Showing 1–2 of 2 results for author: Shumaker, T
-
Class Clown: Data Redaction in Machine Unlearning at Enterprise Scale
Authors:
Daniel L. Felps,
Amelia D. Schwickerath,
Joyce D. Williams,
Trung N. Vuong,
Alan Briggs,
Matthew Hunt,
Evan Sakmar,
David D. Saranchak,
Tyler Shumaker
Abstract:
Individuals are gaining more control of their personal data through recent data privacy laws such the General Data Protection Regulation and the California Consumer Privacy Act. One aspect of these laws is the ability to request a business to delete private information, the so called "right to be forgotten" or "right to erasure". These laws have serious financial implications for companies and org…
▽ More
Individuals are gaining more control of their personal data through recent data privacy laws such the General Data Protection Regulation and the California Consumer Privacy Act. One aspect of these laws is the ability to request a business to delete private information, the so called "right to be forgotten" or "right to erasure". These laws have serious financial implications for companies and organizations that train large, highly accurate deep neural networks (DNNs) using these valuable consumer data sets. However, a received redaction request poses complex technical challenges on how to comply with the law while fulfilling core business operations. We introduce a DNN model lifecycle maintenance process that establishes how to handle specific data redaction requests and minimize the need to completely retrain the model. Our process is based upon the membership inference attack as a compliance tool for every point in the training set. These attack models quantify the privacy risk of all training data points and form the basis of follow-on data redaction from an accurate deployed model; excision is implemented through incorrect label assignment within incremental model updates.
△ Less
Submitted 8 December, 2020;
originally announced December 2020.
-
Bootstrap Aggregation for Point-based Generalized Membership Inference Attacks
Authors:
Daniel L. Felps,
Amelia D. Schwickerath,
Joyce D. Williams,
Trung N. Vuong,
Alan Briggs,
Matthew Hunt,
Evan Sakmar,
David D. Saranchak,
Tyler Shumaker
Abstract:
An efficient scheme is introduced that extends the generalized membership inference attack to every point in a model's training data set. Our approach leverages data partitioning to create variable sized training sets for the reference models. We then train an attack model for every single training example for a reference model configuration based upon output for each individual point. This allows…
▽ More
An efficient scheme is introduced that extends the generalized membership inference attack to every point in a model's training data set. Our approach leverages data partitioning to create variable sized training sets for the reference models. We then train an attack model for every single training example for a reference model configuration based upon output for each individual point. This allows us to quantify the membership inference attack vulnerability of each training data point. Using this approach, we discovered that smaller amounts of reference model training data led to a stronger attack. Furthermore, the reference models do not need to be of the same architecture as the target model, providing additional attack efficiencies. The attack may also be performed by an adversary even when they do not have the complete original data set.
△ Less
Submitted 17 November, 2020;
originally announced November 2020.