enhancing privacy in machine learning
play

Enhancing Privacy in Machine Learning Mathias Humbert INSA - PowerPoint PPT Presentation

Jan 08, 2024 •520 likes •1.04k views

Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22, 2019 Enhancing Privacy in Machine Learning data ML What ML? What data? What threat? Mathias Humbert - Enhancing Privacy in Machine Learning

  1. Enhancing Privacy in Machine Learning Mathias Humbert INSA Toulouse/CNRS Toulouse, January 22, 2019

  2. Enhancing Privacy in Machine Learning data ML What ML? What data? What threat? Mathias Humbert - Enhancing Privacy in Machine Learning � 2

  3. Different Attacks: Linkability Robert Alice Marius Eve Ability to link at least two records concerning the same individual If one data set is not anonymized → re-identification Mathias Humbert - Enhancing Privacy in Machine Learning � 3

  4. Different Attacks: Membership Inference Study focusing on 
 HIV patients ? (x,y,z) Ability to infer that a certain target is in a specific dataset Mathias Humbert - Enhancing Privacy in Machine Learning � 4

  5. Trading Off Privacy Privacy Utility ML E ffi ciency What ML? What data? What threat? What defense? Mathias Humbert - Enhancing Privacy in Machine Learning � 5

  6. Different Defense Mechanisms Privacy Utility ML E ffi ciency Anonymization Randomization Differential privacy Cryptography Mathias Humbert - Enhancing Privacy in Machine Learning � 6

  7. Outline of the Talk • Attack - defense - data • Temporal linkability - randomization - microRNA expression ℝ r r ≈ 10 3 USENIX Security’16 • • Re-identification - cryptography - DNA methylation IEEE S&P’17 [0,1] m m ≈ 10 7 • • Membership inference - other defense - any data NDSS'19 • Mathias Humbert - Enhancing Privacy in Machine Learning � 7

  8. Outline of the Talk • Attack - defense - data • Temporal linkability - randomization - microRNA expression USENIX Security’16 • • Re-identification - cryptography - DNA methylation IEEE S&P’17 • • Membership inference - other defense - any data NDSS'19 • Mathias Humbert - Enhancing Privacy in Machine Learning � 8

  9. DNA versus MicroRNA DNA miRNA contains blueprint of what a cell regulates what a cell really • • potentially can do , does , is (mostly) fixed over time , expression changes over time , • • can hint on risks of getting a can tell whether you carry a • • disease . disease . Common belief: no privacy threats from miRNAs, 
 because of temporal variability Mathias Humbert - Enhancing Privacy in Machine Learning � 9

  10. Temporal Linkability Attack • Matching two datasets E.g., a leaked database (incl. name) and public DB (excl. name) • Which sample from t 1 corresponds to which sample from t 2 ? • t 1 t 2 Mathias Humbert - Enhancing Privacy in Machine Learning � 10

  11. Data Pre-processing • High dimensionality: 1,189 miRNAs per sample Possibly correlated and uninteresting components • r t j k • PCA + whitening provides Unit variance • PCA Smaller dimensionality • Uncorrelated components • • Condenses data into a set of smaller dimensions 
 r t j ¯ k with minimal information loss Mathias Humbert - Enhancing Privacy in Machine Learning � 11

  12. Linkability Attack t 2 t 1 Which sample from t 1 corresponds to which sample from t 2 ? r t 2 r t 1 � � � ¯ i − ¯ r t 1 � r t 2 k 2 k i n � � σ ∗ = arg min X r t 2 r t 1 � ¯ σ ( i ) − ¯ � � i � 2 σ i =1 { r t 1 i } n i =1 { r t 2 i } n i =1 Mathias Humbert - Enhancing Privacy in Machine Learning � 12

