Citation

BibTex format

@inproceedings{Cretu:2022:10.1145/3548606.3560581,
author = {Cretu, A-M and Houssiau, F and Cully, A and de, Montjoye Y-A},
doi = {10.1145/3548606.3560581},
pages = {623--637},
publisher = {ACM},
title = {QuerySnout: automating the discovery of attribute inference attacks against query-based systems},
url = {http://dx.doi.org/10.1145/3548606.3560581},
year = {2022}
}

RIS format (EndNote, RefMan)

TY  - CPAPER
AB - Although query-based systems (QBS) have become one of the main solutions to share data anonymously, building QBSes that robustly protect the privacy of individuals contributing to the dataset is a hard problem. Theoretical solutions relying on differential privacy guarantees are difficult to implement correctly with reasonable accuracy, while ad-hoc solutions might contain unknown vulnerabilities. Evaluating the privacy provided by QBSes must thus be done by evaluating the accuracy of a wide range of privacy attacks. However, existing attacks against QBSes require time and expertise to develop, need to be manually tailored to the specific systems attacked, and are limited in scope. In this paper, we develop QuerySnout, the first method to automatically discover vulnerabilities in query-based systems. QuerySnout takes as input a target record and the QBS as a black box, analyzes its behavior on one or more datasets, and outputs a multiset of queries together with a rule to combine answers to them in order to reveal the sensitive attribute of the target record. QuerySnout uses evolutionary search techniques based on a novel mutation operator to find a multiset of queries susceptible to lead to an attack, and a machine learning classifier to infer the sensitive attribute from answers to the queries selected. We showcase the versatility of QuerySnout by applying it to two attack scenarios (assuming access to either the private dataset or to a different dataset from the same distribution), three real-world datasets, and a variety of protection mechanisms. We show the attacks found by QuerySnout to consistently equate or outperform, sometimes by a large margin, the best attacks from the literature. We finally show how QuerySnout can be extended to QBSes that require a budget, and apply QuerySnout to a simple QBS based on the Laplace mechanism. Taken together, our results show how powerful and accurate attacks against QBSes can already be found by an automated system, allo
AU - Cretu,A-M
AU - Houssiau,F
AU - Cully,A
AU - de,Montjoye Y-A
DO - 10.1145/3548606.3560581
EP - 637
PB - ACM
PY - 2022///
SP - 623
TI - QuerySnout: automating the discovery of attribute inference attacks against query-based systems
UR - http://dx.doi.org/10.1145/3548606.3560581
UR - http://hdl.handle.net/10044/1/101286
ER -

Contact us

Artificial Intelligence Network
South Kensington Campus
Imperial College London
SW7 2AZ

To reach the elected speaker of the network, Dr Rossella Arcucci, please contact:

ai-speaker@imperial.ac.uk

To reach the network manager, Diana O'Malley - including to join the network - please contact:

ai-net-manager@imperial.ac.uk