research-article

Preserving data privacy in machine learning systems

Authors:

Soumia Zohra El Mestari,

Gabriele Lenzini,

Huseyin DemirciAuthors Info & Claims

Volume 137, Issue C

https://doi.org/10.1016/j.cose.2023.103605

Published: 12 April 2024 Publication History

Abstract

The wide adoption of Machine Learning to solve a large set of real-life problems came with the need to collect and process large volumes of data, some of which are considered personal and sensitive, raising serious concerns about data protection. Privacy-enhancing technologies (PETs) are often indicated as a solution to protect personal data and to achieve a general trustworthiness as required by current EU regulations on data protection and AI. However, an off-the-shelf application of PETs is insufficient to ensure a high-quality of data protection, which one needs to understand. This work systematically discusses the risks against data protection in modern Machine Learning systems taking the original perspective of the data owners, who are those who hold the various data sets, data models, or both, throughout the machine learning life cycle and considering the different Machine Learning architectures. It argues that the origin of the threats, the risks against the data, and the level of protection offered by PETs depend on the data processing phase, the role of the parties involved, and the architecture where the machine learning systems are deployed. By offering a framework in which to discuss privacy and confidentiality risks for data owners and by identifying and assessing privacy-preserving countermeasures for machine learning, this work could facilitate the discussion about compliance with EU regulations and directives.

We discuss current challenges and research questions that are still unsolved in the field. In this respect, this paper provides researchers and developers working on machine learning with a comprehensive body of knowledge to let them advance in the science of data protection in machine learning field as well as in closely related fields such as Artificial Intelligence.

References

[1]

Martin Abadi, Andy Chu, Ian Goodfellow, Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang, Deep learning with differential privacy, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 308–318.

Digital Library

[2]

Michel Abdalla, Fabrice Benhamouda, Markulf Kohlweiss, Hendrik Waldner, Decentralizing inner-product functional encryption, in: IACR International Workshop on Public Key Cryptography, Springer, 2019, pp. 128–157.

[3]

Michel Abdalla, Florian Bourse, Angelo De Caro, David Pointcheval, Simple functional encryption schemes for inner products, in: Jonathan Katz (Ed.), Public-Key Cryptography – PKC 2015, Springer Berlin Heidelberg, Berlin, Heidelberg, 2015, pp. 733–751.

[4]

Michel Abdalla, Dario Catalano, Dario Fiore, Romain Gay, Bogdan Ursu, Multi-input functional encryption for inner products: function-hiding realizations and constructions without pairings, in: Hovav Shacham, Alexandra Boldyreva (Eds.), Advances in Cryptology – CRYPTO 2018, Springer International Publishing, 2018, pp. 597–627.

[5]

Shashank Agrawal, Melissa Chase, Fame: fast attribute-based message encryption, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, Association for Computing Machinery, New York, NY, USA, 2017, pp. 665–682.

[6]

Shweta Agrawal, Benoît Libert, Damien Stehlé, Fully secure functional encryption for inner products, from standard assumptions, in: Matthew Robshaw, Jonathan Katz (Eds.), Advances in Cryptology – CRYPTO 2016, Springer Berlin Heidelberg, Berlin, Heidelberg, 2016, pp. 333–362.

[7]

Aharoni, Ehud; Adir, Allon; Baruch, Moran; Drucker, Nir; Ezov, Gilad; Farkash, Ariel; Greenberg, Lev; Masalha, Ramy; Moshkowich, Guy; Murik, Dov; et al. (2020): Helayers: a tile tensors framework for large neural networks on encrypted data. arXiv preprint arXiv:2011.01805.

[8]

Mohammad Al-Rubaie, J. Morris Chang, Privacy-preserving machine learning: threats and solutions, IEEE Secur. Priv. 17 (2) (2019) 49–58.

[9]

Ahmed Alaa, Boris Van Breugel, Evgeny S. Saveliev, Mihaela van der Schaar, How faithful is your synthetic data? Sample-level metrics for evaluating and auditing generative models, in: International Conference on Machine Learning, PMLR, 2022, pp. 290–306.

[10]

Nawab Yousuf Md Ali, Lizur Md Rahman, Jyotismita Chaki, Nilanjan Dey, K.C. Santosh, et al., Machine translation using deep learning for universal networking language based on their structure, Int. J. Mach. Learn. Cybern. 12 (8) (2021) 2365–2376.

[11]

Halima Hamid N. Alrashedy, Atheer Fahad Almansour, Dina M. Ibrahim, Mohammad Ali A. Hammoudeh, Braingan: brain mri image generation and classification framework using gan architectures and cnn models, Sensors 22 (11) (2022) 4297.

[12]

Kareem Amin, Travis Dick, Alex Kulesza, Andres Munoz, Sergei Vassilvitskii, Differentially private covariance estimation, Adv. Neural Inf. Process. Syst. 32 (2019).

[13]

Samuel A. Assefa, Danial Dervovic, Mahmoud Mahfouz, Robert E. Tillman, Prashant Reddy, Manuela Veloso, Generating synthetic data in finance: opportunities, challenges and pitfalls, in: Proceedings of the First ACM International Conference on AI in Finance, ICAIF '20, Association for Computing Machinery, New York, NY, USA, 2021.

[14]

Pascal Aubry, Sergiu Carpov, Renaud Sirdey, Faster homomorphic encryption is not enough: improved heuristic for multiplicative depth minimization of Boolean circuits, in: Topics in Cryptology–CT-RSA 2020: The Cryptographers' Track at the RSA Conference 2020, San Francisco, CA, USA, February 24–28, 2020, Proceedings, Springer, 2020, pp. 345–363.

[15]

Furkan Aydin, Emre Karabulut, Seetal Potluri, Erdem Alkim, Aydin Aysu, RevEAL: single-trace side-channel leakage of the seal homomorphic encryption library, in: 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE), IEEE, 2022, pp. 1527–1532.

[16]

Jayme Garcia Arnal Barbedo, Impact of dataset size and variety on the effectiveness of deep learning and transfer learning for plant disease classification, Comput. Electron. Agric. 153 (2018) 46–53.

[17]

Mauro Barni, Claudio Orlandi, Alessandro Piva, A privacy-preserving protocol for neural-network-based computation, in: Proceedings of the 8th Workshop on Multimedia and Security, MM&Sec '06, Association for Computing Machinery, New York, NY, USA, 2006, pp. 146–151.

[18]

Moran Baruch, Nir Drucker, Lev Greenberg, Guy Moshkowich, A methodology for training homomorphic encryption friendly neural networks, in: International Conference on Applied Cryptography and Network Security, Springer, 2022, pp. 536–553.

[19]

Belgodere, Brian; Dognin, Pierre; Ivankay, Adam; Melnyk, Igor; Mroueh, Youssef; Mojsilovic, Aleksandra; Navartil, Jiri; Nitsure, Apoorva; Padhi, Inkit; Rigotti, Mattia; et al. (2023): Auditing and generating synthetic data with controllable trust trade-offs. arXiv preprint arXiv:2304.10819.

[20]

Benaissa, Ayoub; Retiat, Bilal; Cebere, Bogdan; Belfedhal, Alaa Eddine (2021): Tenseal: a library for encrypted tensor operations using homomorphic encryption. arXiv preprint arXiv:2104.03152.

[21]

Josh Benaloh, Jerry Leichter, Generalized secret sharing and monotone functions, in: Conference on the Theory and Application of Cryptography, Springer, 1988, pp. 27–35.