  13. Linkability Attack t 2 t 1 σ Which sample from t 1 corresponds to which sample from t 2 ? r t 2 r t 1 � � � ¯ i − ¯ r t 1 � r t 2 k 2 k i n � � σ ∗ = arg min X r t 2 r t 1 � ¯ σ ( i ) − ¯ � � i � 2 σ i =1 { r t 1 i } n i =1 { r t 2 i } n i =1 Time complexity: O(n 3 ) Mathias Humbert - Enhancing Privacy in Machine Learning � 13

  14. Athletes Dataset Participants: 29 Points in time: 2 (before and after exercising) Time period: 1 week Disease: none 1,189 miRNAs per sample taken from blood and plasma • Mathias Humbert - Enhancing Privacy in Machine Learning � 14

  15. Lung Cancer Dataset Participants: 26 (huge for a longitudinal study!) Points in time: 8 Time period: 18 months Disease: lung cancer 1,189 miRNAs per sample taken from plasma • before surgery after surgery months -? 0 3 6 9 12 15 18 Mathias Humbert - Enhancing Privacy in Machine Learning � 15

  16. Linkability Attack – Results 55% 90% 29% 48% number of PCA dimensions number of PCA dimensions success up to 90% 
 for blood-based samples Mathias Humbert - Enhancing Privacy in Machine Learning � 16

  17. Linkability Attack – Results How does the success change 
 with larger datasets ? Success decreases sharply 
 for plasma-based samples, but decreases linearly 
 for blood-based samples. Mathias Humbert - Enhancing Privacy in Machine Learning � 17

  18. Outline of the Talk • Attack - defense - data • Temporal linkability - randomization - microRNA expression USENIX Security’16 • • Re-identification - cryptography - DNA methylation IEEE S&P’17 • • Membership inference - other defense - any data NDSS'19 • Mathias Humbert - Enhancing Privacy in Machine Learning � 18

  19. Defense Mechanisms • Hiding non-relevant miRNA expressions Sometimes, randomization is not an option • E.g., for making a diagnosis in a hospital • Caution: correlations between miRNAs • • Randomizing the miRNA expression profiles Adding noise in a fully distributed, differentially-private manner 
 • → providing epigeno-indistinguishability (inspired by [1]) Noise drawn according to multivariate Laplacian mechanism • E.g., for publishing a dataset used in a study • [1] Chatzikokolakis et al. Broadening the scope of di ff erential privacy using metrics , PETS, 2013 
 Mathias Humbert - Enhancing Privacy in Machine Learning � 19

  20. Privacy-Utility Trade-Off Privacy: prevent linkability of samples Utility: preserve accuracy of classification as diseased / healthy , 
 usually using a radial SVM classifier disease miRNA 2 miRNA 1 Mathias Humbert - Enhancing Privacy in Machine Learning � 20

  21. Privacy-Utility Trade-Off Privacy: prevent linkability of samples Utility: preserve accuracy of classification as diseased / healthy , 
 usually using a radial SVM classifier disease miRNA 2 miRNA 1 Mathias Humbert - Enhancing Privacy in Machine Learning � 21

  22. Privacy-Utility Trade-Off Privacy: prevent linkability of samples Utility: preserve accuracy of classification as diseased / healthy , 
 usually using a radial SVM classifier Another dataset for exploring utility: 1000+ participants, 19 diseases, 1 time point Mathias Humbert - Enhancing Privacy in Machine Learning � 22

  23. Hiding miRNAs – Results <80% <100 miRNAs Mathias Humbert - Enhancing Privacy in Machine Learning � 23

  24. Hiding miRNAs – Results accuracy 99,2% Mathias Humbert - Enhancing Privacy in Machine Learning � 24

  25. Hiding miRNAs – Results attacker’s success rate Mathias Humbert - Enhancing Privacy in Machine Learning � 25

  26. Hiding miRNAs – Results 99,2% Mathias Humbert - Enhancing Privacy in Machine Learning � 26

  27. Hiding miRNAs – Results 99,2 Trade-off at 7 miRNAs Attack success decreased (relative to all) 
 by 54% SVM accuracy decreased (relative to max) 
 by only 1% Mathias Humbert - Enhancing Privacy in Machine Learning � 27

