Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2020-11-03

AUTHORS

Yang He , Shadi Rahimian , Bernt Schiele , Mario Fritz

ABSTRACT

Today’s success of state of the art methods for semantic segmentation is driven by large datasets. Data is considered an important asset that needs to be protected, as the collection and annotation of such datasets comes at significant efforts and associated costs. In addition, visual data might contain private or sensitive information, that makes it equally unsuited for public release. Unfortunately, recent work on membership inference in the broader area of adversarial machine learning and inference attacks on machine learning models has shown that even black box classifiers leak information on the dataset that they were trained on. We show that such membership inference attacks can be successfully carried out on complex, state of the art models for semantic segmentation. In order to mitigate the associated risks, we also study a series of defenses against such membership inference attacks and find effective counter measures against the existing risks with little effect on the utility of the segmentation method. Finally, we extensively evaluate our attacks and defenses on a range of relevant real-world datasets: Cityscapes, BDD100K, and Mapillary Vistas. Our source code and demos are available at https://github.com/SSAW14/segmentation_membership_inference. More... »

PAGES

519-535

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-58592-1_31

DOI

http://dx.doi.org/10.1007/978-3-030-58592-1_31

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1132269446


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbr\u00fccken, Germany", 
          "id": "http://www.grid.ac/institutes/grid.419528.3", 
          "name": [
            "CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany", 
            "Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbr\u00fccken, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "He", 
        "givenName": "Yang", 
        "id": "sg:person.010655401332.41", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010655401332.41"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany", 
          "id": "http://www.grid.ac/institutes/grid.507511.7", 
          "name": [
            "CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rahimian", 
        "givenName": "Shadi", 
        "id": "sg:person.013044521007.07", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013044521007.07"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbr\u00fccken, Germany", 
          "id": "http://www.grid.ac/institutes/grid.419528.3", 
          "name": [
            "Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbr\u00fccken, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Schiele", 
        "givenName": "Bernt", 
        "id": "sg:person.01174260421.90", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01174260421.90"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany", 
          "id": "http://www.grid.ac/institutes/grid.507511.7", 
          "name": [
            "CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fritz", 
        "givenName": "Mario", 
        "id": "sg:person.013361072755.17", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013361072755.17"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2020-11-03", 
    "datePublishedReg": "2020-11-03", 
    "description": "Today\u2019s success of state of the art methods for semantic segmentation is driven by large datasets. Data is considered an important asset that needs to be protected, as the collection and annotation of such datasets comes at significant efforts and associated costs. In addition, visual data might contain private or sensitive information, that makes it equally unsuited for public release. Unfortunately, recent work on membership inference in the broader area of adversarial machine learning and inference attacks on machine learning models has shown that even black box classifiers leak information on the dataset that they were trained on. We show that such membership inference attacks can be successfully carried out on complex, state of the art models for semantic segmentation. In order to mitigate the associated risks, we also study a series of defenses against such membership inference attacks and find effective counter measures against the existing risks with little effect on the utility of the segmentation method. Finally, we extensively evaluate our attacks and defenses on a range of relevant real-world datasets: Cityscapes, BDD100K, and Mapillary Vistas. Our source code and demos are available at https://github.com/SSAW14/segmentation_membership_inference.", 
    "editor": [
      {
        "familyName": "Vedaldi", 
        "givenName": "Andrea", 
        "type": "Person"
      }, 
      {
        "familyName": "Bischof", 
        "givenName": "Horst", 
        "type": "Person"
      }, 
      {
        "familyName": "Brox", 
        "givenName": "Thomas", 
        "type": "Person"
      }, 
      {
        "familyName": "Frahm", 
        "givenName": "Jan-Michael", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-58592-1_31", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-58591-4", 
        "978-3-030-58592-1"
      ], 
      "name": "Computer Vision \u2013 ECCV 2020", 
      "type": "Book"
    }, 
    "keywords": [
      "membership inference attacks", 
      "inference attacks", 
      "semantic segmentation", 
      "Adversarial Machine Learning", 
      "semantic image segmentation", 
      "real-world datasets", 
      "black-box classifiers", 
      "machine learning models", 
      "sensitive information", 
      "membership inference", 
      "Mapillary Vistas", 
      "machine learning", 
      "BDD100K", 
      "image segmentation", 
      "source code", 
      "visual data", 
      "art methods", 
      "segmentation method", 
      "learning model", 
      "box classifier", 
      "art models", 
      "such datasets", 
      "large datasets", 
      "segmentation", 
      "dataset", 
      "series of defences", 
      "counter measures", 
      "attacks", 
      "public release", 
      "relevant real-world dataset", 
      "important asset", 
      "effective counter measures", 
      "today's success", 
      "significant efforts", 
      "classifier", 
      "information", 
      "annotation", 
      "demo", 
      "learning", 
      "cityscape", 
      "recent work", 
      "code", 
      "broad areas", 
      "model", 
      "inference", 
      "data", 
      "method", 
      "cost", 
      "collection", 
      "assets", 
      "success", 
      "work", 
      "state", 
      "order", 
      "efforts", 
      "defense", 
      "utility", 
      "vistas", 
      "area", 
      "measures", 
      "addition", 
      "series", 
      "range", 
      "risk", 
      "effect", 
      "release", 
      "little effect"
    ], 
    "name": "Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation", 
    "pagination": "519-535", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1132269446"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-58592-1_31"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-58592-1_31", 
      "https://app.dimensions.ai/details/publication/pub.1132269446"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-11-24T21:19", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221124/entities/gbq_results/chapter/chapter_453.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-58592-1_31"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-58592-1_31'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-58592-1_31'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-58592-1_31'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-58592-1_31'