[22]

Bernau, Daniel; Grassal, Philip-William; Robl, Jonas; Kerschbaum, Florian (2019): Assessing differentially private deep learning with membership inference. CoRR arXiv:1912.11328 [abs].

[23]

Swarup Bhunia, Michael S. Hsiao, Mainak Banga, Seetharam Narasimhan, Hardware trojan attacks: threat analysis and countermeasures, Proc. IEEE 102 (8) (2014) 1229–1247.

[24]

Franziska Boenisch, Christopher Mühl, Roy Rinberg, Jannis Ihrig, Adam Dziedzic, Individualized pate: differentially private machine learning with individual privacy guarantees, Proc. Priv. Enh. Technol. 1 (2023) 158–176.

[25]

Dan Boneh, Amit Sahai, Brent Waters, Functional encryption: definitions and challenges, in: Proceedings of the 8th Conference on Theory of Cryptography, TCC'11, Springer-Verlag, Berlin, Heidelberg, 2011, pp. 253–273.

[26]

Zvika Brakerski, Fully homomorphic encryption without modulus switching from classical gapsvp, in: Annual Cryptology Conference, Springer, 2012, pp. 868–886.

[27]

Zvika Brakerski, Craig Gentry, Vinod Vaikuntanathan, (Leveled) fully homomorphic encryption without bootstrapping, ACM Trans. Comput. Theory 6 (3) (2014) 1–36.

[28]

Justin Brickell, Vitaly Shmatikov, The cost of privacy: destruction of data-mining utility in anonymized data publishing, in: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2008, pp. 70–78.

[29]

Cao, Jianneng; Karras, Panagiotis (2012): Publishing microdata with a robust privacy guarantee. arXiv preprint arXiv:1208.0220.

[30]

Nicholas Carlini, Daphne Ippolito, Matthew Jagielski, Katherine Lee, Florian Tramer, Chiyuan Zhang, Quantifying memorization across neural language models, in: Conference on Learning Representations, vol. 11, 2023.

[31]

Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, Dawn Song, The secret sharer: evaluating and testing unintended memorization in neural networks, in: Proceedings of the 28th USENIX Conference on Security Symposium, SEC'19, USENIX Association, USA, 2019, pp. 267–284.

[32]

Nicholas Carlini, Florian Tramèr, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Úlfar Erlingsson, Alina Oprea, Colin Raffel, Extracting training data from large language models, in: 30th USENIX Security Symposium (USENIX Security 21), USENIX Association, August 2021, pp. 2633–2650.

[33]

Cetin, Gizem Selcan; Dai, Wei; Opanchuk, Bogdan; Minibaev, Eugene (2018): CuFHE: cuda-accelerated fully homomorphic encryption library. https://github.com/vernamlab/cuFHE.

[34]

Junyi Chai, Hao Zeng, Anming Li, Eric W.T. Ngai, Deep learning in computer vision: a critical review of emerging techniques and application scenarios, Mach. Learn. Appl. 6 (2021).

[35]

Chamani, Javad Ghareh; Papadopoulos, Dimitrios (2020): Mitigating leakage in federated learning with trusted hardware. arXiv preprint arXiv:2011.04948.

[36]

Zachary Charles, Jakub Konečnỳ, Convergence and accuracy trade-offs in federated learning and meta-learning, in: International Conference on Artificial Intelligence and Statistics, PMLR, 2021, pp. 2575–2583.

[37]

Rui Chen, Noman Mohammed, Benjamin C.M. Fung, Bipin C. Desai, Li Xiong, Publishing set-valued data via differential privacy, Proc. VLDB Endow. 4 (11) (aug 2011) 1087–1098.

[38]

Yu Chen, Fang Luo, Tong Li, Tao Xiang, Zheli Liu, Jin Li, A training-integrity privacy-preserving federated learning scheme with trusted execution environment, Inf. Sci. 522 (2020) 69–79.

[39]

Yudong Chen, Lili Su, Jiaming Xu, Distributed statistical machine learning in adversarial settings: Byzantine gradient descent, in: Abstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems, 2018, p. 96.

[40]

Jung Hee Cheon, Kyoohyung Han, Andrey Kim, Miran Kim, Yongsoo Song, Bootstrapping for approximate homomorphic encryption, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2018, pp. 360–384.

[41]

Jung Hee Cheon, Andrey Kim, Miran Kim, Yongsoo Song, Homomorphic encryption for arithmetic of approximate numbers, in: International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2017, pp. 409–437.

[42]

Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, Malika Izabachène, Tfhe: fast fully homomorphic encryption over the torus, J. Cryptol. 33 (1) (2020) 34–91.

[43]

Chillotti, Ilaria; Gama, Nicolas; Georgieva, Mariya; Izabachène, Malika (August 2016): TFHE: fast fully homomorphic encryption library. https://tfhe.github.io/tfhe/.

[44]

Choquette-Choo, Christopher A.; Dullerud, Natalie; Dziedzic, Adam; Zhang, Yunxiang; Jha, Somesh; Papernot, Nicolas; Wang, Xiao (2021): Capc learning: confidential and private collaborative learning. arXiv preprint arXiv:2102.05188.

[45]

Christopher A. Choquette-Choo, Florian Tramer, Nicholas Carlini, Nicolas Papernot, Label-only membership inference attacks, in: Marina Meila, Tong Zhang (Eds.), Proceedings of the 38th International Conference on Machine Learning, in: Proceedings of Machine Learning Research, vol. 139, 18–24 Jul, PMLR, 2021, pp. 1964–1974.

[46]

Jérémy Chotard, Edouard Dufour Sans, Romain Gay, Duong Hieu Phan, David Pointcheval, Decentralized multi-client functional encryption for inner product, in: Thomas Peyrin, Steven Galbraith (Eds.), Advances in Cryptology – ASIACRYPT 2018, Springer International Publishing, 2018, pp. 703–732.

[47]

Chung, Yeounoh; Haas, Peter J.; Upfal, Eli; Kraska, Tim (2018): Unknown examples & machine learning model generalization. CoRR arXiv:1808.08294 [abs].

[48]

Joseph Clements, Yingjie Lao, Hardware trojan design on neural networks, in: 2019 IEEE International Symposium on Circuits and Systems (ISCAS), 2019, pp. 1–5.

[49]

Martine de Cock, Rafael Dowsley, Anderson C.A. Nascimento, Stacey C. Newman, Fast, privacy preserving linear regression over distributed datasets based on pre-distributed data, in: Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security, 2015, pp. 3–14.

[50]

European Commission, Content Directorate-General for Communications Networks, and Technology, Ethics Guidelines for Trustworthy AI, Publications Office, 2019.

[51]

OpenDP community (Jul 2021): OpenDP: the opendp library is a modular collection of statistical algorithms that adhere to the definition of differential privacy. https://github.com/opendp/opendp.

[52]

OpenMined Community (2020): PyDP: Python wrapper for google's differential privacy. https://github.com/OpenMined/PyDP.

[53]

PALISADE community (2020): PALISADE: palisade lattice cryptography library. https://gitlab.com/palisade.

[54]

Ronald Cramer, Ivan Bjerre Damgård, et al., Secure Multiparty Computation, Cambridge University Press, 2015.

[55]

Emiliano De Cristofaro, An overview of privacy in machine learning, 2020.

[56]

Ivan Damgård, Valerio Pastro, Nigel Smart, Sarah Zakarias, Multiparty computation from somewhat homomorphic encryption, in: Annual Cryptology Conference, Springer, 2012, pp. 643–662.

