Connect with us
Synthetic data does not provide strong privacy protection Synthetic data does not provide strong privacy protection

Security

Synthetic data does not provide strong privacy protection

Published

on

Protection is provided only by reducing the usefulness of the information retrieval systems that use them.

Results of the new research experts from the Ecole Polytechnique Lausanne (EPFL) in Paris and University College London (UCL) are questioning the growing belief that synthetic data can solve the privacy concerns that threaten machine learning progress.

According to experts, synthetic data, modeled on real data, retains enough authentic information to successfully conduct inference and membership attacks aimed at deanonymizing data and re-establishing connections with real people.

“Having access to a synthetic dataset, the adversary can, with a high degree of confidence, conclude that there is a target record in the source data,” the experts said.

Differential private synthetic data hiding the signature of individual records does protect people’s privacy, but only at the expense of significantly reducing the usefulness of the information retrieval systems that use them. Synthetic datasets do not provide the required level of transparency, the researchers said.

Researchers have tested existing proprietary generative model learning algorithms and found that certain implementation decisions violate formal confidentiality guarantees, leaving various records vulnerable to inference attacks.

The authors have proposed a revised version of each algorithm, potentially mitigating these risks, and making the code available as an open source library. This will help researchers evaluate the increased privacy of synthetic data and compare popular anonymization methods.

For research purposes, the researchers evaluated the privacy enhancement using five generative model learning algorithms. Three models do not provide explicit confidentiality protections, while the other two provide differentiated confidentiality guarantees. These tabular models have been chosen to represent a wide variety of architectures. During the experiment, tabular models were attacked BayNet , PrivBay (derived from PrivBayes and BayNet), CTGAN , PATEGAN and IndHist

The Model Evaluation Framework was implemented as a Python library with two main classes, GenerativeModels and PrivacyAttacks. The platform can also measure the privacy benefits of anonymous and synthetic data.

The tests used two datasets: an adult dataset from the UCI machine learning repository and a shared hospital discharge data file from the Texas Department of Health. The version of the Texas dataset used by the researchers contained 50,000 records taken from 2013 patient records.

The authors selected two target groups, consisting of five randomly selected records for the “minority” population categories, as they are most at risk of bridging attacks. They also selected records with “sparse categorical attribute values” outside the 95% quantile of those attributes. Examples include records associated with a high risk of mortality, high overall hospital costs, and severity of illness.

Multiple attack models were trained from publicly available reference information to develop “shadow models” for ten targets. A number of experiments showed that a number of recordings were “very vulnerable” to attacks. The results also showed that 20% of all targets in the tests received zero privacy gains from synthetic GAN data.

The results varied depending on the method used to generate the synthetic data, the attack vector, and the characteristics of the target dataset. In many cases, effective suppression of personality using synthetic data approaches reduces the usefulness of the systems. In fact, the usefulness and accuracy of such systems can in many cases be a direct indicator of how vulnerable they are to re-identification attacks.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal

Published

on

Is Elon Musks Satellite Internet Under Threat Enthusiast Hacked Starlink

At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

This is what the Starlink terminal looks like

According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.

Continue Reading

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Security

Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once

Published

on

Samsung is ahead of the curve again The company released

Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.

Samsung is ahead of the curve again.  The company released the August security patch for three flagship lines at once

Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.

Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.

Continue Reading

Most Popular