From ca38b0fc383ced87e9a8e639cc98d41874f06eca Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 12 Aug 2020 11:41:32 -0400 Subject: [PATCH 1/9] Add new extraction paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index de3703a..5b4c45a 100644 --- a/README.md +++ b/README.md @@ -97,3 +97,4 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints**](https://dl.acm.org/doi/pdf/10.1145/3373376.3378460) (Hu et al., 2020) - [**CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel**](https://www.usenix.org/system/files/sec19-batina.pdf) (Batina et al., 2019) - [**Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures**](https://www.usenix.org/conference/usenixsecurity20/presentation/yan) (Yan et al., 2020) +- [**Reverse-Engineering Deep ReLU Networks**](https://arxiv.org/abs/1910.00744) (Rolnick and Kording, 2020) From d45c94bb66637b20587efc6769c4146e9f285686 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Fri, 14 Aug 2020 15:58:24 -0400 Subject: [PATCH 2/9] Remove last extraction paper Trying to fix merge issue --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5b4c45a..de3703a 100644 --- a/README.md +++ b/README.md @@ -97,4 +97,3 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints**](https://dl.acm.org/doi/pdf/10.1145/3373376.3378460) (Hu et al., 2020) - [**CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel**](https://www.usenix.org/system/files/sec19-batina.pdf) (Batina et al., 2019) - [**Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures**](https://www.usenix.org/conference/usenixsecurity20/presentation/yan) (Yan et al., 2020) -- [**Reverse-Engineering Deep ReLU Networks**](https://arxiv.org/abs/1910.00744) (Rolnick and Kording, 2020) From 126a98d88431ebf5970ead3768df9aa48c80f166 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 17 Aug 2020 15:45:47 -0400 Subject: [PATCH 3/9] Add model inversion paper Only a Google Drive link was available --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index de3703a..212f753 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**I Know What You See: Power Side-Channel Attack on Convolutional Neural Network Accelerators**](https://arxiv.org/pdf/1803.05847.pdf) (Wei et al., 2019) - [**Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning**](https://arxiv.org/abs/1904.01067) (Salem et al., 2019) - [**Illuminating the Dark or how to recover what should not be seen in FE-based classifiers**](https://eprint.iacr.org/2018/1001) (Carpov et al., 2020) +- [**Evaluation Indicator for Model Inversion Attack**](https://drive.google.com/file/d/1rl77BGtGHzZ8obWUEOoqunXCjgvpzE8d/view) (Tanaka et al., 2020) ## Property inference - [**Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers**](https://dl.acm.org/doi/10.1504/IJSN.2015.071829) (Ateniese et al., 2015) From e45cb36bc24f0d86b63d27bb0f035a5cc0600192 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 17 Aug 2020 15:47:37 -0400 Subject: [PATCH 4/9] Add new mia paper --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 212f753..c4033b9 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,8 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Towards the Infeasibility of Membership Inference on Deep Models**](https://arxiv.org/pdf/2005.13702.pdf) (Rezaei and Liu, 2020) ([code](https://github.com/shrezaei/MI-Attack)) - [**Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference**](https://arxiv.org/abs/1906.11798) (Leino and Fredrikson, 2020) - [**Label-Only Membership Inference Attacks**](https://arxiv.org/abs/2007.14321) (Choquette Choo et al., 2020) +- [**Label-Leaks: Membership Inference Attack with Label**](https://arxiv.org/abs/2007.15528) (Li and Zhang, 2020) + ## Reconstruction Reconstruction attacks cover also attacks known as *model inversion* and *attribute inference*. From 447b2d56062c11561a29913fac507924e8e5c8f2 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 17 Aug 2020 21:54:38 -0400 Subject: [PATCH 5/9] Add new inversion paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c4033b9..6ffe824 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning**](https://arxiv.org/abs/1904.01067) (Salem et al., 2019) - [**Illuminating the Dark or how to recover what should not be seen in FE-based classifiers**](https://eprint.iacr.org/2018/1001) (Carpov et al., 2020) - [**Evaluation Indicator for Model Inversion Attack**](https://drive.google.com/file/d/1rl77BGtGHzZ8obWUEOoqunXCjgvpzE8d/view) (Tanaka et al., 2020) +- [**Understanding Unintended Memorization in Federated Learning**](https://arxiv.org/abs/2006.07490) (Thakkar et al., 2020) ## Property inference - [**Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers**](https://dl.acm.org/doi/10.1504/IJSN.2015.071829) (Ateniese et al., 2015) From dafa8cac6ea886e7f20d69c7183402f2c819bdbb Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Tue, 1 Sep 2020 23:55:08 -0400 Subject: [PATCH 6/9] Add new papers --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 6ffe824..d6af423 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference**](https://arxiv.org/abs/1906.11798) (Leino and Fredrikson, 2020) - [**Label-Only Membership Inference Attacks**](https://arxiv.org/abs/2007.14321) (Choquette Choo et al., 2020) - [**Label-Leaks: Membership Inference Attack with Label**](https://arxiv.org/abs/2007.15528) (Li