  28. Hiding miRNAs – Results 92,7% Mathias Humbert - Enhancing Privacy in Machine Learning � 28

  29. Hiding miRNAs – Results Trade-off at 4 miRNAs 92,7 Success decreases (relative to all) 
 by 80% Accuracy decreases (relative to max) 
 by only 1% Mathias Humbert - Enhancing Privacy in Machine Learning � 29

  30. Probabilistic Sanitization – Results 99,2% Mathias Humbert - Enhancing Privacy in Machine Learning � 30

  31. Probabilistic Sanitization – Results 99,2% 99,2% Mathias Humbert - Enhancing Privacy in Machine Learning � 31

  32. Probabilistic Sanitization – Results Suitable balance at ℇ =0.025 99,2% Attack success decreased (relative to all) 
 by 63% SVM accuracy decreased (relative to max) 
 by only 0.65% Mathias Humbert - Enhancing Privacy in Machine Learning � 32

  33. Probabilistic Sanitization – Results 96,9% Mathias Humbert - Enhancing Privacy in Machine Learning � 33

  34. Probabilistic Sanitization – Results 96,9% Trade-off at ℇ =0.01 Success decreases (relative to all) 
 by 70% Accuracy decreases (relative to max) 
 by only 0.2% Mathias Humbert - Enhancing Privacy in Machine Learning � 34

  35. Outline of the Talk • Attack - defense - data type • Temporal linkability - randomization - microRNA expression USENIX Security’16 • • Re-identification - cryptography - DNA methylation IEEE S&P’17 • • Membership inference - other defense - any data NDSS'19 • Mathias Humbert - Enhancing Privacy in Machine Learning � 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for Machine Learning Graphics Adopted from The New York Times Privacy Project 2 Famous incidents - Anonymization - A Face Is Exposed for AOL

1.03k views • 7 slides
Part II: Enhancing ATPs with Machine Learning Course Machine Learning and Reasoning 2020 MLR 2020

Part II: Enhancing ATPs with Machine Learning Course Machine Learning and Reasoning 2020 MLR 2020

Automated Strategy Invention ENIGMA: Efficient Inference Guidance Machine Part II: Enhancing ATPs with Machine Learning Course Machine Learning and Reasoning 2020 MLR 2020 1 1 Czech Technical Univeristy in Prague (CIIRC) April 3, 2020 1/56

812 views • 68 slides
PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. &quot;Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Machine Learning and Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine learning, we need data. What if the data contains sensitive information? medical data, web search query data, salary data,

725 views • 15 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a concern in ML? Patient History Genetic Data Search History Famous incidents - Anonymization - A Face Is Exposed for AOL Searcher No.

1.51k views • 17 slides
ENHANCING DRUG DEVELOPMENT THROUGH ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING ISCTM ANNUAL

ENHANCING DRUG DEVELOPMENT THROUGH ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING ISCTM ANNUAL

ENHANCING DRUG DEVELOPMENT THROUGH ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING ISCTM ANNUAL MEETING, 19 FEBRUARY 2020, WASHINGTON, DC ENHANCING DRUG DEVELOPMENT THROUGH ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING Employee of Koneksa Health

632 views • 6 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan When did consumers become concerned about privacy and computing? From Understanding Privacy Concerns (1992) A 1990 Louis Harris survey commissioned

443 views • 30 slides
Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity Machine Learning for Compressive Privacy Professor S.Y. Kung Email: kung@princeton.edu References: `Kernel Method and Machine

1.79k views • 142 slides
Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and Privacy Lead, Humu Who am I? Storage systems Ph.D. from UCSC Post-doc in a databases group Joined Symantec Research Labs.

