On the Privacy Risks of Cell-Based NAS Architectures
This addresses privacy vulnerabilities in NAS architectures for machine learning practitioners, but it is incremental as it builds on known risks in human-designed architectures.
The paper tackles the problem of privacy risks in neural architecture search (NAS) architectures, finding that cell-based NAS architectures are vulnerable to privacy attacks and identifying cell patterns that affect these risks, with experiments showing up to 30% higher vulnerability in certain patterns.
Existing studies on neural architecture search (NAS) mainly focus on efficiently and effectively searching for network architectures with better performance. Little progress has been made to systematically understand if the NAS-searched architectures are robust to privacy attacks while abundant work has already shown that human-designed architectures are prone to privacy attacks. In this paper, we fill this gap and systematically measure the privacy risks of NAS architectures. Leveraging the insights from our measurement study, we further explore the cell patterns of cell-based NAS architectures and evaluate how the cell patterns affect the privacy risks of NAS-searched architectures. Through extensive experiments, we shed light on how to design robust NAS architectures against privacy attacks, and also offer a general methodology to understand the hidden correlation between the NAS-searched architectures and other privacy risks.