Auditing Membership Leakages of Multi-Exit Networks

Li, Zheng and Liu, Yiyong and He, Xinlei and Yu, Ning and Backes, Michael and Zhang, Yang
(2022) Auditing Membership Leakages of Multi-Exit Networks.
In: CCS 2022.
Conference: CCS ACM Conference on Computer and Communications Security

[img]
Preview
 Text
CCS22-MultiExit.pdf
Download (1MB) | Preview

Abstract

Relying on the fact that not all inputs require the same amount of computation to yield a confident prediction, multi-exit networks are gaining attention as a prominent approach for pushing the limits of efficient deployment. Multi-exit networks endow a backbone model with early exits, allowing to obtain predictions at intermediate layers of the model and thus save computation time and/or energy. However, current various designs of multi-exit networks are only considered to achieve the best trade-off between resource usage efficiency and prediction accuracy, the privacy risks stemming from them have never been explored. This prompts the need for a comprehensive investigation of privacy risks in multi-exit networks. In this paper, we perform the first privacy analysis of multi-exit networks through the lens of membership leakages. In particular, we first leverage the existing attack methodologies to quantify the multi-exit networks’ vulnerability to membership leakages. Our experimental results show that multi-exit networks are less vulnerable to membership leakages and the exit (number and depth) attached to the backbone model is highly correlated with the attack performance. Furthermore, we propose a hybrid attack that exploits the exit information to improve the performance of existing attacks. We evaluate membership leakage threat caused by our hybrid attack under three different adversarial setups, ultimately arriving at a model-free and data-free adversary. These results clearly demonstrate that our hybrid attacks are very broadly applicable, thereby the corresponding risks are much more severe than shown by existing membership inference attacks. We further present a defense mechanism called TimeGuard specifically for multi-exit networks and show that TimeGuard mitigates the newly proposed attacks perfectly.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Yang Zhang (YZ)
Conference: CCS ACM Conference on Computer and Communications Security
Depositing User: Yang Zhang
Date Deposited: 02 May 2022 20:07
Last Modified: 15 Oct 2022 15:41
Primary Research Area: NRA1: Trustworthy Information Processing
URI: https://publications.cispa.saarland/id/eprint/3640

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.