MAster assignment
Back to the Roots: Privacy Attacks on Decision Trees
TYPE : MASTER M-CS
Period : Jan 2023 -
Student : Meerhof, J.J. (Jaap, Student M-CS)
Date Final project:
Thesis t.b.a.
Supervisor:
Description:
The application of machine learning techniques is envisioned for various different scenarios and often the training process of machine learning models is relying on sensitive training data, such as medical information. Several attacks on machine learning models have been developed in the last decade to retrieve information about the training data such as membership inference [1], model inversion / reconstruction [2] and property inference [3]. Hence, attackers that gain access to machine learning models threaten privacy of individuals whose sensitive information has been used to train these models.
While the majority of these attacks target advanced machine learning techniques such as neural networks, actual machine learning approaches envisioned for the medical domain rely on simpler techniques, e.g. decision trees and random forests. The main task of this project is to understand to what extent the attack strategies on advanced techniques proposed in academia can be adopted to simpler techniques used in real-world applications. This project is in collaboration with the Dutch Institute for Public Health and the Environment (RIVM).
As a starting point, you are going to identify potential attack techniques that have been proposed in literature. After this literature review, attacks are assessed experimentally on artificial data with respect to transferability to simpler machine learning models. Here, a specific focus is put on attacks that assume a comparable setup as envisioned by RIVM for their machine learning applications. Finally, a potential attack mitigation might be evaluated and the security-utility trade off is studied for a concrete dataset.
Requirements:
- You have a background on machine learning
- You have good programming skills in Python and preferably pre-knowledge about TensorFlow or a similar machine-learning platform.
- You are interested in privacy-preserving machine learning techniques
References:
[1]: Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In IEEE Symposium on Security and Privacy (SP ‘17)
[2]: Ziqi Yang, Jiyi Zhang, Ee-Chien Chang, and Zhenkai Liang. 2019. Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS ’19)
[3]: Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov. 2018. Property Inference Attacks on Fully Connected Neural Networks Using Permutation Invariant Representations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS ’18).