Quantifying identifiability to choose and audit epsilon in differentially private deep learning
Differential privacy allows bounding the influence that training data records have on a machine learning model. To use differential privacy in machine learning, data scientists must choose privacy parameters (epsilon, delta). Choosing meaningful privacy parameters is key, since models trained with w...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Dokumenttyp: | Article (Journal) |
| Sprache: | Englisch |
| Veröffentlicht: |
28 October 2021
|
| In: |
Proceedings of the VLDB Endowment
Year: 2021, Jahrgang: 14, Heft: 13, Pages: 3335-3347 |
| ISSN: | 2150-8097 |
| DOI: | 10.14778/3484224.3484231 |
| Online-Zugang: | Verlag, lizenzpflichtig, Volltext: https://doi.org/10.14778/3484224.3484231
|
| Verfasserangaben: | Daniel Bernau, Günther Eibl, Philip W. Grassal, Hannah Keller, Florian Kerschbaum |
MARC
| LEADER | 00000caa a2200000 c 4500 | ||
|---|---|---|---|
| 001 | 1789063205 | ||
| 003 | DE-627 | ||
| 005 | 20220820124511.0 | ||
| 007 | cr uuu---uuuuu | ||
| 008 | 220209s2021 xx |||||o 00| ||eng c | ||
| 024 | 7 | |a 10.14778/3484224.3484231 |2 doi | |
| 035 | |a (DE-627)1789063205 | ||
| 035 | |a (DE-599)KXP1789063205 | ||
| 035 | |a (OCoLC)1341439591 | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rda | ||
| 041 | |a eng | ||
| 084 | |a 28 |2 sdnb | ||
| 100 | 1 | |a Bernau, Daniel |e VerfasserIn |0 (DE-588)1251423493 |0 (DE-627)1789065690 |4 aut | |
| 245 | 1 | 0 | |a Quantifying identifiability to choose and audit epsilon in differentially private deep learning |c Daniel Bernau, Günther Eibl, Philip W. Grassal, Hannah Keller, Florian Kerschbaum |
| 264 | 1 | |c 28 October 2021 | |
| 300 | |a 13 | ||
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a Computermedien |b c |2 rdamedia | ||
| 338 | |a Online-Ressource |b cr |2 rdacarrier | ||
| 500 | |a Gesehen am 09.02.2022 | ||
| 520 | |a Differential privacy allows bounding the influence that training data records have on a machine learning model. To use differential privacy in machine learning, data scientists must choose privacy parameters (epsilon, delta). Choosing meaningful privacy parameters is key, since models trained with weak privacy parameters might result in excessive privacy leakage, while strong privacy parameters might overly degrade model utility. However, privacy parameter values are difficult to choose for two main reasons. First, the theoretical upper bound on privacy loss (epsilon, delta) might be loose, depending on the chosen sensitivity and data distribution of practical datasets. Second, legal requirements and societal norms for anonymization often refer to individual identifiability, to which (epsilon, delta) are only indirectly related. We transform (epsilon, delta) to a bound on the Bayesian posterior belief of the adversary assumed by differential privacy concerning the presence of any record in the training dataset. The bound holds for multidimensional queries under composition, and we show that it can be tight in practice. Furthermore, we derive an identifiability bound, which relates the adversary assumed in differential privacy to previous work on membership inference adversaries. We formulate an implementation of this differential privacy adversary that allows data scientists to audit model training and compute empirical identifiability scores and empirical (epsilon, delta). | ||
