Date of Award
Entropy, Jacobian Matrix, Knowledge Transfer, Machine Learning, Membership Inference Attack, Privacy-preserving machine learning
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Given a machine learning model and a record, membership inference attacks determine whether this record was used as part of the model’s training dataset. This can raise privacy issues.
There is a desideratum to providing robust mitigation techniques against this attack that will not affect utility. One of the state-of-the-art frameworks in this area is SELENA, which has two phases: Split-AI and Distillation to train a protected model, which by giving non-members behavior to members tries to mitigate membership inference attacks.
In this thesis, we introduce a novel approach to the Split-AI phase, which tries to weaken the membership inference by using the Jacobian matrix norm and entropy. We experimentally demonstrate that by using our approach, we can decrease the memorization of the machine-learning model for two datasets: Purchase100 and CIFAR-10. We experimentally also show that our approach outperforms SELENA by 11.98% and 6.44% in terms of attack recall for Purchase100 and CIFAR-10, respectively.
Sheikhjaberi, "Reducing Model Memorization to Mitigate Membership Inference Attacks" (2023). Electronic Theses and Dissertations. 9040.