Cyber Daily Report

News

Home News

NDSS 2025 – DLBox: New Model Training Framework For Protecting Training Data

  • None--securityboulevard.com
  • published date: 2026-01-03 00:00:00 UTC

None

<p>Session 7D: ML Security </p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/_b4GlVgIJIc?si=YbIsom00JjsME_NE" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true">Authors, Creators &amp; Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University) <p></p><center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">DLBox: New Model Training Framework For Protecting Training Data <p></p><center data-preserve-html-node="true">Sharing training data for deep learning raises critical concerns about data leakage, as third-party AI developers take full control over the data once it is handed over to them. The problem becomes even worse if the model trained using the data should be returned to the third-party AI developers – e.g., healthcare startup training its own model using the medical data rented from a hospital. In this case, the malicious developers can easily leak the training data through the model as he can construct an arbitrary data flow between them – e.g., directly encoding raw training data into the model, or stealthily biasing the model to resemble the training data. However, current model training frameworks do not provide any protection to prevent such training data leakage, allowing the untrusted AI developers to leak the data without any restriction. This paper proposes DLBox, a new model training framework to minimize the attack vectors raised by untrusted AI developers. Since it is infeasible to completely prevent data leakage through the model, the goal of DLBox is to allow only a benign model training such that the data leakage through invalid paths are minimized. The key insight of DLBox is that the model training is a statistical process of learning common patterns from a dataset. Based on it, DLBox defines DGM-Rules, which determine whether a model training code from a developer is benign or not. Then, DLBox leverages confidential computing to redesign current model training framework, enforcing only DGM-Rules-based training. Therefore, untrusted AI developers are strictly limited to obtain only the benignly trained model, prohibited from intentionally leaking the data. We implemented the prototype of DLBox on PyTorch with AMD SEV-SNP, and demonstrated that DLBox eliminates large attack vectors by preventing previous attacks (e.g., data encoding, and gradient inversion) while imposing minimal performance overhead. <hr> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <hr> <p>Our thanks to the <a href="https://www.ndss-symposium.org/">Network and Distributed System Security (NDSS) Symposium</a> for publishing their Creators, Authors and Presenter’s superb <a href="https://www.youtube.com/@NDSSSymposium">NDSS Symposium 2025 Conference</a> content on the <a href="https://www.ndss-symposium.org/">Organizations’</a> <a href="https://youtube.com/@ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel</a>. </p> <p></p></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2026/1/3/ndss-2025-dlbox-new-model-training-framework-for-protecting-training-data">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/ndss-2025-dlbox-new-model-training-framework-for-protecting-training-data/" data-a2a-title="NDSS 2025 – DLBox: New Model Training Framework For Protecting Training Data"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fndss-2025-dlbox-new-model-training-framework-for-protecting-training-data%2F&amp;linkname=NDSS%202025%20%E2%80%93%20DLBox%3A%20New%20Model%20Training%20Framework%20For%20Protecting%20Training%20Data" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fndss-2025-dlbox-new-model-training-framework-for-protecting-training-data%2F&amp;linkname=NDSS%202025%20%E2%80%93%20DLBox%3A%20New%20Model%20Training%20Framework%20For%20Protecting%20Training%20Data" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fndss-2025-dlbox-new-model-training-framework-for-protecting-training-data%2F&amp;linkname=NDSS%202025%20%E2%80%93%20DLBox%3A%20New%20Model%20Training%20Framework%20For%20Protecting%20Training%20Data" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fndss-2025-dlbox-new-model-training-framework-for-protecting-training-data%2F&amp;linkname=NDSS%202025%20%E2%80%93%20DLBox%3A%20New%20Model%20Training%20Framework%20For%20Protecting%20Training%20Data" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fndss-2025-dlbox-new-model-training-framework-for-protecting-training-data%2F&amp;linkname=NDSS%202025%20%E2%80%93%20DLBox%3A%20New%20Model%20Training%20Framework%20For%20Protecting%20Training%20Data" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/_b4GlVgIJIc?si=YbIsom00JjsME_NE">https://www.youtube-nocookie.com/embed/_b4GlVgIJIc?si=YbIsom00JjsME_NE</a> </p>

Most Popular

API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared

  • None -- securityboulevard.com
  • Published date: 2026-01-04 00:00:00 UTC

Are industry leaders satisfied with current AI security measures

  • None -- securityboulevard.com
  • Published date: 2026-01-04 00:00:00 UTC

How are cybersecurity teams supported by latest secrets management tools

  • None -- securityboulevard.com
  • Published date: 2026-01-04 00:00:00 UTC

Are current NHI security measures truly impenetrable

  • None -- securityboulevard.com
  • Published date: 2026-01-04 00:00:00 UTC

How much freedom do companies have in choosing NHIs

  • None -- securityboulevard.com
  • Published date: 2026-01-04 00:00:00 UTC