Not one but many tradeoffs: privacy vs. utility in differentially private machine learning

Benjamin Zi Hao Zhao, Mohamed Ali Kaafar, Nicolas Kourtellis

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

15 Citations (Scopus)

Abstract

Data holders are increasingly seeking to protect their user's privacy, whilst still maximizing their ability to produce machine learning (ML) models with high quality predictions. In this work, we empirically evaluate various implementations of differential privacy (DP), and measure their ability to fend off real-world privacy attacks, in addition to measuring their core goal of providing accurate classifications. We establish an evaluation framework to ensure each of these implementations are fairly evaluated. Our selection of DP implementations add DP noise at different positions within the framework, either at the point of data collection/release, during updates while training of the model, or after training by perturbing learned model parameters. We evaluate each implementation across a range of privacy budgets and datasets, each implementation providing the same mathematical privacy guarantees. By measuring the models' resistance to real world attacks of membership and attribute inference, and their classification accuracy. We determine which implementations provide the most desirable tradeoff between privacy and utility. We found that the number of classes of a given dataset is unlikely to influence where the privacy and utility tradeoff occurs, a counter-intuitive inference in contrast to the known relationship of increased privacy vulnerability in datasets with more classes. Additionally, in the scenario that high privacy constraints are required, perturbing input training data before applying ML modeling does not trade off as much utility, as compared to noise added later in the ML process.

Original languageEnglish
Title of host publicationCCSW 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop
Place of PublicationNew York, NY
PublisherAssociation for Computing Machinery, Inc
Pages15-26
Number of pages12
ISBN (Electronic)9781450380843
DOIs
Publication statusPublished - 2020
Event11th ACM SIGSAC Conference on Cloud Computing Security Workshop, CCSW 2020 - Virtual, Online, United States
Duration: 9 Nov 20209 Nov 2020

Publication series

NameCCSW 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop

Conference

Conference11th ACM SIGSAC Conference on Cloud Computing Security Workshop, CCSW 2020
Country/TerritoryUnited States
CityVirtual, Online
Period9/11/209/11/20

Keywords

  • attribute inference attack
  • differential privacy attack
  • machine learning
  • membership inference attack
  • privacy
  • privacy attack
  • tradeoff
  • utility

Fingerprint

Dive into the research topics of 'Not one but many tradeoffs: privacy vs. utility in differentially private machine learning'. Together they form a unique fingerprint.

Cite this