Against Membership Inference Attack: Pruning is All You Need
This addresses privacy risks for users of deep learning models, especially on mobile devices, but is incremental as it builds on existing pruning techniques.
The authors tackled the problem of deep neural networks being vulnerable to membership inference attacks by proposing a pruning algorithm that finds a subnet to prevent privacy leakage while maintaining competitive accuracy. Their experimental results show attack accuracy reductions of up to 13.6% and 10% compared to baseline methods.
The large model size, high computational operations, and vulnerability against membership inference attack (MIA) have impeded deep learning or deep neural networks (DNNs) popularity, especially on mobile devices. To address the challenge, we envision that the weight pruning technique will help DNNs against MIA while reducing model storage and computational operation. In this work, we propose a pruning algorithm, and we show that the proposed algorithm can find a subnetwork that can prevent privacy leakage from MIA and achieves competitive accuracy with the original DNNs. We also verify our theoretical insights with experiments. Our experimental results illustrate that the attack accuracy using model compression is up to 13.6% and 10% lower than that of the baseline and Min-Max game, accordingly.