286 views • 25 slides
Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Lus Rodrigues &amp; Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys

395 views • 15 slides
Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies

Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies

Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Privacy-Aware Machine Learning Systems Borja Balle Data is the New Oil The Economist, May 2017

Privacy-Aware Machine Learning Systems Borja Balle Data is the New Oil The Economist, May 2017

Privacy-Aware Machine Learning Systems Borja Balle Data is the New Oil The Economist, May 2017 The Importance of (Data) Privacy 4.5.2016 Official Journal of the European Union L 119/1 EN Universal declaration of human rights

605 views • 36 slides
Learning Where to Look and Listen: Egocentric and 360 Computer Vision Kristen Grauman Facebook

Learning Where to Look and Listen: Egocentric and 360 Computer Vision Kristen Grauman Facebook

Learning Where to Look and Listen: Egocentric and 360 Computer Vision Kristen Grauman Facebook AI Research University of Texas at Austin Visual recognition: significant recent progress Big labeled Deep learning datasets ImageNet top-5

1k views • 61 slides
Knowledge-Based Reasoning in Computer Vision CSC 2539 Paul Vicol Outline Knowledge Bases

Knowledge-Based Reasoning in Computer Vision CSC 2539 Paul Vicol Outline Knowledge Bases

Knowledge-Based Reasoning in Computer Vision CSC 2539 Paul Vicol Outline Knowledge Bases Motivation Knowledge-Based Reasoning in Computer Vision Visual Question Answering Image Classification Knowledge Bases

636 views • 49 slides
Discriminative Bimodal Networks for Visual Localization and Detection with Natural Language

Discriminative Bimodal Networks for Visual Localization and Detection with Natural Language

Discriminative Bimodal Networks for Visual Localization and Detection with Natural Language Queries Yuting Zhang , Luyao Yuan, Yijie Guo, Zhiyuan He, I - An Huang, Honglak Lee University of Michigan, Ann Arbor Detection with natural language

336 views • 9 slides
Review Session I CS 466 Wesley Wei Qian March 10th 2020 Midterm Exam This Thursday!

Review Session I CS 466 Wesley Wei Qian March 10th 2020 Midterm Exam This Thursday!

Review Session I CS 466 Wesley Wei Qian March 10th 2020 Midterm Exam This Thursday! 03/12 class time Different building! Nature History Building Room 2079 Topics Topics we have covered: Molecular Biology

597 views • 37 slides
Algorithms in Bioinformatics: A Practical Introduction Motif Finding Composition of our genome

Algorithms in Bioinformatics: A Practical Introduction Motif Finding Composition of our genome

Algorithms in Bioinformatics: A Practical Introduction Motif Finding Composition of our genome Genome contains Protein coding genes However, it only covers &lt; 2% of the human genome. What are the remaining part? Non-coding

2.34k views • 168 slides
Connecting Images with Natural Language Andrej Karpathy CVPR 2016. Deep Vision workshop. July 1,

Connecting Images with Natural Language Andrej Karpathy CVPR 2016. Deep Vision workshop. July 1,

Connecting Images with Natural Language Andrej Karpathy CVPR 2016. Deep Vision workshop. July 1, 2016 Visual domain Domain of Natural Language [Cho et al. 2014] Connecting Images and Natural Language A man sitting on A person sitting on a

1.67k views • 119 slides
Unseen Patterns: Using Latent-Variable Models for Natural Language Shay Cohen Institute for

Unseen Patterns: Using Latent-Variable Models for Natural Language Shay Cohen Institute for

Unseen Patterns: Using Latent-Variable Models for Natural Language Shay Cohen Institute for Language, Cognition and Computation School of Informatics University of Edinburgh July 13, 2017 Thanks to... Natural Language Processing Main

936 views • 82 slides
Construction of Goal Association Graphs from Search Query Logs Christian Krner MSc student

Construction of Goal Association Graphs from Search Query Logs Christian Krner MSc student

TU Graz Knowledge Management Institute Construction of Goal Association Graphs from Search Query Logs Christian Krner MSc student Graz University of Technology Graz, May 21 st , 2008 Christian Krner Construction of Goal Association

221 views • 21 slides

More recommend