Abstract | ||
---|---|---|
Over the past few years, a variety of membership inference attacks against deep learning models have emerged, raising significant privacy concerns. These attacks can easily infer whether a sample exists in the training set of the target model with little adversary knowledge, and the inference accuracy is often much higher than random guessing, which causes serious privacy leakage. To this end, defenses against membership inference attacks have attracted great interest. However, the current available defense methods such as regularization, differential privacy, and knowledge distillation are unable to balance the trade-off between privacy and utility well. In this paper, we combine knowledge distillation and generative adversarial networks to propose a novel training framework that can effectively defend against membership inference attacks, called KD-GAN. Extensive experiments show that our method implements an attack success rate of nearly 0.5 (random guesses) which can successfully defend against membership inference attacks without causing significant damage to model utility, and consistently outperforming other defense methods in the balance of privacy and utility. |
Year | DOI | Venue |
---|---|---|
2022 | 10.1002/int.23021 | INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS |
Keywords | DocType | Volume |
data privacy, generating adversarial network, knowledge distillation, membership inference attacks | Journal | 37 |
Issue | ISSN | Citations |
11 | 0884-8173 | 0 |
PageRank | References | Authors |
0.34 | 0 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zhenxin Zhang | 1 | 0 | 0.34 |
Guanbiao Lin | 2 | 0 | 0.68 |
Lishan Ke | 3 | 0 | 0.34 |
Shiyu Peng | 4 | 0 | 0.68 |
Li Hu | 5 | 0 | 0.34 |
Hongyang Yan | 6 | 32 | 7.09 |