Image reconstruction attacks on distributed machine learning models

Hadjer Benkraouda, Klara Nahrstedt

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent developments in Deep Neural Networks have resulted in their wide deployment for services around many aspects of human life, including security critical domains that handle sensitive data. Congruently, we have seen a proliferation of IoT devices with limited resources. Together, these two trends have led to the distribution of data analysis, processing, and decision making between edge devices and third parties such as cloud services. In this work we assess the security of the previously proposed distributed machine learning (ML) schemes by analyzing the information leaked from the output of the edge devices, i.e. the intermediate representation (IR). We particularly look at a Deep Neural Network that is used for video/image classification and tackle the problem of image/frame reconstruction from the output of the edge device. Our work focuses on assessing whether the proposed scheme of partitioned enclave execution is secure against chosen-image attacks (CIA). Given the attacker has the capability of querying the model under attack (victim model) to create image-IR pairs, can the attacker reconstruct the private input images? In this work we show that it is possible to carry out a black-box reconstruction attack by training a CNN based encoder-decoder architecture (reconstruction model) using image-IR pairs. Our tests show that the proposed reconstruction model achieves a 70% similarity between the original image and the reconstructed image.

Original languageEnglish (US)
Title of host publicationDistributedML 2021 - Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning, Part of CoNEXT 2021
PublisherAssociation for Computing Machinery
Pages29-35
Number of pages7
ISBN (Electronic)9781450391344
DOIs
StatePublished - Dec 7 2021
Event2nd ACM International Workshop on Distributed Machine Learning, DistributedML 2021, co-located with the 17th International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2021 - Virtual, Online, Germany
Duration: Dec 7 2021 → …

Publication series

NameDistributedML 2021 - Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning, Part of CoNEXT 2021

Conference

Conference2nd ACM International Workshop on Distributed Machine Learning, DistributedML 2021, co-located with the 17th International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2021
Country/TerritoryGermany
CityVirtual, Online
Period12/7/21 → …

Keywords

  • image reconstruction
  • neural networks
  • trusted execution environment

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Image reconstruction attacks on distributed machine learning models'. Together they form a unique fingerprint.

Cite this