On the Privacy Risks of Cell-Based NAS Architectures

ACM CCS 2022

Hai Huang1 Zhikun Zhang1 Yun Shen2 Michael Backes1 Qi Li3 Yang Zhang1

1. CISPA Helmholtz Center for Information Security 2. NetApp 3. Tsinghua University


Existing neural architecture search (NAS) research mainly focuses on efficiently and effectively searching for network architectures with better performance. Little progress has been made to systematically understand if the NAS-searched architectures are robust to privacy attacks while abundant work has already shown that human-designed architectures are prone to privacy attacks. In this paper, we fill this gap and systematically measure the privacy risks of NAS architectures. Leveraging the insights from our measurement study, we also explore the cell patterns of cell-based NAS architectures and evaluate how the cell patterns affect the privacy risks of NAS-searched architectures. Through extensive experiments, we shed light on how to design NAS architectures more robust against privacy attacks, and also offer a general methodology to explore the hidden correlation between the NAS-searched architectures and any other privacy risks.



    author = {Hai Huang and Zhikun Zhang and Yun Shen and Michael Backes and Qi Li and Yang Zhang},
    title = {{On the Privacy Risks of Cell-Based NAS Architectures}},
    booktitle = {{ACM CCS}},
    publisher = {},
    year = {2022},