The best poster award from the 18th International Conference on Security and Cryptography (SECRYPT 2021) goes to the paper entitled "Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity", the result of Mathias Parisot's project conducted for his bachelor thesis at the Computer Science program. For this project, Mathias was supervised by Dr Dayana Spagnuelo, affiliated with the UCDS research group, and by Dr Balazs Pejo from the CrySys Lab at the Budapest University of Technology and Economics in a novel collaboration between the groups. Mathias graduated with honors (Cum Laude), and moved to UvA where he is currently a student of the Masters program in Artificial Intelligence.
Their work investigates Property Inference Attacks (PIA) focusing on Convolutional Neural Network classifiers (CNN). The goal of PIAs is to, using knowledge of a given trained model, try to uncover properties from the original dataset that are not necessarily related to the task at hand. For instance, in this paper, the authors train a CNN to identify in a picture whether a person has their mouth open, while the attacker tries to identify whether the training dataset was balanced gender-wise. PIAs were already investigated in some other contexts, but this paper investigates the impact of CNN's complexity in the accuracy of the attack. The full version of the paper can be found here.