Summary of Defending Membership Inference Attacks Via Privacy-aware Sparsity Tuning, by Qiang Hu et al.
Defending Membership Inference Attacks via Privacy-aware Sparsity Tuning
by Qiang Hu, Hengxiang Zhang, Hongxin Wei
First submitted to arxiv on: 9 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary Over-parameterized models are vulnerable to membership inference attacks, which aim to determine whether a specific sample is included in the training of a given model. This paper addresses this issue by proposing Privacy-aware Sparsity Tuning (PAST), a simple fix to L1 regularization that adapts penalties to different parameters based on their privacy sensitivity. PAST promotes sparsity in parameters that significantly contribute to privacy leakage, resulting in strong resistance to attacks. The method is evaluated through extensive experiments, demonstrating its state-of-the-art balance between privacy and utility. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Some models can be tricked into revealing whether a certain sample was used to train them or not. This paper finds a way to make these models more private by adjusting how they punish themselves for being over-parameterized. The new method, called PAST, makes the model less sensitive to the presence of certain samples and more resistant to attacks that try to figure out if a sample was used in training. |
Keywords
» Artificial intelligence » Inference » Regularization
