Least privilege learning for attribute obfuscation

Glen Brown; Jesus Martinez-del-Rincon; Paul Miller

doi:10.1007/978-3-031-02444-3_11

Least privilege learning for attribute obfuscation

Glen Brown, Jesus Martinez-del-Rincon, Paul Miller

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

60 Downloads (Pure)

Abstract

As machine learning systems become ever more prevalent in everyday life, the need to secure such systems is becoming a critically important area in cybersecurity research. In this work, we address the “feature misuse” attack vector, where the features output by a model are abused to perform a function that they were not originally designed for, such as determining a person’s gender in a facial verification system. To mitigate this, we take the security concept of “least privilege”, where a system can only access resources it explicitly needs to complete its task, and apply it to training deep neural networks. This “least privilege learning” ensures features do not contain information regarding protected attributes that are superfluous to the primary task, reducing the potential attack surface for feature misuse and reducing undesired information leakage. In this paper, we present two main contributions. Firstly, a novel training paradigm that enables least privilege learning by obfuscating protected attributes in verification and re-identification scenarios. Secondly, a comprehensive evaluation framework for models trained with least privilege learning, encompassing multiple datasets and three application settings: verification, re-identification, and attribute prediction.

Original language	English
Title of host publication	Proceedings of the 6th Asian Conference on Pattern Recognition
Publisher	Springer
Pages	142-156
Number of pages	15
ISBN (Electronic)	9783031024443
ISBN (Print)	9783031024436
DOIs	https://doi.org/10.1007/978-3-031-02444-3_11
Publication status	Published - 10 May 2022
Event	Asian Conference on Pattern Recognition - Jeju Island, Korea, Democratic People's Republic of Duration: 09 Nov 2021 → 12 Nov 2021 Conference number: 6 http://brain.korea.ac.kr/acpr/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13189
ISSN (Print)	0302-9743

Conference

Conference	Asian Conference on Pattern Recognition
Abbreviated title	ACPR
Country/Territory	Korea, Democratic People's Republic of
Period	09/11/2021 → 12/11/2021
Internet address	http://brain.korea.ac.kr/acpr/

Access to Document

10.1007/978-3-031-02444-3_11Licence: Unspecified

Least privilege learning for attribute obfuscation
Copyright 2021 Springer. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 685 KBLicence: Unspecified

Face-based biometric systems with deep learning in non-homogenous settings
Brown, G. (Author), Martinez del Rincon, J. (Supervisor) & Miller, P. (Supervisor), Jul 2023
Student thesis: Doctoral Thesis › Doctor of Philosophy

File

Cite this

@inproceedings{0b12faa3619646e59300794b81047f80,

title = "Least privilege learning for attribute obfuscation",

abstract = "As machine learning systems become ever more prevalent in everyday life, the need to secure such systems is becoming a critically important area in cybersecurity research. In this work, we address the “feature misuse” attack vector, where the features output by a model are abused to perform a function that they were not originally designed for, such as determining a person{\textquoteright}s gender in a facial verification system. To mitigate this, we take the security concept of “least privilege”, where a system can only access resources it explicitly needs to complete its task, and apply it to training deep neural networks. This “least privilege learning” ensures features do not contain information regarding protected attributes that are superfluous to the primary task, reducing the potential attack surface for feature misuse and reducing undesired information leakage. In this paper, we present two main contributions. Firstly, a novel training paradigm that enables least privilege learning by obfuscating protected attributes in verification and re-identification scenarios. Secondly, a comprehensive evaluation framework for models trained with least privilege learning, encompassing multiple datasets and three application settings: verification, re-identification, and attribute prediction.",

author = "Glen Brown and Jesus Martinez-del-Rincon and Paul Miller",

year = "2022",

month = may,

day = "10",

doi = "10.1007/978-3-031-02444-3_11",

language = "English",

isbn = "9783031024436",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "142--156",

booktitle = "Proceedings of the 6th Asian Conference on Pattern Recognition",

note = "Asian Conference on Pattern Recognition , ACPR ; Conference date: 09-11-2021 Through 12-11-2021",

url = "http://brain.korea.ac.kr/acpr/",

}

Brown, G, Martinez-del-Rincon, J & Miller, P 2022, Least privilege learning for attribute obfuscation. in Proceedings of the 6th Asian Conference on Pattern Recognition. Lecture Notes in Computer Science, vol. 13189, Springer, pp. 142-156, Asian Conference on Pattern Recognition , Korea, Democratic People's Republic of, 09/11/2021. https://doi.org/10.1007/978-3-031-02444-3_11

TY - GEN

T1 - Least privilege learning for attribute obfuscation

AU - Brown, Glen

AU - Martinez-del-Rincon, Jesus

AU - Miller, Paul

N1 - Conference code: 6

PY - 2022/5/10

Y1 - 2022/5/10

N2 - As machine learning systems become ever more prevalent in everyday life, the need to secure such systems is becoming a critically important area in cybersecurity research. In this work, we address the “feature misuse” attack vector, where the features output by a model are abused to perform a function that they were not originally designed for, such as determining a person’s gender in a facial verification system. To mitigate this, we take the security concept of “least privilege”, where a system can only access resources it explicitly needs to complete its task, and apply it to training deep neural networks. This “least privilege learning” ensures features do not contain information regarding protected attributes that are superfluous to the primary task, reducing the potential attack surface for feature misuse and reducing undesired information leakage. In this paper, we present two main contributions. Firstly, a novel training paradigm that enables least privilege learning by obfuscating protected attributes in verification and re-identification scenarios. Secondly, a comprehensive evaluation framework for models trained with least privilege learning, encompassing multiple datasets and three application settings: verification, re-identification, and attribute prediction.

AB - As machine learning systems become ever more prevalent in everyday life, the need to secure such systems is becoming a critically important area in cybersecurity research. In this work, we address the “feature misuse” attack vector, where the features output by a model are abused to perform a function that they were not originally designed for, such as determining a person’s gender in a facial verification system. To mitigate this, we take the security concept of “least privilege”, where a system can only access resources it explicitly needs to complete its task, and apply it to training deep neural networks. This “least privilege learning” ensures features do not contain information regarding protected attributes that are superfluous to the primary task, reducing the potential attack surface for feature misuse and reducing undesired information leakage. In this paper, we present two main contributions. Firstly, a novel training paradigm that enables least privilege learning by obfuscating protected attributes in verification and re-identification scenarios. Secondly, a comprehensive evaluation framework for models trained with least privilege learning, encompassing multiple datasets and three application settings: verification, re-identification, and attribute prediction.

U2 - 10.1007/978-3-031-02444-3_11

DO - 10.1007/978-3-031-02444-3_11

M3 - Conference contribution

SN - 9783031024436

T3 - Lecture Notes in Computer Science

SP - 142

EP - 156

BT - Proceedings of the 6th Asian Conference on Pattern Recognition

PB - Springer

T2 - Asian Conference on Pattern Recognition

Y2 - 9 November 2021 through 12 November 2021

ER -

Least privilege learning for attribute obfuscation

Abstract

Publication series

Conference

Access to Document

Fingerprint

Student theses

Face-based biometric systems with deep learning in non-homogenous settings

Cite this