On the Privacy Risks of Cell-Based NAS Architectures
Date
November 7, 2022
Author
Hai Huang, CISPA Helmholtz Center for Information Security, Saarbrücken, Germany; Zhikun Zhang, CISPA Helmholtz Center for Information Security, Saarbrücken, Germany; Yun Shen, NetApp, Bristol, England UK; Michael Backes, CISPA Helmholtz Center for Information Security, Saarbrücken, Germany; Qi Li, Tsinghua University, Zhongguancun Lab, Beijing, China; Yang Zhang, CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security November 2022
Existing studies on neural architecture search (NAS) mainly focus on efficiently and effectively searching for network architectures with better performance. Little progress has been made to systematically understand if the NAS-searched architectures are robust to privacy attacks while abundant work has already shown that human-designed architectures are prone to privacy attacks. In this paper, we fill this gap and systematically measure the privacy risks of NAS architectures. Leveraging the insights from our measurement study, we further explore the cell patterns of cell-based NAS architectures and evaluate how the cell patterns affect the privacy risks of NAS-searched architectures. Through extensive experiments, we shed light on how to design robust NAS architectures against privacy attacks, and also offer a general methodology to understand the hidden correlation between the NAS-searched architectures and other privacy risks.
Resources
The paper can be found at: https://dl.acm.org/doi/10.1145/3548606.3560619
