loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Radia Kassa 1 ; 2 ; Kamel Adi 2 and Myria Bouhaddi 2

Affiliations: 1 Laboratoire LITAN, École supérieure en Sciences et Technologies de l’Informatique et du Numérique, RN 75, Amizour 06300, Bejaia, Algeria ; 2 Computer Security Research Laboratory, University of Quebec in Outaouais, Gatineau, Quebec, Canada

Keyword(s): Membership Inference Attacks, Data Privacy, Machine Learning, Defense Mechanism, Optimal Noise Injection, Prediction Entropy, Black-Box Defense, Optimized Noise, Shapley Values.

Abstract: Membership inference attacks (MIAs) present a serious risk to data privacy in machine learning (ML) models, as they allow attackers to determine whether a given data point was included in the training set. Although various defenses exist, they often struggle to effectively balance privacy and utility. To address this challenge, we propose in this paper a novel defense mechanism based on Optimal Noise Injection during the training phase. Our approach involves injecting a carefully designed and controlled noise vector into each training sample. This optimization maximizes prediction entropy to obscure membership signals while leveraging Shapley values to preserve data utility. Experiments on benchmark datasets show that our method reduces MIA success rates significantly without sacrificing accuracy, offering a strong privacy-utility trade-off for black-box scenarios.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 216.73.216.150

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Kassa, R., Adi, K. and Bouhaddi, M. (2025). Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks. In Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-760-3; ISSN 2184-7711, SciTePress, pages 531-538. DOI: 10.5220/0013639300003979

@conference{secrypt25,
author={Radia Kassa and Kamel Adi and Myria Bouhaddi},
title={Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT},
year={2025},
pages={531-538},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013639300003979},
isbn={978-989-758-760-3},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - SECRYPT
TI - Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks
SN - 978-989-758-760-3
IS - 2184-7711
AU - Kassa, R.
AU - Adi, K.
AU - Bouhaddi, M.
PY - 2025
SP - 531
EP - 538
DO - 10.5220/0013639300003979
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic