Protecting Machine Learning Models from Training Data Set Extraction

Protecting Machine Learning Models from Training Data Set Extraction

연구 분야: Artificial Intelligence

학회: Automatic Control and Computer Sciences

The problem of protecting machine learning models from the threat of data privacy violation implementing membership inference in training data sets is considered. A method of protective noising of the training set is proposed. It is experimentally shown that Gaussian noising of training data with a scale of 0.2 is the simplest and most effective way to protect machine learning models from membership inference in the training set. In comparison with alternatives, this method is easy to implement, universal in relation to types of models, and allows reducing the effectiveness of membership inference to 26 percentage points.