[57]

Saloni Dash, Andrew Yale, Isabelle Guyon, Kristin P. Bennett, Medical time-series data generation using generative adversarial networks, in: Artificial Intelligence in Medicine: 18th International Conference on Artificial Intelligence in Medicine, AIME 2020, Minneapolis, MN, USA, August 25–28, 2020, Proceedings 18, Springer, 2020, pp. 382–391.

[58]

Pratish Datta, Tatsuaki Okamoto, Junichi Tomida, Full-hiding (unbounded) multi-input inner product functional encryption from the k-linear assumption, in: Michel Abdalla, Ricardo Dahab (Eds.), Public-Key Cryptography – PKC 2018, Springer International Publishing, 2018, pp. 245–277.

[59]

Yves-Alexandre De Montjoye, César A. Hidalgo, Michel Verleysen, Vincent D. Blondel, Unique in the crowd: the privacy bounds of human mobility, Sci. Rep. 3 (1) (2013) 1–5.

[60]

Daniel Demmler, Thomas Schneider, Michael Zohner, Aby-a framework for efficient mixed-protocol secure two-party computation, in: NDSS, 2015.

[61]

Li Deng, The mnist database of handwritten digit images for machine learning research, IEEE Signal Process. Mag. 29 (6) (2012) 141–142.

[62]

Diao, Enmao; Ding, Jie; Tarokh, Vahid (2020): Heterofl: computation and communication efficient federated learning for heterogeneous clients. arXiv preprint arXiv:2010.01264.

[63]

Marten van Dijk, Craig Gentry, Shai Halevi, Vinod Vaikuntanathan, Fully homomorphic encryption over the integers, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2010, pp. 24–43.

[64]

Léo Ducas, Daniele Micciancio, Fhew: bootstrapping homomorphic encryption in less than a second, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2015, pp. 617–640.

[65]

Edouard Dufour-Sans, Romain Gay, David Pointcheval, Reading in the dark: Classifying encrypted digits with functional encryption, Cryptology ePrint Archive 2018.

[66]

Sanghamitra Dutta, Dennis Wei, Hazar Yueksel, Pin-Yu Chen, Sijia Liu, Kush Varshney, Is there a trade-off between fairness and accuracy? A perspective using mismatched hypothesis testing, in: International Conference on Machine Learning, PMLR, 2020, pp. 2803–2813.

[67]

Cynthia Dwork, Aaron Roth, The algorithmic foundations of differential privacy, Found. Trends Theor. Comput. Sci. 9 (3–4) (aug 2014) 211–407.

Digital Library

[68]

Content European Commission, Directorate-General for Communications Networks and Technology, Ethics Guidelines for Trustworthy AI, 2019.

[69]

Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova, Rappor: randomized aggregatable privacy-preserving ordinal response, in: Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, Arizona, 2014.

[70]

David Evans, Vladimir Kolesnikov, Mike Rosulek, et al., A pragmatic introduction to secure multi-party computation, Found. Trends® Priv. Secur. 2 (2–3) (2018) 70–246.

[71]

Alexandre Evfimievski, Johannes Gehrke, Ramakrishnan Srikant, Limiting privacy breaches in privacy preserving data mining, in: Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS '03, Association for Computing Machinery, New York, NY, USA, 2003, pp. 211–222.

[72]

Fanti, Giulia; Pihur, Vasyl; Erlingsson, Úlfar (2015): Building a rappor with the unknown: privacy-preserving learning of associations and data dictionaries. arXiv preprint arXiv:1503.01214.

[73]

Heike Felzmann, Eduard Fosch Villaronga, Christoph Lutz, Aurelia Tamò-Larrieux, Transparency you can trust: transparency requirements for artificial intelligence between legal norms and contextual concerns, Big Data Soc. 6 (1) (2019).

[74]

Virginia Fernandez, Walter Hugo Lopez Pinaya, Pedro Borges, Petru-Daniel Tudosiu, Mark S. Graham, Tom Vercauteren, M. Jorge Cardoso, Can segmentation models be trained with fully synthetically generated data?, in: International Workshop on Simulation and Synthesis in Medical Imaging, Springer, 2022, pp. 79–90.

[75]

Simone Fischer-Hübner, Julio Angulo, Farzaneh Karegar, Tobias Pulls, Transparency, privacy and trust–technology for tracking and controlling my data disclosures: does this work?, in: IFIP International Conference on Trust Management, Springer, 2016, pp. 3–14.

[76]

Matt Fredrikson, Somesh Jha, Thomas Ristenpart, Model inversion attacks that exploit confidence information and basic countermeasures, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, Association for Computing Machinery, New York, NY, USA, 2015, pp. 1322–1333.

[77]

Arik Friedman, Ran Wolff, Assaf Schuster, Providing k-anonymity in data mining, VLDB J. 17 (2008).

[78]

Chong Fu, Xuhong Zhang, Shouling Ji, Jinyin Chen, Jingzheng Wu, Shanqing Guo, Jun Zhou, Alex X. Liu, Ting Wang, Label inference attacks against vertical federated learning, in: 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 1397–1414.

[79]

Fujita, Taisuke (Oct 2021): AnonyPy: anonymization library for python. https://github.com/glassonion1/anonypy/.

[80]

Craig Gentry, Fully homomorphic encryption using ideal lattices, in: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC '09, Association for Computing Machinery, New York, NY, USA, 2009, pp. 169–178.

[81]

Geyer, Robin C.; Klein, Tassilo; Nabi, Moin (2017): Differentially private federated learning: a client level perspective. arXiv preprint. arXiv:1712.07557.

[82]

Sahar M. Ghanem, Islam A. Moursy, Secure multiparty computation via homomorphic encryption library, in: 2019 Ninth International Conference on Intelligent Computing and Information Systems (ICICIS), 2019, pp. 227–232.

[83]

Marzyeh Ghassemi, Tristan Naumann, Peter Schulam, Andrew L. Beam, Irene Y. Chen, Rajesh Ranganath, A review of challenges and opportunities in machine learning for health, AMIA Summits Transl. Sci. Proc. 2020 (2020) 191.

[84]

Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, John Wernsing, Cryptonets: applying neural networks to encrypted data with high throughput and accuracy, in: International Conference on Machine Learning, PMLR, 2016, pp. 201–210.

[85]

Abigail Goldsteen, Gilad Ezov, Ron Shmelkin, Micha Moffie, Ariel Farkash, Anonymizing machine learning models, in: Joaquin Garcia-Alfaro, Jose Luis Muñoz-Tapia, Guillermo Navarro-Arribas, Miguel Soriano (Eds.), Data Privacy Management, Cryptocurrencies and Blockchain Technology, Springer International Publishing, Cham, 2022, pp. 121–136.

[86]

Shafi Goldwasser, S. Dov Gordon, Vipul Goyal, Abhishek Jain, Jonathan Katz, Feng-Hao Liu, Amit Sahai, Elaine Shi, Hong-Sheng Zhou, Multi-input functional encryption, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2014, pp. 578–602.

[87]

Google (Sep 2021): Google DP repository: libraries to generate differentially private statistics over datasets. https://github.com/google/differential-privacy.

[88]

Vipul Goyal, Omkant Pandey, Amit Sahai, Brent Waters, Attribute-based encryption for fine-grained access control of encrypted data, in: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS '06, Association for Computing Machinery, New York, NY, USA, 2006, pp. 89–98.

[89]

Seda Gürses, Pets and their users: a critical review of the potentials and limitations of the privacy as confidentiality paradigm, Identity Inf. Soc. 3 (3) (2010) 539–563.

[90]

Hall, Adam James; Jay, Madhava; Cebere, Tudor; Cebere, Bogdan; van der Veen, Koen Lennart; Muraru, George; Xu, Tongye; Cason, Patrick; Abramson, William; Benaissa, Ayoub; et al. (2021): Syft 0.5: a platform for universally deployable structured transparency. arXiv preprint arXiv:2104.12385.

[91]

Han, Kyoohyung (Kay); Hong, Seungwan; Kim, Andrey (2016): HEAAN: ckks scheme library. https://github.com/snucrypto/HEAAN.

[92]

Hayes, Jamie; Melis, Luca; Danezis, George; De Cristofaro, Emiliano (2017): LOGAN: evaluating privacy leakage of generative models using generative adversarial networks. CoRR arXiv:1705.07663 [abs].

[93]

Zecheng He, Tianwei Zhang, Ruby B. Lee, Model inversion attacks against collaborative inference, in: Proceedings of the 35th Annual Computer Security Applications Conference, ACSAC '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 148–162.

[94]

High-Level Expert Group on AI, Ethics Guidelines for Trustworthy AI, Technical report European Commission, April 2019.

[95]

Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz, Deep models under the gan: information leakage from collaborative deep learning, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, Association for Computing Machinery, New York, NY, USA, 2017, pp. 603–618.

[96]

Holohan, Naoise; Braghin, Stefano; Aonghusa, Pól Mac; Levacher, Killian (July 2019): Diffprivlib: the IBM differential privacy library. ArXiv e-prints arXiv:1907.02444 [cs.CR].

[97]

Po-Hsuan Huang, Chia-Heng Tu, Shen-Ming Chung, Tonic: towards oblivious neural inference compiler, in: Proceedings of the 36th Annual ACM Symposium on Applied Computing, 2021, pp. 491–500.

[98]

Hunt, Hamish; Crawford, Jack L.; Steffinlongo, Enrico; Shoup, Victor J. (2020): HElib: open-source software library that implements homomorphic encryption. https://github.com/homenc/HElib/.

[99]

Yuankai Huo, Zhoubing Xu, Hyeonsoo Moon, Shunxing Bao, Albert Assad, Tamara K. Moyo, Michael R. Savona, Richard G. Abramson, Bennett A. Landman, Synseg-net: synthetic segmentation without target modality ground truth, IEEE Trans. Med. Imaging 38 (4) (2018) 1016–1025.

[100]

Siam Hussain, Baiyu Li, Farinaz Koushanfar, Rosario Cammarota, Tinygarble2: smart, efficient, and scalable Yao's Garble Circuit, in: Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, 2020, pp. 65–67.

[101]

Yuval Ishai, Joe Kilian, Kobbi Nissim, Erez Petrank, Extending oblivious transfers efficiently, in: Annual International Cryptology Conference, Springer, 2003, pp. 145–161.

[102]

Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, Bo Li, Manipulating machine learning: poisoning attacks and countermeasures for regression learning, in: 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 19–35.

[103]

Bargav Jayaraman, David Evans, Are attribute inference attacks just imputation?, in: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS '22, Association for Computing Machinery, New York, NY, USA, 2022, pp. 1569–1582.

[104]

Jia, Jinyuan; Salem, Ahmed; Backes, Michael; Zhang, Yang; Gong, Neil Zhenqiang (2019): Memguard: defending against black-box membership inference attacks via adversarial examples. CoRR arXiv:1909.10594 [abs].

[105]

Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, Neil Zhenqiang Gong, Memguard: defending against black-box membership inference attacks via adversarial examples, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 259–274.

[106]

Kaifeng Jiang, Dongxu Shao, Stéphane Bressan, Thomas Kister, Kian-Lee Tan, Publishing trajectories with differential privacy guarantees, in: Proceedings of the 25th International Conference on Scientific and Statistical Database Management, SSDBM, New York, NY, USA, 2013, Association for Computing Machinery.

[107]

Xue Jiang, Xuebing Zhou, Jens Grossklags, Comprehensive analysis of privacy leakage in vertical federated learning during prediction, Proc. Priv. Enh. Technol. 2022 (2) (2022) 263–281.

[108]

Xiao Jin, Pin-Yu Chen, Chia-Yi Hsu, Chia-Mu Yu, Tianyi Chen, Cafe: catastrophic data leakage in vertical federated learning, Adv. Neural Inf. Process. Syst. 34 (2021) 994–1006.

[109]

James Jordon, Jinsung Yoon, Mihaela Van Der Schaar, Pate-gan: generating synthetic data with differential privacy guarantees, in: International Conference on Learning Representations, 2018.

[110]

Nathan Kallus, Angela Zhou, Residual unfairness in fair machine learning from prejudiced data, in: Jennifer Dy, Andreas Krause (Eds.), Proceedings of the 35th International Conference on Machine Learning, in: Proceedings of Machine Learning Research, vol. 80, 10–15 Jul, PMLR, 2018, pp. 2439–2448.

[111]

Kang, Yan; Luo, Jiahuan; He, Yuanqin; Zhang, Xiaojin; Fan, Lixin; Yang, Qiang (2022): A framework for evaluating privacy-utility trade-off in vertical federated learning. arXiv preprint arXiv:2209.03885.

[112]

Jonathan Katz, Samuel Ranellucci, Mike Rosulek, Xiao Wang, Optimizing authenticated garbling for faster secure two-party computation, in: Annual International Cryptology Conference, Springer, 2018, pp. 365–391.

[113]

Marcel Keller, MP-SPDZ: a versatile framework for multi-party computation, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020.

[114]

Marcel Keller, Emmanuela Orsini, Peter Scholl, Mascot: faster malicious arithmetic secure computation with oblivious transfer, in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 830–842.

[115]

Marcel Keller, Valerio Pastro, Dragos Rotaru, Overdrive: making spdz great again, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2018, pp. 158–189.

[116]

Daniel Kifer, Johannes Gehrke, Injecting utility into anonymized datasets, in: Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data, SIGMOD '06, Association for Computing Machinery, New York, NY, USA, 2006, pp. 217–228.

[117]

Andrey Kim, Antonis Papadimitriou, Yuriy Polyakov, Approximate homomorphic encryption with reduced approximation error, in: Cryptographers' Track at the RSA Conference, Springer, 2022, pp. 120–144.

[118]

Knott, Brian; Venkataraman, Shobha; Hannun, Awni; Sengupta, Shubho; Ibrahim, Mark; der Van Maaten, Laurens (2021): Crypten: secure multi-party computation meets machine learning. arXiv:2109.00984.

[119]

Matt Kusner, Jacob Gardner, Roman Garnett, Kilian Weinberger, Differentially private Bayesian optimization, in: Francis Bach, David Blei (Eds.), Proceedings of the 32nd International Conference on Machine Learning, in: Proceedings of Machine Learning Research, vol. 37, 07–09 Jul, PMLR, Lille, France, 2015, pp. 918–927.

[120]

Andrew Law, Chester Leung, Rishabh Poddar, Raluca Ada Popa, Chenyu Shi, Octavian Sima, Chaofan Yu, Xingmeng Zhang, Wenting Zheng, Secure collaborative training and inference for xgboost, in: Proceedings of the 2020 Workshop on Privacy-Preserving Machine Learning in Practice, 2020, pp. 21–26.

[121]

Joon-Woo Lee, Hyungchul Kang, Yongwoo Lee, Woosuk Choi, Jieun Eom, Maxim Deryabin, Eunsang Lee, Junghyun Lee, Donghoon Yoo, Young-Sik Kim, Jong-Seon No, Privacy-preserving machine learning with fully homomorphic encryption for deep neural network, IEEE Access 10 (2022) 30039–30054.

[122]

Bruno Lepri, Nuria Oliver, Emmanuel Letouzé, Alex Pentland, Patrick Vinck, Fair, transparent, and accountable algorithmic decision-making processes: the premise, the proposed solutions, and the open challenges, Philos. Technol. 31 (4) (2018) 611–627.

[123]

Baiyu Li, Daniele Micciancio, On the security of homomorphic encryption on approximate numbers, in: Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2021, pp. 648–677.

[124]

Baiyu Li, Daniele Micciancio, Mark Schultz, Jessica Sorrell, Securing approximate homomorphic encryption using differential privacy, in: Annual International Cryptology Conference, Springer, 2022, pp. 560–589.

[125]

Li, Jeffrey; Khodak, Mikhail; Caldas, Sebastian; Talwalkar, Ameet (2019): Differentially private meta-learning. CoRR arXiv:1909.05830 [abs].

[126]

Li, Jiacheng; Li, Ninghui; Ribeiro, Bruno (2020): Membership inference attacks and defenses in supervised learning via generalization gap. ArXiv arXiv:2002.12062 [abs].

[127]

Ninghui Li, Tiancheng Li, Suresh Venkatasubramanian, t-closeness: privacy beyond k-anonymity and l-diversity, in: 2007 IEEE 23rd International Conference on Data Engineering, IEEE, 2007, pp. 106–115.

[128]

Li, Oscar; Sun, Jiankai; Yang, Xin; Gao, Weihao; Zhang, Hongyi; Xie, Junyuan; Smith, Virginia; Wang, Chong (2021): Label leakage and protection in two-party split learning. arXiv preprint arXiv:2102.08504.

[129]

Li, Qun; Thapa, Chandra; Ong, Lawrence; Zheng, Yifeng; Ma, Hua; Camtepe, Seyit A.; Fu, Anmin; Gao, Yansong (2023): Vertical federated learning: taxonomies, threats, and prospects. arXiv preprint arXiv:2302.01550.

[130]

Zheng Li, Yang Zhang, Membership leakage in label-only exposures, in: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS '21, Association for Computing Machinery, New York, NY, USA, 2021, pp. 880–895.

[131]

Bo Liu, Ming Ding, Sina Shaham, Wenny Rahayu, Farhad Farokhi, Zihuai Lin, When machine learning meets privacy: a survey and outlook, ACM Comput. Surv. 54 (2) (2021) 1–36.

[132]

Jian Liu, Mika Juuti, Yao Lu, Nadarajah Asokan, Oblivious neural network predictions via minionn transformations, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 619–631.

[133]

Liu, Yang; Zou, Tianyuan; Kang, Yan; Liu, Wenhan; He, Yuanqin; Yi, Zhihao; Yang, Qiang (2021): Batch label inference and replacement attacks in black-boxed vertical federated learning. arXiv preprint arXiv:2112.05409.

[134]

Long, Yunhui; Bindschaedler, Vincent; Wang, Lei; Bu, Diyue; Wang, Xiaofeng; Tang, Haixu; Gunter, Carl A.; Chen, Kai (2018): Understanding membership inferences on well-generalized learning models. CoRR arXiv:1802.04889 [abs].

[135]

Yunhui Long, Boxin Wang, Zhuolin Yang, Bhavya Kailkhura, Aston Zhang, Carl Gunter, Bo Li, G-pate: scalable differentially private data generator via private aggregation of teacher discriminators, in: M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, J. Wortman Vaughan (Eds.), Advances in Neural Information Processing Systems, vol. 34, Curran Associates, Inc., 2021, pp. 2965–2977.

[136]

Xinjian Luo, Yuncheng Wu, Xiaokui Xiao, Beng Chin Ooi, Feature inference attack on model predictions in vertical federated learning, in: 2021 IEEE 37th International Conference on Data Engineering (ICDE), IEEE, 2021, pp. 181–192.

[137]

Ashwin Machanavajjhala, Johannes Gehrke, Daniel Kifer, Muthuramakrishna Venkitasubramaniam, L-diversity: privacy beyond k-anonymity, in: 22nd International Conference on Data Engineering (ICDE'06), 2006, pp. 24–36.

[138]

Michael A. Madaio, Luke Stark, Jennifer Wortman Vaughan, Hanna Wallach, Co-designing checklists to understand organizational challenges and opportunities around fairness in ai, in: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, 2020, pp. 1–14.

[139]

Polina Mamoshina, Armando Vieira, Evgeny Putin, Alex Zhavoronkov, Applications of deep learning in biomedicine, Mol. Pharm. 13 (5) (2016) 1445–1454.

[140]

Miro Mannino, Azza Abouzied, Is this real? Generating synthetic data that looks real, in: Proceedings of the 32nd Annual ACM Symposium on User Interface Software and Technology, UIST '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 549–561.

[141]

Marc, Tilen; Stopar, Miha; Benčina, Benjamin; Hartman, Jan (2018): CiFEr/ GoFE: open-source software library that implements homomorphic encryption. https://github.com/fentec-project.

[142]

Tilen Marc, Miha Stopar, Jan Hartman, Manca Bizjak, Jolanda Modic, Privacy-enhanced machine learning with functional encryption, in: European Symposium on Research in Computer Security, Springer, 2019, pp. 3–21.

[143]

Paulo Martins, Leonel Sousa, Artur Mariano, A survey on fully homomorphic encryption: an engineering perspective, ACM Comput. Surv. 50 (6) (2017) 1–33.

Digital Library

[144]

Federico Mazzone, Leander van den Heuvel, Maximilian Huber, Cristian Verdecchia, Maarten Everts, Florian Hahn, Andreas Peter, Repeated knowledge distillation with confidence masking to mitigate membership inference attacks, in: Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security, AISec'22, Association for Computing Machinery, New York, NY, USA, 2022, pp. 13–24.

[145]

H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, Blaise Aguera y Arcas, Communication-efficient learning of deep networks from decentralized data, in: Artificial Intelligence and Statistics, PMLR, 2017, pp. 1273–1282.

[146]

McMahan, Brendan; Ramage, Daniel; Talwar, Kunal; Zhang, Li (2017): Learning differentially private recurrent language models. arXiv preprint arXiv:1710.06963.

[147]

Melis, Luca; Song, Congzheng; De Cristofaro, Emiliano; Shmatikov, Vitaly (2018): Inference attacks against collaborative learning. CoRR arXiv:1805.04049 [abs].

[148]

Aditya Krishna Menon, Robert C. Williamson, The cost of fairness in binary classification, in: Conference on Fairness, Accountability and Transparency, PMLR, 2018, pp. 107–118.

[149]

Yan Michalevsky, Marc Joye, Decentralized policy-hiding abe with receiver privacy, in: European Symposium on Research in Computer Security, Springer, 2018, pp. 548–567.

[150]

Michels, Felix; Uelwer, Tobias; Upschulte, Eric; Harmeling, Stefan (2019): On the vulnerability of capsule networks to adversarial attacks. CoRR arXiv:1906.03612 [abs].

