Practical Defences Against Model Inversion Attacks for Split Neural Networks

Add code
Apr 21, 2021
Tom Titcombe, Adam J. Hall, Pavlos Papadopoulos, Daniele Romanini
Figure 1 for Practical Defences Against Model Inversion Attacks for Split Neural Networks
Figure 2 for Practical Defences Against Model Inversion Attacks for Split Neural Networks
Figure 3 for Practical Defences Against Model Inversion Attacks for Split Neural Networks
Figure 4 for Practical Defences Against Model Inversion Attacks for Split Neural Networks

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We describe a threat model under which a split network-based federated learning system is susceptible to a model inversion attack by a malicious computational server. We demonstrate that the attack can be successfully performed with limited knowledge of the data distribution by the attacker. We propose a simple additive noise method to defend against model inversion, finding that the method can significantly reduce attack efficacy at an acceptable accuracy trade-off on MNIST. Furthermore, we show that NoPeekNN, an existing defensive method, protects different information from exposure, suggesting that a combined defence is necessary to fully protect private user data.

* ICLR 2021 Workshop on Distributed and Private Machine Learning (DPML 2021)  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon