Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning

by   Briland Hitaj, et al.

Deep Learning has recently become hugely popular in machine learning, providing significant improvements in classification accuracy in the presence of highly-structured and large databases. Researchers have also considered privacy implications of deep learning. Models are typically trained in a centralized manner with all the data being processed by the same training algorithm. If the data is a collection of users' private data, including habits, personal pictures, geographical positions, interests, and more, the centralized server will have access to sensitive information that could potentially be mishandled. To tackle this problem, collaborative deep learning models have recently been proposed where parties locally train their deep learning structures and only share a subset of the parameters in the attempt to keep their respective training sets private. Parameters can also be obfuscated via differential privacy (DP) to make information extraction even more challenging, as proposed by Shokri and Shmatikov at CCS'15. Unfortunately, we show that any privacy-preserving collaborative deep learning is susceptible to a powerful attack that we devise in this paper. In particular, we show that a distributed, federated, or decentralized deep learning approach is fundamentally broken and does not protect the training sets of honest participants. The attack we developed exploits the real-time nature of the learning process that allows the adversary to train a Generative Adversarial Network (GAN) that generates prototypical samples of the targeted training set that was meant to be private (the samples generated by the GAN are intended to come from the same distribution as the training data). Interestingly, we show that record-level DP applied to the shared parameters of the model, as suggested in previous work, is ineffective (i.e., record-level DP is not designed to address our attack).


page 9

page 10

page 11

page 12


Differentially Private Data Generative Models

Deep neural networks (DNNs) have recently been widely adopted in various...

Key Protected Classification for Collaborative Learning

Large-scale datasets play a fundamental role in training deep learning m...

Towards Fair and Decentralized Privacy-Preserving Deep Learning with Blockchain

In collaborative deep learning, current learning frameworks follow eithe...

An Empirical Study on the Membership Inference Attack against Tabular Data Synthesis Models

Tabular data typically contains private and important information; thus,...

Equivariant Differentially Private Deep Learning

The formal privacy guarantee provided by Differential Privacy (DP) bound...

Disentangling private classes through regularization

Deep learning models are nowadays broadly deployed to solve an incredibl...

Blockchain as a Service: An Autonomous, Privacy Preserving, Decentralized Architecture for Deep Learning

Deep learning algorithms have recently gained attention due to their inh...

Please sign up or login with your details

Forgot password? Click here to reset