[151]

Mihara, Kentaro; Yamaguchi, Ryohei; Mitsuishi, Miguel; Maruyama, Yusuke (2020): Neural network training with homomorphic encryption. arXiv preprint arXiv:2012.13552.

[152]

Smitha Milli, Ludwig Schmidt, Anca D. Dragan, Moritz Hardt, Model reconstruction from model explanations, in: Proceedings of the Conference on Fairness, Accountability, and Transparency, FAT* '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 1–9.

[153]

Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, Raluca Ada Popa, Delphi: a cryptographic inference service for neural networks, in: 29th USENIX Security Symposium (USENIX Security 20), 2020, pp. 2505–2522.

[154]

Fan Mo, Hamed Haddadi, Kleomenis Katevas, Eduard Marin, Diego Perino, Nicolas Kourtellis, Ppfl: privacy-preserving federated learning with trusted execution environments, in: Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, 2021, pp. 94–108.

[155]

Ran Mo, Jianfeng Liu, Wentao Yu, Fu Jiang, Xin Gu, Xiaoshuai Zhao, Weirong Liu, Jun Peng, A differential privacy-based protecting data preprocessing method for big data mining, in: 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), 2019, pp. 693–699.

[156]

Payman Mohassel, Peter Rindal, Aby3: a mixed protocol framework for machine learning, in: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018, pp. 35–52.

[157]

Payman Mohassel, Mike Rosulek, Ye Zhang, Fast and secure three-party computation: the garbled circuit approach, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 591–602.

[158]

Müller, Martin; Salathé, Marcel (2020): Addressing machine learning concept drift reveals declining vaccine sentiment during the COVID-19 pandemic. CoRR arXiv:2012.02197 [abs].

[159]

Deirdre K. Mulligan, Joshua A. Kroll, Nitin Kohli, Richmond Y. Wong, This thing called fairness: disciplinary confusion realizing a value in technology, Proc. ACM Hum.-Comput. Interact. 3 (CSCW) (nov 2019).

[160]

Luis Muñoz-González, Battista Biggio, Ambra Demontis, Andrea Paudice, Vasin Wongrassamee, Emil C. Lupu, Fabio Roli, Towards poisoning of deep learning algorithms with back-gradient optimization, in: Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017, pp. 27–38.

[161]

Karthik Nandakumar, Nalini Ratha, Sharath Pankanti, Shai Halevi, Towards deep neural network training on encrypted data, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2019.

[162]

Arvind Narayanan, Vitaly Shmatikov, Robust de-anonymization of large sparse datasets: a decade later, May 21 (2019) 2019.

[163]

Nasr, Milad; Shokri, Reza; et al. (2020): Improving deep learning with differential privacy using gradient encoding and denoising. arXiv preprint arXiv:2007.11524.

[164]

Milad Nasr, Reza Shokri, Amir Houmansadr, Comprehensive privacy analysis of deep learning: passive and active white-box inference attacks against centralized and federated learning, in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, pp. 739–753.

[165]

Mehmet Ercan Nergiz, Maurizio Atzori, Chris Clifton, Hiding the presence of individuals from shared databases, in: Proceedings of the 2007 ACM SIGMOD International Conference on Management of Data, 2007, pp. 665–676.

[166]

Thomas Neubauer, Johannes Heurix, A methodology for the pseudonymization of medical data, Int. J. Med. Inform. 80 (3) (2011) 190–204.

[167]

Chunchun Ni, Li Shan Cang, Prosanta Gope, Geyong Min, Data anonymization evaluation for big data and iot environment, Inf. Sci. 605 (2022) 381–392.

[168]

Jesper Buus Nielsen, Peter Sebastian Nordholt, Claudio Orlandi, Sai Sheshank Burra, A new approach to practical active-secure two-party computation, in: Annual Cryptology Conference, Springer, 2012, pp. 681–700.

[169]

Nik Khadijah Nik Aznan, Amir Atapour-Abarghouei, Stephen Bonner, Jason D. Connolly, Noura Al Moubayed, Toby P. Breckon, Simulating brain signals: creating synthetic eeg data via neural-based generative models for improved ssvep classification, in: 2019 International Joint Conference on Neural Networks (IJCNN), 2019, pp. 1–8.

[170]

Valeria Nikolaenko, Udi Weinsberg, Stratis Ioannidis, Marc Joye, Dan Boneh, Nina Taft, Privacy-preserving ridge regression on hundreds of millions of records, in: 2013 IEEE Symposium on Security and Privacy, IEEE, 2013, pp. 334–348.

[171]

Helen Nissenbaum, Privacy as contextual integrity, Wash. L. Rev. 79 (2004) 119.

[172]

Kobbi Nissim, Alexandra Wood, Is privacy privacy?, Philos. Trans. R. Soc. A, Math. Phys. Eng. Sci. 376 (2128) (2018).

[173]

Srinath Obla, Xinghan Gong, Asma Aloufi, Peizhao Hu, Daniel Takabi, Effective activation functions for homomorphic evaluation of deep neural networks, IEEE Access 8 (2020) 153098–153112.

[174]

Pascal Paillier, Public-key cryptosystems based on composite degree residuosity classes, in: Advances in Cryptology - EUROCRYPT '99, International Conference on the Theory and Application of Cryptographic Techniques, in: Lecture Notes in Computer Science, vol. 1592, Springer, 1999, pp. 223–238.

[175]

Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, Michael P. Wellman, SoK: security and privacy in machine learning, in: Proc. of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), 2018.

[176]

Papernot, Nicolas; Song, Shuang; Mironov, Ilya; Raghunathan, Ananth; Talwar, Kunal; Erlingsson, Úlfar (2018): Scalable private learning with pate. arXiv preprint arXiv:1802.08908.

[177]

Saerom Park, Junyoung Byun, Joohee Lee, Privacy-preserving fair learning of support vector machine with homomorphic encryption, in: Proceedings of the ACM Web Conference 2022, WWW '22, Association for Computing Machinery, New York, NY, USA, 2022, pp. 3572–3583.

[178]

Nhathai Phan, Xintao Wu, Han Hu, Dejing Dou, Adaptive Laplace mechanism: differential privacy preservation in deep learning, in: Proceedings - 17th IEEE International Conference on Data Mining, ICDM 2017, Dec 2017, pp. 385–394.

[179]

Le Trieu Phong, Yoshinori Aono, Takuya Hayashi, Lihua Wang, Shiho Moriai, Privacy-preserving deep learning via additively homomorphic encryption, IEEE Trans. Inf. Forensics Secur. 13 (5) (2018) 1333–1345.

[180]

Fabian Prasser, Johanna Eicher, Helmut Spengler, Raffael Bild, Klaus A. Kuhn, Flexible data anonymization using arx—current status and challenges ahead, Softw. Pract. Exp. 50 (7) (2020) 1277–1304.

[181]

Ahmad B. Qasim, Ivan Ezhov, Suprosanna Shit, Oliver Schoppe, Johannes C. Paetzold, Anjany Sekuboyina, Florian Kofler, Jana Lipkova, Hongwei Li, Menze Bjoern, Red-gan: attacking class imbalance via conditioned generation. Yet another medical imaging perspective, in: Tal Arbel, Ismail Ben Ayed, Marleen de Bruijne, Maxime Descoteaux, Herve Lombaert, Christopher Pal (Eds.), Proceedings of the Third Conference on Medical Imaging with Deep Learning, in: Proceedings of Machine Learning Research, vol. 121, 06–08 Jul, PMLR, 2020, pp. 655–668.

