Quantifying identifiability to choose and audit ε in differentially private deep learning

03/04/2021
by   Daniel Bernau, et al.
0

Differential privacy allows bounding the influence that training data records have on a machine learning model. To use differential privacy in machine learning, data scientists must choose privacy parameters (ϵ,δ). Choosing meaningful privacy parameters is key since models trained with weak privacy parameters might result in excessive privacy leakage, while strong privacy parameters might overly degrade model utility. However, privacy parameter values are difficult to choose for two main reasons. First, the upper bound on privacy loss (ϵ,δ) might be loose, depending on the chosen sensitivity and data distribution of practical datasets. Second, legal requirements and societal norms for anonymization often refer to individual identifiability, to which (ϵ,δ) are only indirectly related. We transform (ϵ,δ) to a bound on the Bayesian posterior belief of the adversary assumed by differential privacy concerning the presence of any record in the training dataset. The bound holds for multidimensional queries under composition, and we show that it can be tight in practice. Furthermore, we derive an identifiability bound, which relates the adversary assumed in differential privacy to previous work on membership inference adversaries. We formulate an implementation of this differential privacy adversary that allows data scientists to audit model training and compute empirical identifiability scores and empirical (ϵ,δ).

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

12/24/2019

Assessing differentially private deep learning with Membership Inference

Releasing data in the form of trained neural networks with differential ...
07/31/2018

Subsampled Rényi Differential Privacy and Analytical Moments Accountant

We study the problem of subsampling in differential privacy (DP), a ques...
02/24/2019

When Relaxations Go Bad: "Differentially-Private" Machine Learning

Differential privacy is becoming a standard notion for performing privac...
12/17/2021

Privacy Leakage over Dependent Attributes in One-Sided Differential Privacy

Providing a provable privacy guarantees while maintaining the utility of...
06/28/2017

Towards Practical Differential Privacy for SQL Queries

Differential privacy promises to enable general data analytics while pro...
01/13/2022

Reconstructing Training Data with Informed Adversaries

Given access to a machine learning model, can an adversary reconstruct t...
01/24/2022

Adversarial Classification under Gaussian Mechanism: Calibrating the Attack to Sensitivity

This work studies anomaly detection under differential privacy with Gaus...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.