new directions in privacy preserving machine learning
play

New Directions in Privacy- preserving Machine Learning Kamalika - PowerPoint PPT Presentation

Jan 19, 2023 •37 likes •957 views

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

  1. New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego

  2. Sensitive Data Medical Records Genetic Data Search Logs

  3. AOL Violates Privacy

  4. AOL Violates Privacy

  5. Netflix Violates Privacy [NS08] Movies% User%1% User%2% User%3% 2-8 movie-ratings and dates for Alice reveals: Whether Alice is in the dataset or not Alice’s other movie ratings

  6. High-dimensional Data is Unique Example: UCSD Employee Salary Table Position Department Gender Ethnicity Salary - Faculty Female CSE SE Asian One employee (Kamalika) fits description!

  7. Simply anonymizing data is unsafe!

  8. Disease Association Studies [WLWTZ09] Cancer Healthy Correlations Correlations Correlation (R 2 values), Alice’s DNA reveals: If Alice is in the Cancer set or Healthy set

  9. Simply anonymizing data is unsafe! Statistics on small data sets is unsafe! Privacy Accuracy Data Size

  10. Correlated Data User information in social networks Physical Activity Monitoring

  11. Why is Privacy Hard for Correlated Data? Neighbor’s information leaks information on user

  12. Talk Agenda: How do we learn from sensitive data while still preserving privacy ? New Directions: 1. Privacy-preserving Bayesian Learning 2. Privacy-preserving statistics on correlated data

  13. Talk Agenda: 1. Privacy for Uncorrelated Data - How to define privacy

  14. Differential Privacy [DMNS06] Randomized Data + Algorithm “similar” Randomized Data + Algorithm Participation of a single person does not change output

  15. Differential Privacy: Attacker’s View Algorithm Prior Conclusion Output on + = Knowledge on Data & Algorithm Prior Conclusion Output on + = Knowledge on Data &

  16. Differential Privacy [DMNS06] S D 1 D 2 Pr[A(D 1 ) in S] Pr[A(D 2 ) in S] For all D 1 , D 2 that differ in one person’s value, any set S, If A = -private randomized algorithm, then: ✏ Pr( A ( D 1 ) ∈ S ) ≤ e ✏ Pr( A ( D 2 ) ∈ S )

  17. Differential Privacy 1. Provably strong notion of privacy 2. Good approximations for many functions e.g, means, histograms, etc.

  18. Interpretation: Attacker’s Hypothesis Test [WZ10, OV13] H0: Input to the algorithm = Data + H1: Input to the algorithm = Data + Failure Events: False Alarm (FA), Missed Detection (MD)

  19. Interpretation: Attacker’s Hypothesis Test [WZ10, OV13] (0, 1) If algorithm is ✏ -DP Pr( FA ) + e ✏ Pr( MD ) ≥ 1 e ✏ Pr( FA ) + Pr( MD ) ≥ 1 ✓ ◆ 1 1 1 + e ✏ , 1 + e ✏ FA = False Alarm MD = Missed Detection (1, 0)

  20. Talk Agenda: 1. Privacy for Uncorrelated Data - How to define privacy - Privacy-preserving Learning

  21. Example 1: Flu Test Predicts flu or not, based on patient symptoms Trained on sensitive patient data

  22. Example 2: Clustering Abortion Data Given data on abortion locations, cluster by location while preserving privacy of individuals

  23. Bayesian Learning

  24. Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ )

  25. Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) + Prior π ( θ )

  26. Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) + Prior π ( θ ) Data X

  27. Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) = + Prior π ( θ ) Data X Posterior p ( θ | X )

  28. Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) = + Prior π ( θ ) Data X Posterior p ( θ | X ) Goal: Output posterior (approx. or samples)

  29. Example: Coin tosses X = { H, T, H, H… } likelihood: Θ = [0, 1] p ( x | θ ) = θ x (1 − θ ) 1 − x

  30. Example: Coin tosses X = { H, T, H, H… } likelihood: Θ = [0, 1] p ( x | θ ) = θ x (1 − θ ) 1 − x + Prior π ( θ ) = 1

  31. Example: Coin tosses X = { H, T, H, H… } likelihood: Θ = [0, 1] p ( x | θ ) = θ x (1 − θ ) 1 − x + Prior Data X π ( θ ) = 1 (h H, t T)

