SaTC: CORE: Medium: Privacy for All: Ensuring Fair Privacy Protection in Machine Learning

SaTC：核心：媒介：所有人的隐私：确保机器学习中公平的隐私保护

• 批准号: 2029038
• 负责人: Wendy Hui Wang
• 金额: $ 69.95万
• 依托单位: Stevens Institute of Technology
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2029038&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Privacy; Ensuring

Advances in the field of artificial intelligence and machine learning have resulted in algorithms and technologies for improving cybersecurity. However, machine learning is also vulnerable to novel and sophisticated privacy attacks that leak information about the data used for learning and prediction. For example, by accessing the prediction results of a machine learning model that discovers the genetic basis of a particular disease, the privacy attack can infer if a certain patient's clinical record was used to train this model. The privacy attack can be discriminatory in the sense that it has a higher successful rate for certain demographic groups (e.g., females) than the other groups (e.g., males). However, none of the existing defense mechanisms against these attacks consider such disparate vulnerability and thus perform disparate efforts across different groups. This raises the serious concern of fair privacy, i.e., how to ensure all groups and individuals are protected equitably?This project will address the core issues of fair privacy from both technical and social perspectives. The project has five research thrusts: (1) formalizing the concept of fair privacy quantitatively; (2) unveiling the existence of disparate vulnerability to two popularly-studied, machine learning enabled privacy attacks, namely membership inference attack (MIA) and attribute inference attack (AIA), and investigating the underlying causes of such vulnerability unfairness; (3) examining the fairness of the existing defense mechanisms against MIA and AIA, and studying how these defense mechanisms affect vulnerability unfairness; (4) designing effective mitigation mechanisms that enable the defense mechanisms to provide equitable protection against MIA and AIA; and (5) performing extensive social studies to explore important social issues related to fair privacy, and utilizing social science to shape the research of fair privacy. The research outcomes will be disseminated broadly through the development of new courses for both STEM and social sciences curricula, involving students into research through various events and student societies. Students at different levels in both disciplines of STEM and liberal arts will be exposed to cutting-edge research in security, privacy, and machine learning.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

人工智能和机器学习领域的进步产生了用于改善网络安全的算法和技术。然而，机器学习也容易受到新颖和复杂的隐私攻击，这些攻击会泄露用于学习和预测的数据信息。例如，通过访问发现特定疾病遗传基础的机器学习模型的预测结果，隐私攻击可以推断某个患者的临床记录是否用于训练该模型。隐私攻击可以是歧视性的，因为它对某些人口统计组（例如，女性）比其他组（例如，男性）。然而，针对这些攻击的现有防御机制都没有考虑这种不同的漏洞，因此在不同的组中执行不同的工作。这引起了对公平隐私的严重关注，即，如何确保所有群体和个人得到公平保护？该项目将从技术和社会角度解决公平隐私的核心问题。该项目有五个研究重点：（1）定量地形式化公平隐私的概念;（2）揭示存在两种不同的脆弱性，即成员推理攻击（MIA）和属性推理攻击（AIA），并调查这种脆弱性不公平的根本原因;（3）分析现有的MIA和AIA防御机制的公平性，并研究这些防御机制如何影响脆弱性不公平性：（4）设计有效的缓解机制，使防御机制能够提供公平的MIA和AIA保护;及（5）进行广泛的社会研究，探讨与公平隐私有关的重要社会问题，并利用社会科学来塑造公平隐私的研究。研究成果将通过为STEM和社会科学课程开发新课程来广泛传播，通过各种活动和学生社团让学生参与研究。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响力审查标准进行评估，被认为值得支持。

项目成果

Disparate Vulnerability in Link Inference Attacks against Graph Neural Networks

• DOI: 10.56553/popets-2023-0103
• 发表时间: 2023-10
• 期刊: Proc. Priv. Enhancing Technol.
• 作者: Da Zhong;Ruotong Yu;Kun Wu;Xiuling Wang;Jun Xu;Wendy Hui Wang

Understanding Disparate Effects of Membership Inference Attacks and their Countermeasures

了解成员推理攻击的不同影响及其对策

• DOI: 10.1145/3488932.3501279
• 发表时间: 2022
• 期刊: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
• 作者: Zhong, Da;Sun, Haipei;Xu, Jun;Gong, Neil;Wang, Wendy Hui
• 通讯作者: Wang, Wendy Hui