Bounding Training Data Reconstruction in Private (Deep) Learning

Add code
Jan 28, 2022
Chuan Guo, Brian Karrer, Kamalika Chaudhuri, Laurens van der Maaten
Figure 1 for Bounding Training Data Reconstruction in Private (Deep) Learning
Figure 2 for Bounding Training Data Reconstruction in Private (Deep) Learning
Figure 3 for Bounding Training Data Reconstruction in Private (Deep) Learning
Figure 4 for Bounding Training Data Reconstruction in Private (Deep) Learning

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Differential privacy is widely accepted as the de facto method for preventing data leakage in ML, and conventional wisdom suggests that it offers strong protection against privacy attacks. However, existing semantic guarantees for DP focus on membership inference, which may overestimate the adversary's capabilities and is not applicable when membership status itself is non-sensitive. In this paper, we derive the first semantic guarantees for DP mechanisms against training data reconstruction attacks under a formal threat model. We show that two distinct privacy accounting methods -- Renyi differential privacy and Fisher information leakage -- both offer strong semantic protection against data reconstruction attacks.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon