skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace Training
Award ID(s):
2229876
PAR ID:
10524881
Author(s) / Creator(s):
; ;
Publisher / Repository:
33rd USENIX Security Symposium (USENIX Security 24)
Date Published:
Format(s):
Medium: X
Location:
Philadelphia, Pennsylvania
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, USENIX)
  2. ; ; ; (, Journal of the American Statistical Association)
  3. ; ; ; ; ; (, Public-Key Cryptography (PKC 2023))
    Boldyreva, A.; Kolesnikov, V. (Ed.)
    A private set membership (PSM) protocol allows a β€œreceiver” to learn whether its input x is contained in a large database 𝖣𝖑 held by a β€œsender”. In this work, we define and construct credible private set membership (C-PSM) protocols: in addition to the conventional notions of privacy, C-PSM provides a soundness guarantee that it is hard for a sender (that does not know x) to convince the receiver that π‘₯βˆˆπ–£π–‘. Furthermore, the communication complexity must be logarithmic in the size of 𝖣𝖑. We provide 2-round (i.e., round-optimal) C-PSM constructions based on standard assumptions: We present a black-box construction in the plain model based on DDH or LWE. Next, we consider protocols that support predicates f beyond string equality, i.e., the receiver can learn if there exists π‘€βˆˆπ–£π–‘ such that 𝑓(π‘₯,𝑀)=1. We present two results with transparent setups: (1) A black-box protocol, based on DDH or LWE, for the class of NC1 functions f which are efficiently searchable. (2) An LWE-based construction for all bounded-depth circuits. The only non-black-box use of cryptography in this construction is through the bootstrapping procedure in fully homomorphic encryption. As an application, our protocols can be used to build enhanced round-optimal leaked password notification services, where unlike existing solutions, a dubious sender cannot fool a receiver into changing its password. https://doi.org/10.1007/978-3-031-31371-4_6 
    more » « less
  4. ; (, Theoretical Computer Science)
    null (Ed.)
  5. ; ; ; ; (, Proceedings on Privacy Enhancing Technologies)
    Abstract We study membership inference in settings where assumptions commonly used in previous research are relaxed. First, we consider cases where only a small fraction of the candidate pool targeted by the adversary are members and develop a PPV-based metric suitable for this setting. This skewed prior setting is more realistic than the balanced prior setting typically considered. Second, we consider adversaries that select inference thresholds according to their attack goals, such as identifying as many members as possible with a given false positive tolerance. We develop a threshold selection designed for achieving particular attack goals. Since previous inference attacks fail in imbalanced prior settings, we develop new inference attacks based on the intuition that inputs corresponding to training set members will be near a local minimum in the loss function. An attack that combines this with thresholds on the per-instance loss can achieve high PPV even in settings where other attacks are ineffective. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email