Tom Titcombe
Practical defences against model inversion attacks for split neural networks
Titcombe, Tom; Hall, Adam James; Papadopoulos, Pavlos; Romanini, Daniele
Authors
Abstract
We describe a threat model under which a split network-based federated learning system is susceptible to a model inversion attack by a malicious computational server. We demonstrate that the attack can be successfully performed with limited knowledge of the data distribution by the attacker. We propose a simple additive noise method to defend against model inversion, finding that the method can significantly reduce attack efficacy at an acceptable accuracy trade-off on MNIST. Furthermore, we show that NoPeekNN, an existing defensive method, protects different information from exposure, suggesting that a combined defence is necessary to fully protect private user data.
Citation
Titcombe, T., Hall, A. J., Papadopoulos, P., & Romanini, D. (2021, May). Practical defences against model inversion attacks for split neural networks. Paper presented at ICLR 2021 Workshop on Distributed and Private Machine Learning (DPML 2021), Online
Presentation Conference Type | Conference Paper (unpublished) |
---|---|
Conference Name | ICLR 2021 Workshop on Distributed and Private Machine Learning (DPML 2021) |
Start Date | May 7, 2021 |
Publication Date | Apr 21, 2021 |
Deposit Date | Oct 31, 2022 |
Publicly Available Date | Nov 1, 2022 |
Public URL | http://researchrepository.napier.ac.uk/Output/2946016 |
Publisher URL | https://dp-ml.github.io/2021-workshop-ICLR/ |
Files
Practical Defences Against Model Inversion Attacks For Split Neural Networks
(517 Kb)
PDF
You might also like
Towards a Secure Manufacturing Framework for Single Malt Whisky in Industry 4.0
(2025)
Presentation / Conference Contribution
DID:RING: Ring Signatures Using Decentralised Identifiers For Privacy-Aware Identity Proof
(2024)
Presentation / Conference Contribution
Transforming EU Governance: The Digital Integration Through EBSI and GLASS
(2024)
Presentation / Conference Contribution
Explainable AI-Based DDOS Attack Identification Method for IoT Networks
(2023)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search