%0 Conference Proceedings
%T Reconstruction attack through classifier analysis
%+ Confidentialité, Intégrité, Disponibilité et Répartition (CIDRE)
%+ CIDER
%A Gambs, Sébastien
%A Gmati, Ahmed
%A Hurfin, Michel
%Z Part 8: Probabilistic Attacks and Protection (Short Papers)
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 26th Conference on Data and Applications Security and Privacy (DBSec)
%C Paris, France
%Y Nora Cuppens-Boulahia
%Y Frédéric Cuppens
%Y Joaquin Garcia-Alfaro
%I Springer
%3 Data and Applications Security and Privacy XXVII
%V LNCS-7371
%P 274-281
%8 2012-07-11
%D 2012
%R 10.1007/978-3-642-31540-4_21
%K Privacy
%K Data Mining
%K Inference Attacks
%K Decision Trees
%Z Computer Science [cs]
%Z Computer Science [cs]/Cryptography and Security [cs.CR]Conference papers
%X In this paper, we introduce a novel inference attack that we coin as the reconstruction attack whose objective is to reconstruct a probabilistic version of the original dataset on which a classifier was learnt from the description of this classifier and possibly some auxiliary information. In a nutshell, the reconstruction attack exploits the structure of the classifier in order to derive a probabilistic version of dataset on which this model has been trained. Moreover, we propose a general framework that can be used to assess the success of a reconstruction attack in terms of a novel distance between the reconstructed and original datasets. In case of multiple releases of classifiers, we also give a strategy that can be used to merge the different reconstructed datasets into a single coherent one that is closer to the original dataset than any of the simple reconstructed datasets. Finally, we give an instantiation of this reconstruction attack on a decision tree classifier that was learnt using the algorithm C4.5 and evaluate experimentally its efficiency. The results of this experimentation demonstrate that the proposed attack is able to reconstruct a significant part of the original dataset, thus highlighting the need to develop new learning algorithms whose output is specifically tailored to mitigate the success of this type of attack.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-00736945/document
%2 https://inria.hal.science/hal-00736945/file/978-3-642-31540-4_21_Chapter.pdf
%L hal-00736945
%U https://inria.hal.science/hal-00736945
%~ SUPELEC
%~ INSTITUT-TELECOM
%~ EC-PARIS
%~ UNIV-RENNES1
%~ CNRS
%~ INRIA
%~ UNIV-UBS
%~ INSA-RENNES
%~ INRIA-RENNES
%~ IRISA
%~ IRISA_SET
%~ INRIA_TEST
%~ SUP_CIDRE
%~ TESTALAIN1
%~ IFIP-LNCS
%~ IFIP
%~ IRISA-D1
%~ INRIA2
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ UR1-HAL
%~ UR1-MATH-STIC
%~ UR1-UFR-ISTIC
%~ IFIP-LNCS-7371
%~ TEST-UNIV-RENNES
%~ TEST-UR-CSS
%~ UNIV-RENNES
%~ INRIA-RENGRE
%~ INSTITUTS-TELECOM
%~ UR1-MATH-NUM
%~ TEST3-HALCNRS