 

This table displays all metadata directly associated to this object as RDF triples.

166 TRIPLES      22 PREDICATES      91 URIs      84 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-58592-1_31 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author Na0bf69aaf90745278171ea29ccfb9257
4 schema:datePublished 2020-11-03
5 schema:datePublishedReg 2020-11-03
6 schema:description Today’s success of state of the art methods for semantic segmentation is driven by large datasets. Data is considered an important asset that needs to be protected, as the collection and annotation of such datasets comes at significant efforts and associated costs. In addition, visual data might contain private or sensitive information, that makes it equally unsuited for public release. Unfortunately, recent work on membership inference in the broader area of adversarial machine learning and inference attacks on machine learning models has shown that even black box classifiers leak information on the dataset that they were trained on. We show that such membership inference attacks can be successfully carried out on complex, state of the art models for semantic segmentation. In order to mitigate the associated risks, we also study a series of defenses against such membership inference attacks and find effective counter measures against the existing risks with little effect on the utility of the segmentation method. Finally, we extensively evaluate our attacks and defenses on a range of relevant real-world datasets: Cityscapes, BDD100K, and Mapillary Vistas. Our source code and demos are available at https://github.com/SSAW14/segmentation_membership_inference.
7 schema:editor N61d097619fd54562b1d1448899247665
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Ne2eaef8fda51426fa9792c1e884f2769
11 schema:keywords Adversarial Machine Learning
12 BDD100K
13 Mapillary Vistas
14 addition
15 annotation
16 area
17 art methods
18 art models
19 assets
20 attacks
21 black-box classifiers
22 box classifier
23 broad areas
24 cityscape
25 classifier
26 code
27 collection
28 cost
29 counter measures
30 data
31 dataset
32 defense
33 demo
34 effect
35 effective counter measures
36 efforts
37 image segmentation
38 important asset
39 inference
40 inference attacks
41 information
42 large datasets
43 learning
44 learning model
45 little effect
46 machine learning
47 machine learning models
48 measures
49 membership inference
50 membership inference attacks
51 method
52 model
53 order
54 public release
55 range
56 real-world datasets
57 recent work
58 release
59 relevant real-world dataset
60 risk
61 segmentation
62 segmentation method
63 semantic image segmentation
64 semantic segmentation
65 sensitive information
66 series
67 series of defences
68 significant efforts
69 source code
70 state
71 success
72 such datasets
73 today's success
74 utility
75 vistas
76 visual data
77 work
78 schema:name Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation
79 schema:pagination 519-535
80 schema:productId N8a9349ec389d4068b38c338ee99d7b51
81 Ncfa4f4f1ae43441bb0d2e2afe4f787b3
82 schema:publisher Na25fbf016d6a4548a082d5410e1c75da
83 schema:sameAs https://app.dimensions.ai/details/publication/pub.1132269446
84 https://doi.org/10.1007/978-3-030-58592-1_31
85 schema:sdDatePublished 2022-11-24T21:19
86 schema:sdLicense https://scigraph.springernature.com/explorer/license/
87 schema:sdPublisher Ndb8ba78ce0174ddc93b8f20f36281062
88 schema:url https://doi.org/10.1007/978-3-030-58592-1_31
89 sgo:license sg:explorer/license/
90 sgo:sdDataset chapters
91 rdf:type schema:Chapter
92 N093124fe866a48e481c360aee2c783ea rdf:first sg:person.01174260421.90
93 rdf:rest Na9db9907d3074465b3a0fa2fb26a29d5
