Home
FUTURE STUDENTS ask.UWindsor SUPPORT UWINDSOR
Faculty of Science

MSc Thesis Defense Announcement of Mehrdad Sheikhjaberi: "Reducing Model Memorization to Mitigate Membership Inference Attacks"

Wednesday, March 8, 2023 - 10:30 to 12:00

SCHOOL OF COMPUTER SCIENCE

The School of Computer Science is pleased to present…

MSc Thesis Defense by: Mehrdad Sheikhjaberi

 
Date: Wednesday, March 8, 2023
Time:  10:30 AM-12:00 PM
Location: ED 1121 (Education bldg.)
Reminders: 
1. Two-part attendance mandatory (sign-in sheet, QR Code)
2. Arrive 5-10 minutes prior to event starting - LATECOMERS WILL NOT BE ADMITTED. Due to demand, if the room has reached capacity, even if you are "early" admission is not guaranteed.
3. Be respectful of the presenter by NOT knocking on the door for admittance once the door has been closed whether the presentation has begun or not (If the room is at capacity, overflow is not permitted (ie. sitting on floors) as this is a violation of the Fire Safety code).
4. Be respectful of the decision of the advisor/host of the event if you are not given admittance. Remember, The School of Computer Science has numerous events occurring in the near future.

 

Abstract:

Given a machine learning model and a record, membership inference attacks determine whether this record was used as part of the model’s training dataset. This can raise privacy issues.
There is a desideratum to providing robust mitigation techniques against this attack that will not affect utility. One of the state-of-the-art frameworks in this area is SELENA, which has two phases: Split-AI and Distillation to train a protected model, which by giving non-members behavior to members tries to mitigate membership inference attacks.
In this thesis, we introduce a novel approach to the Split-AI phase, which tries to weaken the membership inference by using the Jacobian matrix norm and entropy. We experimentally demonstrate that by using our approach, we can decrease the memorization of the machine-learning model for two datasets: Purchase100 and CIFAR-10. We experimentally also show that our approach outperforms SELENA by  11.98% and 6.44%  in terms of attack recall for Purchase100 and CIFAR-10, respectively.
 
Keywords: Machine Learning, Membership Inference Attack, privacy-preserving machine learning, Knowledge Transfer, Jacobian Matrix, Entropy
 


MSc Thesis Committee:

Internal Reader: Dr. Mahdi Firoozjaei    
External Reader: Dr. Mohamed Belalia  
Advisor: Dr. Dima Alhadidi
Chair:    Dr. Sherif Saad Ahmed

MSc Thesis Defense Announcement

Vector Institute in Artificial Intelligence, artificial intelligence approved topic logo

5113 Lambton Tower 401 Sunset Ave. Windsor ON, N9B 3P4 (519) 253-3000 Ext. 3716 csgradinfo@uwindsor.ca