Survey: Leakage and Privacy at Inference Time

Marija Jegorova; Chaitanya Kaul; Charlie Mayor; Alison Q. O'Neil; Alexander Weir; Roderick Murray-Smith; Sotirios A. Tsaftaris

doi:10.1109/TPAMI.2022.3229593

Survey: Leakage and Privacy at Inference Time

Marija Jegorova, Chaitanya Kaul, Charlie Mayor, Alison Q. O'Neil, Alexander Weir, Roderick Murray-Smith, Sotirios A. Tsaftaris

Research output: Contribution to journal › Article › peer-review

Abstract

Leakage of data from publicly available Machine Learning (ML) models is an area of growing significance since commercial and government applications of ML can draw on multiple sources of data, potentially including users' and clients' sensitive data. We provide a comprehensive survey of contemporary advances on several fronts, covering involuntary data leakage which is natural to ML models, potential malicious leakage which is caused by privacy attacks, and currently available defence mechanisms. We focus on inference-time leakage, as the most likely scenario for publicly available models. We first discuss what leakage is in the context of different data, tasks, and model architectures. We then propose a taxonomy across involuntary and malicious leakage, followed by description of currently available defences, assessment metrics, and applications. We conclude with outstanding challenges and open questions, outlining some promising directions for future research.

Original language	English
Pages (from-to)	1-20
Number of pages	20
Journal	IEEE Transactions on Pattern Analysis and Machine Intelligence
Early online date	15 Dec 2022
DOIs	https://doi.org/10.1109/TPAMI.2022.3229593
Publication status	E-pub ahead of print - 15 Dec 2022

Keywords / Materials (for Non-textual outputs)

Adversarial Defences
Computational modeling
Data Anonymization
Data Leakage
Data models
Data privacy
Feature Leakage
Glass box
Inference-Time Attacks
Machine Unlearning
Membership Inference
Privacy
Privacy Attacks and Defences
Property Inference
Task analysis
Training
Training data
Verifying Forgetting

Access to Document

10.1109/TPAMI.2022.3229593

https://arxiv.org/abs/2107.01614

Cite this

@article{70e71ba34b7147c1b5fd7c13edd3e27b,

title = "Survey: Leakage and Privacy at Inference Time",

abstract = "Leakage of data from publicly available Machine Learning (ML) models is an area of growing significance since commercial and government applications of ML can draw on multiple sources of data, potentially including users' and clients' sensitive data. We provide a comprehensive survey of contemporary advances on several fronts, covering involuntary data leakage which is natural to ML models, potential malicious leakage which is caused by privacy attacks, and currently available defence mechanisms. We focus on inference-time leakage, as the most likely scenario for publicly available models. We first discuss what leakage is in the context of different data, tasks, and model architectures. We then propose a taxonomy across involuntary and malicious leakage, followed by description of currently available defences, assessment metrics, and applications. We conclude with outstanding challenges and open questions, outlining some promising directions for future research.",

keywords = "Adversarial Defences, Computational modeling, Data Anonymization, Data Leakage, Data models, Data privacy, Feature Leakage, Glass box, Inference-Time Attacks, Machine Unlearning, Membership Inference, Privacy, Privacy Attacks and Defences, Property Inference, Task analysis, Training, Training data, Verifying Forgetting",

author = "Marija Jegorova and Chaitanya Kaul and Charlie Mayor and O'Neil, {Alison Q.} and Alexander Weir and Roderick Murray-Smith and Tsaftaris, {Sotirios A.}",

note = "Publisher Copyright: IEEE",

year = "2022",

month = dec,

day = "15",

doi = "10.1109/TPAMI.2022.3229593",

language = "English",

pages = "1--20",

journal = "IEEE Transactions on Pattern Analysis and Machine Intelligence",

issn = "0162-8828",

publisher = "IEEE Computer Society",

}

TY - JOUR

T1 - Survey

T2 - Leakage and Privacy at Inference Time

AU - Jegorova, Marija

AU - Kaul, Chaitanya

AU - Mayor, Charlie

AU - O'Neil, Alison Q.

AU - Weir, Alexander

AU - Murray-Smith, Roderick

AU - Tsaftaris, Sotirios A.

N1 - Publisher Copyright: IEEE

PY - 2022/12/15

Y1 - 2022/12/15

N2 - Leakage of data from publicly available Machine Learning (ML) models is an area of growing significance since commercial and government applications of ML can draw on multiple sources of data, potentially including users' and clients' sensitive data. We provide a comprehensive survey of contemporary advances on several fronts, covering involuntary data leakage which is natural to ML models, potential malicious leakage which is caused by privacy attacks, and currently available defence mechanisms. We focus on inference-time leakage, as the most likely scenario for publicly available models. We first discuss what leakage is in the context of different data, tasks, and model architectures. We then propose a taxonomy across involuntary and malicious leakage, followed by description of currently available defences, assessment metrics, and applications. We conclude with outstanding challenges and open questions, outlining some promising directions for future research.

AB - Leakage of data from publicly available Machine Learning (ML) models is an area of growing significance since commercial and government applications of ML can draw on multiple sources of data, potentially including users' and clients' sensitive data. We provide a comprehensive survey of contemporary advances on several fronts, covering involuntary data leakage which is natural to ML models, potential malicious leakage which is caused by privacy attacks, and currently available defence mechanisms. We focus on inference-time leakage, as the most likely scenario for publicly available models. We first discuss what leakage is in the context of different data, tasks, and model architectures. We then propose a taxonomy across involuntary and malicious leakage, followed by description of currently available defences, assessment metrics, and applications. We conclude with outstanding challenges and open questions, outlining some promising directions for future research.

KW - Adversarial Defences

KW - Computational modeling

KW - Data Anonymization

KW - Data Leakage

KW - Data models

KW - Data privacy

KW - Feature Leakage

KW - Glass box

KW - Inference-Time Attacks

KW - Machine Unlearning

KW - Membership Inference

KW - Privacy

KW - Privacy Attacks and Defences

KW - Property Inference

KW - Task analysis

KW - Training

KW - Training data

KW - Verifying Forgetting

UR - http://www.scopus.com/inward/record.url?scp=85144790414&partnerID=8YFLogxK

U2 - 10.1109/TPAMI.2022.3229593

DO - 10.1109/TPAMI.2022.3229593

M3 - Article

AN - SCOPUS:85144790414

SN - 0162-8828

SP - 1

EP - 20

JO - IEEE Transactions on Pattern Analysis and Machine Intelligence

JF - IEEE Transactions on Pattern Analysis and Machine Intelligence

ER -

Survey: Leakage and Privacy at Inference Time

Abstract

Keywords / Materials (for Non-textual outputs)

Access to Document

Other files and links

Fingerprint

Canon Medical / RAEng Senior Research Fellow in Healthcare AI

iCAIRD: Industrial Centre for AI Research in Digital Diagnostics