94 N0eb7e0e6d23440f191c44a08f95d5bdc rdf:first Nb5527a6efde04c00b423b8137fccecfa
95 rdf:rest N98dcd4ba6c0741bcbafbbb8837aa2877
96 N3bd66e1d637b4027a8c0ade75c375029 schema:familyName Frahm
97 schema:givenName Jan-Michael
98 rdf:type schema:Person
99 N3bf069885e8745cbbbccb6c79c66bfe0 rdf:first sg:person.013044521007.07
100 rdf:rest N093124fe866a48e481c360aee2c783ea
101 N61d097619fd54562b1d1448899247665 rdf:first N9e806776359d4669bda50dc5cbf46389
102 rdf:rest N0eb7e0e6d23440f191c44a08f95d5bdc
103 N8a9349ec389d4068b38c338ee99d7b51 schema:name dimensions_id
104 schema:value pub.1132269446
105 rdf:type schema:PropertyValue
106 N98dcd4ba6c0741bcbafbbb8837aa2877 rdf:first Nae41eaf9d3bd45c5900a8bb7a432d55d
107 rdf:rest Nb99301fb2201400c813be498c242e428
108 N9e806776359d4669bda50dc5cbf46389 schema:familyName Vedaldi
109 schema:givenName Andrea
110 rdf:type schema:Person
111 Na0bf69aaf90745278171ea29ccfb9257 rdf:first sg:person.010655401332.41
112 rdf:rest N3bf069885e8745cbbbccb6c79c66bfe0
113 Na25fbf016d6a4548a082d5410e1c75da schema:name Springer Nature
114 rdf:type schema:Organisation
115 Na9db9907d3074465b3a0fa2fb26a29d5 rdf:first sg:person.013361072755.17
116 rdf:rest rdf:nil
117 Nae41eaf9d3bd45c5900a8bb7a432d55d schema:familyName Brox
118 schema:givenName Thomas
119 rdf:type schema:Person
120 Nb5527a6efde04c00b423b8137fccecfa schema:familyName Bischof
121 schema:givenName Horst
122 rdf:type schema:Person
123 Nb99301fb2201400c813be498c242e428 rdf:first N3bd66e1d637b4027a8c0ade75c375029
124 rdf:rest rdf:nil
125 Ncfa4f4f1ae43441bb0d2e2afe4f787b3 schema:name doi
126 schema:value 10.1007/978-3-030-58592-1_31
127 rdf:type schema:PropertyValue
128 Ndb8ba78ce0174ddc93b8f20f36281062 schema:name Springer Nature - SN SciGraph project
129 rdf:type schema:Organization
130 Ne2eaef8fda51426fa9792c1e884f2769 schema:isbn 978-3-030-58591-4
131 978-3-030-58592-1
132 schema:name Computer Vision – ECCV 2020
133 rdf:type schema:Book
134 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
135 schema:name Information and Computing Sciences
136 rdf:type schema:DefinedTerm
137 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
138 schema:name Artificial Intelligence and Image Processing
139 rdf:type schema:DefinedTerm
140 sg:person.010655401332.41 schema:affiliation grid-institutes:grid.419528.3
141 schema:familyName He
142 schema:givenName Yang
143 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010655401332.41
144 rdf:type schema:Person
145 sg:person.01174260421.90 schema:affiliation grid-institutes:grid.419528.3
146 schema:familyName Schiele
147 schema:givenName Bernt
148 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01174260421.90
149 rdf:type schema:Person
150 sg:person.013044521007.07 schema:affiliation grid-institutes:grid.507511.7
151 schema:familyName Rahimian
152 schema:givenName Shadi
153 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013044521007.07
154 rdf:type schema:Person
155 sg:person.013361072755.17 schema:affiliation grid-institutes:grid.507511.7
156 schema:familyName Fritz
157 schema:givenName Mario
158 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013361072755.17
159 rdf:type schema:Person
160 grid-institutes:grid.419528.3 schema:alternateName Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbrücken, Germany
161 schema:name CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
162 Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbrücken, Germany
163 rdf:type schema:Organization
164 grid-institutes:grid.507511.7 schema:alternateName CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
165 schema:name CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
166 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...