[182]

Deevashwer Rathee, Mayank Rathee, Rahul Kranti Kiran Goli, Divya Gupta, Rahul Sharma, Nishanth Chandran, Aseem Rastogi, Sirnn: a math library for secure rnn inference, in: 2021 IEEE Symposium on Security and Privacy (SP), IEEE, 2021, pp. 1003–1020.

[183]

Hanchi Ren, Jingjing Deng, Xianghua Xie, Grnn: generative regression neural network—a data leakage attack for federated learning, ACM Trans. Intell. Syst. Technol. 13 (4) (may 2022).

[184]

Mohammad Sadegh Riazi, Christian Weinert, Oleksandr Tkachenko, Ebrahim M. Songhori, Thomas Schneider, Farinaz Koushanfar, Chameleon: a hybrid secure computation framework for machine learning applications, in: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018, pp. 707–721.

[185]

Bita Darvish Rouhani, M. Sadegh Riazi, Farinaz Koushanfar, Deepsecure: scalable provably-secure deep learning, in: Proceedings of the 55th Annual Design Automation Conference, 2018, pp. 1–6.

[186]

Cynthia Rudin, Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead, Nat. Mach. Intell. 1 (5) (2019) 206–215.

[187]

Théo Ryffel, David Pointcheval, Francis Bach, Edouard Dufour-Sans, Romain Gay, Partially encrypted deep learning using functional encryption, Adv. Neural Inf. Process. Syst. 32 (2019).

[188]

Alfeo Sabay, Laurie Harris, Vivek Bejugama, Karen Jaceldo-Siegl, Overcoming small data limitations in heart disease prediction by using surrogate data, SMU Data Sci. Rev. 1 (3) (2018) 12.

[189]

Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, Yang Zhang, Updates-Leak: data set inference and reconstruction attacks in online learning, in: 29th USENIX Security Symposium (USENIX Security 20), USENIX Association, August 2020, pp. 1291–1308.

[190]

Suhel Sayyad, Privacy preserving deep learning using secure multiparty computation, in: 2020 Second International Conference on Inventive Research in Computing Applications (ICIRCA), 2020, pp. 139–142.

[191]

Microsoft SEAL (release 4.0) : https://github.com/Microsoft/SEAL Microsoft Research, Redmond, WA, March 2022.

[192]

Muhammad A. Shah, Joseph Szurley, Markus Mueller, Athanasios Mouchtaris, Jasha Droppo, Evaluating the vulnerability of end-to-end automatic speech recognition models to membership inference attacks, in: Proc. Interspeech 2021, 2021, pp. 891–895.

[193]

Adi Shamir, How to share a secret, Commun. ACM 22 (11) (1979) 612–613.

Digital Library

[194]

Reza Shokri, Vitaly Shmatikov, Privacy-preserving deep learning, in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, Association for Computing Machinery, New York, NY, USA, 2015, pp. 1310–1321.

[195]

Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov, Membership inference attacks against machine learning models, in: 2017 IEEE Symposium on Security and Privacy (SP), IEEE, 2017, pp. 3–18.

[196]

Congzheng Song, Vitaly Shmatikov, Auditing data provenance in text-generation models, in: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, KDD '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 196–206.

[197]

Song, Congzheng; Shmatikov, Vitaly (2019): Overlearning reveals sensitive attributes. arXiv preprint arXiv:1905.11742.

[198]

Liwei Song, Prateek Mittal, Systematic evaluation of privacy risks of machine learning models, in: 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2615–2632.

[199]

Emil Stefanov, Marten Van Dijk, Elaine Shi, T-H. Hubert Chan, Christopher Fletcher, Ling Ren, Xiangyao Yu, Srinivas Devadas, Path oram: an extremely simple oblivious ram protocol, J. ACM 65 (4) (2018) 1–26.

[200]

Stoddard, Ben; Chen, Yan; Machanavajjhala, Ashwin (2014): Differentially private algorithms for empirical machine learning. arXiv preprint arXiv:1411.5428.

[201]

Yuwei Sun, Ng S.T. Chong, Hideya Ochiai, Information stealing in federated learning systems based on generative adversarial networks, in: 2021 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2021, pp. 2749–2754.

[202]

Harry Surden, Machine learning and law, Wash. L. Rev. 89 (2014) 87.

[203]

Latanya Sweeney, k-anonymity: a model for protecting privacy, Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10 (05) (2002) 557–570.

Digital Library

[204]

Szegedy, Christian; Zaremba, Wojciech; Sutskever, Ilya; Bruna, Joan; Erhan, Dumitru; Goodfellow, Ian; Fergus, Rob (2013): Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199.

[205]

Tensorflow team (Aug 2019): Tensorflow privacy: a python library that includes implementations of tensorflow optimizers for training machine learning models with differential privacy. https://github.com/tensorflow/privacy.

[206]

Om Dipakbhai Thakkar, Swaroop Ramaswamy, Rajiv Mathews, Francoise Beaufays, Understanding unintended memorization in language models under federated learning, in: Proceedings of the Third Workshop on Privacy in Natural Language Processing, Association for Computational Linguistics, jun 2021, pp. 1–10. Online.

[207]

Tramer, Florian; Boneh, Dan (2018): Slalom: fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287.

[208]

Tramèr, Florian; Shokri, Reza; San Joaquin, Ayrton; Le, Hoang; Jagielski, Matthew; Hong, Sanghyun; Carlini, Nicholas (2022): Truth serum: poisoning machine learning models to reveal their secrets. arXiv preprint arXiv:2204.00032.

[209]

Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart, Stealing machine learning models via prediction {APIs}, in: 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 601–618.

[210]

Trask, Andrew; Bluemke, Emma; Garfinkel, Ben; Cuervas-Mons, Claudia Ghezzou; Dafoe, Allan (2020): Beyond privacy trade-offs with structured transparency. CoRR arXiv:2012.08347 [abs].

[211]

Truex, Stacey; Liu, Ling; Gursoy, Mehmet Emre; Yu, Lei; Wei, Wenqi (2018): Towards demystifying membership inference attacks. CoRR arXiv:1807.09173 [abs].

[212]

Laura Cross Vila, Carlos Escolano, José A.R. Fonollosa, Marta R. Costa-Jussa, End-to-end speech translation with the transformer, in: IberSPEECH, 2018, pp. 60–63.

[213]

Wang, Xiao; Malozemoff, Alex J.; Katz, Jonathan (2016): EMP-toolkit: efficient MultiParty computation toolkit. https://github.com/emp-toolkit.

[214]

Xiao Wang, Samuel Ranellucci, Jonathan Katz, Authenticated garbling and efficient maliciously secure two-party computation, in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 21–37.

[215]

Yilei Wang, Qingzhe Lv, Huang Zhang, Minghao Zhao, Yuhong Sun, Lingkai Ran, Tao Li, Beyond model splitting: preventing label inference attacks in vertical federated learning with dispersed training, World Wide Web (2023) 1–17.

[216]

Weng, Haiqin; Zhang, Juntao; Ma, Xingjun; Xue, Feng; Wei, Tao; Ji, Shouling; Zong, Zhiyuan (2020): Practical privacy attacks on vertical federated learning. arXiv preprint arXiv:2011.09290.

[217]

Gilbert Wondracek, Thorsten Holz, Engin Kirda, Christopher Kruegel, A practical attack to de-anonymize social network users, in: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, IEEE Computer Society, USA, 2010, pp. 223–238.