| 650 | 4 | |a composition theorem | |
| 700 | 1 | |a Eibl, Günther |e VerfasserIn |4 aut | |
| 700 | 1 | |a Grassal, Philip-William |e VerfasserIn |0 (DE-588)1251424066 |0 (DE-627)1789066859 |4 aut | |
| 700 | 1 | |a Keller, Hannah |e VerfasserIn |4 aut | |
| 700 | 1 | |a Kerschbaum, Florian |e VerfasserIn |4 aut | |
| 773 | 0 | 8 | |i Enthalten in |a VLDB Endowment |t Proceedings of the VLDB Endowment |d [New York, NY] : Assoc. of Computing Machinery, 2008 |g 14(2021), 13, Seite 3335-3347 |h Online-Ressource |w (DE-627)591517426 |w (DE-600)2478691-3 |w (DE-576)30297220X |x 2150-8097 |7 nnas |
| 773 | 1 | 8 | |g volume:14 |g year:2021 |g number:13 |g pages:3335-3347 |g extent:13 |a Quantifying identifiability to choose and audit epsilon in differentially private deep learning |
| 856 | 4 | 0 | |u https://doi.org/10.14778/3484224.3484231 |x Verlag |x Resolving-System |z lizenzpflichtig |3 Volltext |
| 951 | |a AR | ||
| 992 | |a 20220209 | ||
| 993 | |a Article | ||
| 994 | |a 2021 | ||
| 998 | |g 1251424066 |a Grassal, Philip-William |m 1251424066:Grassal, Philip-William |d 700000 |d 708070 |e 700000PG1251424066 |e 708070PG1251424066 |k 0/700000/ |k 1/700000/708070/ |p 3 | ||
| 999 | |a KXP-PPN1789063205 |e 4054756913 | ||
| BIB | |a Y | ||
| SER | |a journal | ||
| JSO | |a {"origin":[{"dateIssuedKey":"2021","dateIssuedDisp":"28 October 2021"}],"id":{"eki":["1789063205"],"doi":["10.14778/3484224.3484231"]},"name":{"displayForm":["Daniel Bernau, Günther Eibl, Philip W. Grassal, Hannah Keller, Florian Kerschbaum"]},"physDesc":[{"extent":"13 S."}],"relHost":[{"disp":"VLDB EndowmentProceedings of the VLDB Endowment","note":["Gesehen am 19.06.2020"],"type":{"bibl":"periodical","media":"Online-Ressource"},"language":["eng"],"corporate":[{"roleDisplay":"VerfasserIn","display":"VLDB Endowment","role":"aut"}],"recId":"591517426","pubHistory":["1.2008 -"],"part":{"issue":"13","pages":"3335-3347","year":"2021","extent":"13","text":"14(2021), 13, Seite 3335-3347","volume":"14"},"titleAlt":[{"title":"VLDB Endowment"},{"title":"PVLDB"}],"title":[{"title_sort":"Proceedings of the VLDB Endowment","title":"Proceedings of the VLDB Endowment"}],"physDesc":[{"extent":"Online-Ressource"}],"origin":[{"dateIssuedDisp":"2008-","publisher":"Assoc. of Computing Machinery","dateIssuedKey":"2008","publisherPlace":"[New York, NY]"}],"id":{"issn":["2150-8097"],"eki":["591517426"],"zdb":["2478691-3"]}}],"title":[{"title":"Quantifying identifiability to choose and audit epsilon in differentially private deep learning","title_sort":"Quantifying identifiability to choose and audit epsilon in differentially private deep learning"}],"person":[{"family":"Bernau","given":"Daniel","display":"Bernau, Daniel","roleDisplay":"VerfasserIn","role":"aut"},{"family":"Eibl","given":"Günther","display":"Eibl, Günther","roleDisplay":"VerfasserIn","role":"aut"},{"roleDisplay":"VerfasserIn","display":"Grassal, Philip-William","role":"aut","family":"Grassal","given":"Philip-William"},{"roleDisplay":"VerfasserIn","display":"Keller, Hannah","role":"aut","family":"Keller","given":"Hannah"},{"family":"Kerschbaum","given":"Florian","roleDisplay":"VerfasserIn","display":"Kerschbaum, Florian","role":"aut"}],"note":["Gesehen am 09.02.2022"],"type":{"bibl":"article-journal","media":"Online-Ressource"},"recId":"1789063205","language":["eng"]} | ||
| SRT | |a BERNAUDANIQUANTIFYIN2820 | ||