Neural Network Information Leakage through Hidden Learning - Université Nice Sophia Antipolis Accéder directement au contenu
Rapport (Rapport De Recherche) Année : 2021

Neural Network Information Leakage through Hidden Learning

Résumé

We investigate the problem of making a neural network perform some hidden computation whose result can be easily retrieved from the network output. In particular, we consider the following scenario. A user is provided a neural network for a classification task by a company. We further assume that the company has limited access to the user's computation, and can only observe the output of the network when the user evaluates it. The user's input to the network contains some sensible information. We provide a simple and efficient training procedure, called Hidden Learning, that produces two networks such that i) One of the networks solves the original classification task with comparable performance to state of the art solutions of the task; ii) The other network takes as input the output of the first and solves another classification task that retrieves the sensible information with considerable accuracy. Our result might expose important issues from an information security point of view, as for the use of artificial neural networks in sensible applications.
Fichier principal
Vignette du fichier
hidden_learning.pdf (251.23 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03157141 , version 1 (02-03-2021)
hal-03157141 , version 2 (27-02-2023)
hal-03157141 , version 3 (27-03-2023)
hal-03157141 , version 4 (23-05-2023)

Identifiants

  • HAL Id : hal-03157141 , version 1

Citer

Arthur da Cunha, Emanuele Natale, Laurent Viennot. Neural Network Information Leakage through Hidden Learning. [Research Report] Inria; CNRS; I3S; Université Côte d'Azur. 2021. ⟨hal-03157141v1⟩
207 Consultations
370 Téléchargements

Partager

Gmail Facebook X LinkedIn More