DAMIA: Leveraging Domain Adaptation as a Defense against Membership Inference Attacks
This addresses security concerns for vendors and researchers deploying deep learning models, though it appears incremental as it builds on existing domain adaptation techniques.
The paper tackles the problem of membership inference attacks on deep learning models by proposing DAMIA, a defense that uses domain adaptation to obfuscate the training dataset, resulting in negligible impact on model usability while effectively preventing attacks.
Deep Learning (DL) techniques allow ones to train models from a dataset to solve tasks. DL has attracted much interest given its fancy performance and potential market value, while security issues are amongst the most colossal concerns. However, the DL models may be prone to the membership inference attack, where an attacker determines whether a given sample is from the training dataset. Efforts have been made to hinder the attack but unfortunately, they may lead to a major overhead or impaired usability. In this paper, we propose and implement DAMIA, leveraging Domain Adaptation (DA) as a defense aginist membership inference attacks. Our observation is that during the training process, DA obfuscates the dataset to be protected using another related dataset, and derives a model that underlyingly extracts the features from both datasets. Seeing that the model is obfuscated, membership inference fails, while the extracted features provide supports for usability. Extensive experiments have been conducted to validates our intuition. The model trained by DAMIA has a negligible footprint to the usability. Our experiment also excludes factors that may hinder the performance of DAMIA, providing a potential guideline to vendors and researchers to benefit from our solution in a timely manner.