PEDS: Privately Encoded Deep Synthesis to Mitigate Membership Inference Attacks
摘要
IoT devices are widely deployed in critical infrastructure, often generating sensitive data that is processed by Machine Learning (ML) techniques. Among other applications, ML is leveraged in intrusion detection systems (IDSs) to detect cyberattacks. However, ML-based IDSs are vulnerable to adversarial attacks such as the Membership Inference Attack (MIA), in which an attacker attempts to infer whether a specific data point was present in the training dataset. This can be exploited by attackers to gain insights into the normal behavior of IoT devices and launch stealth attacks. While MIA has been widely demonstrated in image recognition, its effectiveness against ML-based IDS for IoT is poorly understood. In this work, we investigate the effectiveness of MIA against ML-based IDS. We propose a novel differential-private approach called PEDS, which leverages a sparse autoencoder and restricted Boltzmann machine to protect IDS training data against MIAs by synthesizing data points. We empirically evaluate the effectiveness of PEDS on real-world IoT datasets and show that it can substantially hinder the accuracy of MIAs while maintaining high IDS detection performance and enhancing privacy. We compare PEDS with six state-of-the-art synthesizers, including autoencoder-, kernel-, diffusion-model-, and GAN-based methods. The empirical results show that PEDS outperforms these state-of-the-art methods on five popular IoT/IDS datasets, indicating its potential to enhance security and privacy in ML-based IDSs.