Defending against Reconstruction Attacks with Rényi Differential Privacy

02/15/2022
by   Pierre Stock, et al.
0

Reconstruction attacks allow an adversary to regenerate data samples of the training set using access to only a trained model. It has been recently shown that simple heuristics can reconstruct data samples from language models, making this threat scenario an important aspect of model release. Differential privacy is a known solution to such attacks, but is often used with a relatively large privacy budget (epsilon > 8) which does not translate to meaningful guarantees. In this paper we show that, for a same mechanism, we can derive privacy guarantees for reconstruction attacks that are better than the traditional ones from the literature. In particular, we show that larger privacy budgets do not protect against membership inference, but can still protect extraction of rare secrets. We show experimentally that our guarantees hold against various language models, including GPT-2 finetuned on Wikitext-103.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/28/2022

Bounding Training Data Reconstruction in Private (Deep) Learning

Differential privacy is widely accepted as the de facto method for preve...
research
02/14/2022

Deduplicating Training Data Mitigates Privacy Risks in Language Models

Past work has shown that large language models are susceptible to privac...
research
01/13/2022

Reconstructing Training Data with Informed Adversaries

Given access to a machine learning model, can an adversary reconstruct t...
research
08/15/2023

Enhancing the Antidote: Improved Pointwise Certifications against Poisoning Attacks

Poisoning attacks can disproportionately influence model behaviour by ma...
research
08/30/2021

Selective Differential Privacy for Language Modeling

With the increasing adoption of language models in applications involvin...
research
02/01/2023

Analyzing Leakage of Personally Identifiable Information in Language Models

Language Models (LMs) have been shown to leak information about training...
research
01/24/2023

Database Reconstruction Is Not So Easy and Is Different from Reidentification

In recent years, it has been claimed that releasing accurate statistical...

Please sign up or login with your details

Forgot password? Click here to reset