technology), Steven Van Acker (Chalmers University of Technology), Pablo Picazo-Sanchez (Chalmers University of Technology), Andrei Sabelfeld (Chalmers University of Technology)

Read More