[218]

Wu, Bang; Yang, Xiangwen; Pan, Shirui; Yuan, Xingliang (2020): Model extraction attacks on graph neural networks: taxonomy and realization. CoRR arXiv:2010.12751 [abs].

[219]

Xi Wu, Matt Fredrikson, Somesh Jha, Jeffrey F. Naughton, A methodology for formalizing model-inversion attacks, in: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), 2016, pp. 355–370.

[220]

Zuxuan Wu, Ser-Nam Lim, Larry S. Davis, Tom Goldstein, Making an invisibility cloak: real world adversarial attacks on object detectors, in: European Conference on Computer Vision, Springer, 2020, pp. 1–17.

[221]

Runhua Xu, Nathalie Baracaldo, Yi Zhou, Ali Anwar, Heiko Ludwig, Hybridalpha: an efficient approach for privacy-preserving federated learning, in: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, 2019, pp. 13–23.

[222]

Runhua Xu, James B.D. Joshi, Chao Li, Cryptonn: training neural networks over encrypted data, in: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), IEEE, 2019, pp. 1199–1209.

[223]

Mingfu Xue, Chengxiang Yuan, Heyi Wu, Yushu Zhang, Weiqiang Liu, Machine learning security: threats, countermeasures, and evaluations, IEEE Access 8 (2020) 74720–74742.

[224]

Masahiro Yagisawa, Fully homomorphic encryption without bootstrapping, Cryptology ePrint Archive 2015.

[225]

Chao-Han Huck Yang, Sabato Marco Siniscalchi, Chin-Hui Lee, Pate-aae: incorporating adversarial autoencoder into private aggregation of teacher ensembles for spoken command classification, in: Interspeech, 2021.

[226]

Haomiao Yang, Mengyu Ge, Kunlan Xiang, Jingwei Li, Using highly compressed gradients in federated learning for data reconstruction attacks, IEEE Trans. Inf. Forensics Secur. 18 (2023) 818–830.

[227]

Yang, Chenkai Weng, Xiao Lan, Jiang Zhang, Xiao Wang, Ferret: fast extension for correlated ot with small communication, in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 1607–1626.

[228]

Yang, Mengwei; Song, Linqi; Xu, Jie; Li, Congduan; Tan, Guozhen (2019): The tradeoff between privacy and accuracy in anomaly detection using federated xgboost. arXiv preprint arXiv:1907.07157.

[229]

Qiang Yang, Yang Liu, Tianjian Chen, Yongxin Tong, Federated machine learning: concept and applications, ACM Trans. Intell. Syst. Technol. 10 (2) (2019) 1–19.

Digital Library

[230]

Yang, Ziqi; Shao, Bin; Xuan, Bohan; Chang, Ee-Chien; Zhang, Fan (2020): Defending model inversion and membership inference attacks via prediction purification. CoRR arXiv:2005.03915 [abs].

[231]

Ziqi Yang, Jiyi Zhang, Ee-Chien Chang, Zhenkai Liang, Neural network inversion in adversarial setting via background knowledge alignment, in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, Association for Computing Machinery, New York, NY, USA, 2019, pp. 225–240.

[232]

Andrew C. Yao, Protocols for secure computations, in: 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982), IEEE, 1982, pp. 160–164.

[233]

Lin Yao, Xue Wang, Haibo Hu, Guowei Wu, A utility-aware anonymization model for multiple sensitive attributes based on association concealment, IEEE Trans. Dependable Secure Comput. (2023) 1–12.

[234]

Dongdong Ye, Rong Yu, Miao Pan, Zhu Han, Federated learning in vehicular edge computing: a selective model aggregation approach, IEEE Access 8 (2020) 23920–23935.

[235]

Yeom, Samuel; Fredrikson, Matt; Jha, Somesh (2017): The unintended consequences of overfitting: training data inference attacks. CoRR arXiv:1709.01604 [abs].

[236]

Hongxu Yin, Arun Mallya, Arash Vahdat, Jose M. Alvarez, Jan Kautz, Pavlo Molchanov, See through gradients: image batch recovery via gradinversion, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021, pp. 16337–16346.

[237]

Joon Soo Yoo, Ji Won Yoon, t-bmpnet: trainable bitwise multilayer perceptron neural network over fully homomorphic encryption scheme, Secur. Commun. Netw. 2021 (2021) 1–19.

[238]

Yousefpour, Ashkan; Shilov, Igor; Sablayrolles, Alexandre; Testuggine, Davide; Prasad, Karthik; Malek, Mani; Nguyen, John; Ghosh, Sayan; Bharadwaj, Akash; Zhao, Jessica; Cormode, Graham; Mironov, Ilya (2021): Opacus: user-friendly differential privacy library in PyTorch. arXiv preprint arXiv:2109.12298.

[239]

Zhang, Chiyuan; Ippolito, Daphne; Lee, Katherine; Jagielski, Matthew; Tramèr, Florian; Carlini, Nicholas (2021): Counterfactual memorization in neural language models. arXiv preprint arXiv:2112.12938.

[240]

Zhang, Xiaojin; Kang, Yan; Chen, Kai; Fan, Lixin; Yang, Qiang (2022): Trading off privacy, utility and efficiency in federated learning. arXiv preprint arXiv:2209.00230.

[241]

Zhao, Bo; Mopuri, Konda Reddy; Bilen, Hakan (2020): idlg: improved deep leakage from gradients. arXiv preprint arXiv:2001.02610.

[242]

Wenting Zheng, Ryan Deng, Weikeng Chen, Raluca Ada Popa, Aurojit Panda, Ion Stoica, Cerebro: a platform for {Multi-Party} cryptographic collaborative learning, in: 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 2723–2740.

[243]

Wenting Zheng, Raluca Ada Popa, Joseph E. Gonzalez, Ion Stoica, Helen: maliciously secure coopetitive learning for linear models, in: 2019 IEEE Symposium on Security and Privacy (SP), IEEE, 2019, pp. 724–738.

[244]

Ligeng Zhu, Zhijian Liu, Song Han, Deep leakage from gradients, Adv. Neural Inf. Process. Syst. 32 (2019).

[245]

Zou, Minhui; Shi, Yang; Wang, Chengliang; Li, Fangyu; Song, Wen-Zhan; Wang, Yu (2018): Potrojan: powerful neural-level trojan designs in deep learning models. CoRR arXiv:1802.03043 [abs].

[246]

Zou, Yang; Zhang, Zhikun; Backes, Michael; Zhang, Yang (2020): Privacy analysis of deep learning in the wild: membership inference attacks against transfer learning. CoRR arXiv:2009.04872 [abs].

Cited By

Recommendations

Privacy-preserving machine learning with multiple data providers
Abstract
With the fast development of cloud computing, more and more data storage and computation are moved from the local to the cloud, especially the applications of machine learning and data analytics. However, the cloud servers are run by a ...
Highlights
- To protect data privacy, multiple parties encrypt their data under their own public key of double decryption algorithm, before outsourcing it to cloud for ...
Privacy preserving data mining - past and present

Data mining is the process of discovering patterns and correlations within the huge volume of data to forecast the outcomes. There are serious challenges occurring in data mining techniques due to privacy violation and sensitive information disclosure ...
When Machine Learning Meets Privacy: A Survey and Outlook

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 137, Issue C

Feb 2024

818 pages

Issue’s Table of Contents

The Author(s).

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 12 April 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents