Authors:
Mathias Parisot
1
;
Balázs Pejó
2
and
Dayana Spagnuelo
3
Affiliations:
1
University of Amsterdam, Amsterdam, The Netherlands
;
2
CrySyS Lab, Dept. of Networked Systems and Services, Budapest Univ. of Technology and Economics, Budapest, Hungary
;
3
Vrije Universiteit Amsterdam, Amsterdam, The Netherlands
Keyword(s):
Property Inference Attacks, Convolutional Neural Networks, Model Complexity.
Abstract:
Machine learning models’ goal is to make correct predictions for specific tasks by learning important properties and patterns from data. By doing so, there is a chance that the model learns properties that are unrelated to its primary task. Property Inference Attacks exploit this and aim to infer from a given model (i.e., the target model) properties about the training dataset seemingly unrelated to the model’s primary goal. If the training data is sensitive, such an attack could lead to privacy leakage. In this paper, we investigate the influence of the target model’s complexity on the accuracy of this type of attack, focusing on convolutional neural network classifiers. We perform attacks on models that are trained on facial images to predict whether someone’s mouth is open. Our attacks’ goal is to infer whether the training dataset is balanced gender-wise. Our findings reveal that the risk of a privacy breach is present independently of the target model’s complexity: for all studi
ed architectures, the attack’s accuracy is clearly over the baseline.
(More)