Deep learning systems, particularly neural networks, have proliferated in a wide range of applications, including privacy-sensitive use cases such as facial recognition and medical diagnoses. However, these models are vulnerable to privacy attacks that target both the intellectual property of the model and the confidentiality of the training data. Recent literature has seen an arms race between privacy attacks and defenses on various systems. And until now, engineers and researchers have not had the privacy analysis tools they need to rival this trend.
Hence, we developed PrivacyRaven: a comprehensive privacy testing suite for deep learning systems optimized for usability and efficiency. With PrivacyRaven, users can determine the susceptibility of a model to privacy attacks; systematically evaluate different privacy preserving machine learning techniques; develop novel privacy metrics and attacks; and repurpose attacks for data provenance and other use cases. In addtion, model extraction, membership inference, model inversion, and other privacy attacks and metric calculations can be quickly prototyped and launched in PrivacyRaven, which leverages a modular design to facilitate flexible experimentation.
Resources
Presented at
- OpenMined Privacy Conference 2020
- Empire Hacking, August 2020
Authored by
- Suha Hussain