and Zhang, 2020) +- [**Alleviating Privacy Attacks via Causal Learning**](https://arxiv.org/abs/1909.12732)(Tople et al., 2020) ## Reconstruction @@ -101,3 +102,5 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints**](https://dl.acm.org/doi/pdf/10.1145/3373376.3378460) (Hu et al., 2020) - [**CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel**](https://www.usenix.org/system/files/sec19-batina.pdf) (Batina et al., 2019) - [**Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures**](https://www.usenix.org/conference/usenixsecurity20/presentation/yan) (Yan et al., 2020) +- [**How to 0wn NAS in Your Spare Time**](https://arxiv.org/abs/2002.06776)(Hong et al., 2020) +- [**Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks**](https://arxiv.org/abs/1810.03487)(Hong et al., 2020) From 0e6a47cac20037d980efdbd338adbc6e376c4ddf Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Tue, 1 Sep 2020 23:55:35 -0400 Subject: [PATCH 7/9] Add space before reference --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d6af423..cba01a9 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference**](https://arxiv.org/abs/1906.11798) (Leino and Fredrikson, 2020) - [**Label-Only Membership Inference Attacks**](https://arxiv.org/abs/2007.14321) (Choquette Choo et al., 2020) - [**Label-Leaks: Membership Inference Attack with Label**](https://arxiv.org/abs/2007.15528) (Li and Zhang, 2020) -- [**Alleviating Privacy Attacks via Causal Learning**](https://arxiv.org/abs/1909.12732)(Tople et al., 2020) +- [**Alleviating Privacy Attacks via Causal Learning**](https://arxiv.org/abs/1909.12732) (Tople et al., 2020) ## Reconstruction @@ -102,5 +102,5 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints**](https://dl.acm.org/doi/pdf/10.1145/3373376.3378460) (Hu et al., 2020) - [**CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel**](https://www.usenix.org/system/files/sec19-batina.pdf) (Batina et al., 2019) - [**Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures**](https://www.usenix.org/conference/usenixsecurity20/presentation/yan) (Yan et al., 2020) -- [**How to 0wn NAS in Your Spare Time**](https://arxiv.org/abs/2002.06776)(Hong et al., 2020) -- [**Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks**](https://arxiv.org/abs/1810.03487)(Hong et al., 2020) +- [**How to 0wn NAS in Your Spare Time**](https://arxiv.org/abs/2002.06776) (Hong et al., 2020) +- [**Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks**](https://arxiv.org/abs/1810.03487) (Hong et al., 2020) From 975ece9c46cd7dd684cce264398830c5d5b6892b Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 2 Sep 2020 00:04:07 -0400 Subject: [PATCH 8/9] Add privacy analysis tools --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index cba01a9..6327ffb 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,13 @@ This repository contains a curated list of papers related to privacy attacks aga - [**A Survey of Privacy Attacks in Machine Learning**](https://arxiv.org/abs/2007.07646) (Rigaki and Garcia, 2020) - [**An Overview of Privacy in Machine Learning**](https://arxiv.org/pdf/2005.08679) (De Cristofaro, 2020) - [**Rethinking Privacy Preserving Deep Learning: How to Evaluate and Thwart Privacy Attacks**](https://arxiv.org/abs/2006.11601) (Fan et al., 2020) + +# Privacy Testing Tools +- [**PrivacyRaven**](https://github.com/trailofbits/PrivacyRaven) (Trail of Bits) +- [**TensorFlow Privacy**](https://github.com/tensorflow/privacy/tree/master/tensorflow_privacy/privacy/membership_inference_attack) (TensorFlow) +- [**Machine Learning Privacy Meter**](https://github.com/privacytrustlab/ml_privacy_meter) (NUS Data Privacy and Trustworthy Machine Learning Lab) +- [**CypherCat (archive-only)**](https://github.com/Lab41/cyphercat) (IQT Labs/Lab 41) +- [**Adversarial Robustness Toolbox (ART)**](https://github.com/Trusted-AI/adversarial-robustness-toolbox) (IBM) # Papers and Code From c2878ec3aaee49d53a4c860cc5764cdfa0604a1f Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 2 Sep 2020 00:05:13 -0400 Subject: [PATCH 9/9] Link to subheading for privacy testing --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6327ffb..2bc5488 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ This repository contains a curated list of papers related to privacy attacks aga # Contents - [Surveys and Overviews](#surveys-and-overviews) + * [Privacy Testing Tools](#privacy-testing-tools) - [Papers and Code](#papers-and-code) * [Membership inference](#membership-inference) * [Reconstruction](#reconstruction) @@ -15,7 +16,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**An Overview of Privacy in Machine Learning**](https://arxiv.org/pdf/2005.08679) (De Cristofaro, 2020) - [**Rethinking Privacy Preserving Deep Learning: How to Evaluate and Thwart Privacy Attacks**](https://arxiv.org/abs/2006.11601) (Fan et al., 2020) -# Privacy Testing Tools +## Privacy Testing Tools - [**PrivacyRaven**](https://github.com/trailofbits/PrivacyRaven) (Trail of Bits) - [**TensorFlow Privacy**](https://github.com/tensorflow/privacy/tree/master/tensorflow_privacy/privacy/membership_inference_attack) (TensorFlow) - [**Machine Learning Privacy Meter**](https://github.com/privacytrustlab/ml_privacy_meter) (NUS Data Privacy and Trustworthy Machine Learning Lab)