Abstract
To efficiently monitor the growth and evolution of a particular wildlife population, one of the main fundamental challenges to address in animal ecology is the re-identification of individuals that have been previously encountered but also the discrimination between known and unknown individuals (the so-called "open-set problem"), which is the first step to realize before re-identification. In particular, in this work, we are interested in the discrimination within digital photos of beluga whales, which are known to be among the most challenging marine species to discriminate due to their lack of distinctive features. To tackle this problem, we propose a novel approach based on the use of Membership Inference Attacks (MIAs), which are normally used to assess the privacy risks associated with releasing a particular machine learning model. More precisely, we demonstrate that the problem of discriminating between known and unknown individuals can be solved efficiently using state-of-the-art approaches for MIAs. Extensive experiments on three benchmark datasets related to whales, two different neural network architectures, and three MIA clearly demonstrate the performance of the approach. In addition, we have also designed a novel MIA strategy that we coined as ensemble MIA, which combines the outputs of different MIAs to increase the attack accuracy while diminishing the false positive rate. Overall, one of our main objectives is also to show that the research on privacy attacks can also be leveraged "for good" by helping to address practical challenges encountered in animal ecology.
Abstract (translated)
要高效监测特定野生动物种群的增长和进化,动物生态学中的主要基本挑战之一是重新识别已知和未知的个体,同时也解决已知和未知的个体之间的歧视问题(所谓的“开放集问题”),这是实现重新识别之前的第一步。特别地,在这项工作中,我们关注的是数字照片中beluga鲸的歧视,由于它们缺乏独特特征,因此被认为是歧视最困难的海洋物种之一。为了解决这个问题,我们提出了一种基于使用成员推断攻击(MIA)的新方法,通常用于评估释放特定机器学习模型的隐私风险。更具体地说,我们证明可以通过使用MIA的最新方法来解决已知和未知的个体之间的歧视问题。对三个与鲸鱼相关的基准数据集、两种不同的神经网络架构和三个MIA的广泛实验清楚地证明了方法的性能。此外,我们还设计了一种新的MIA策略,称为综合MIA,它结合不同MIA的输出来提高攻击准确性,同时减少误报率。总的来说,我们的主要目标是展示隐私攻击研究也可以“利用好”以帮助解决动物生态学中实际挑战。
URL
https://arxiv.org/abs/2302.14769