  32. Example: Coin tosses X = { H, T, H, H… } likelihood: Θ = [0, 1] p ( x | θ ) = θ x (1 − θ ) 1 − x = + Posterior Prior Data X π ( θ ) = 1 p ( θ | x ) ∝ θ h (1 − θ ) t (h H, t T)

  33. Example: Coin tosses X = { H, T, H, H… } likelihood: Θ = [0, 1] p ( x | θ ) = θ x (1 − θ ) 1 − x = + Posterior Prior Data X π ( θ ) = 1 p ( θ | x ) ∝ θ h (1 − θ ) t (h H, t T) In general, is more complex (classifiers, etc) θ

  34. Private Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) = + Prior π ( θ ) Data X Posterior p ( θ | X )

  35. Private Bayesian Learning } Data X = { x 1 , x 2 , … } Related through Model Class Θ likelihood p ( x | θ ) = + Prior π ( θ ) Data X Posterior p ( θ | X ) Goal: Output private approx. to posterior

  36. How to make posterior private? Option 1: Direct posterior sampling [Detal14] Not private unless under restrictive conditions p ( θ | D ) p ( θ | D 0 )

  37. How to make posterior private? Option 2: Sample from truncated posterior at high temperature [WFS15] Disadvantage: Intractable - technically privacy only on convergence Needs more data/subjects

  38. Our Work: Exponential Families Exponential family distributions: p ( x | θ ) = h ( x ) e θ > T ( x ) − A ( θ ) where T is a sufficient statistic Includes many common distributions like Gaussians, Binomials, Dirichlets, Betas, etc

  39. Properties of Exponential Families Exponential families have conjugate priors = + Prior π ( θ ) Data X Posterior p ( θ | X ) is in the same distribution class as π ( θ ) p ( θ | x ) eg, Gaussians-Gaussians, Beta-Binomial, etc

  40. Sampling from Exponential Families (Non-private) posterior comes from exp. family: p ( θ | x ) ∝ e η ( θ ) > ( P i T ( x i )) − B ( θ ) given data x 1 , x 2 , … Private Sampling: 1. If T is bounded, add noise to to get private X T ( x i ) version T’ i 2. Sample from the perturbed posterior: p ( θ | x ) ∝ e η ( θ ) > T 0 − B ( θ )

  41. Performance • Theoretical Guarantees • Experiments

  42. Theoretical Guarantees Performance Measure: Asymptotic Relative Efficiency (Lower = more sample efficient for large n) Non-private: 2 Our Method: 2 [WFS15]: max(2 , 1 + 1 / ✏ )

  43. Experiments - Task Task: Time series clustering of events in Wikileaks war logs while preserving event-level privacy Data: War-log entries - Afghanistan (75K), Iraq (390K) Goal: Cluster entries in each region based on features (casualty counts, enemy/friendly fire, explosive hazards, etc…)

  44. Experiments - Model Hidden Markov Model for each region h t … Hidden state Observed features … x t Discrete states (h t ) and observations (x t ) Transition parameters T: T ij = P(h t+1 = i | h t = j) Emission parameters O: where O ij = P(x t = i | h t = j) Goal: Sample from posterior P(O| data) (in the exponential family)

  45. Experiments - Results 4 5 − 3.5 x 10 − 1.5 x 10 − 4 − 2 − 4.5 Non − private HMM − 2.5 Non − private naive Bayes − 5 Test − set log − likelihood Test − set log − likelihood Laplace mechanism HMM − 5.5 OPS HMM (truncation multiplier = 100) − 3 − 6 − 3.5 − 6.5 − 7 − 4 Non − private HMM − 7.5 Non − private naive Bayes − 4.5 − 8 Laplace mechanism HMM OPS HMM (truncation multiplier = 100) − 5 − 8.5 − 1 0 1 − 1 0 1 10 10 10 10 10 10 Epsilon (total) Epsilon (total) Afghanistan Iraq

  46. State 2 Iraq State 1 Iraq 0.05 0.15 0.25 0.05 0.15 0.25 0.1 0.2 0.3 0.1 0.2 0 0 criminal event criminal event enemy action enemy action explosive hazard explosive hazard friendly action friendly action Experiments - States friendly fire friendly fire non − combat event combat event other other suspicious incident suspicious incident threat report threat report 0.005 0.015 0.005 0.015 0.025 0.01 0.02 0.01 0.02 0 0 cache found/cleared ied explosion ied found/cleared direct fire ied explosion ied found/cleared direct fire murder detain indirect fire escalation of force detain indirect fire search and attack small arms threat cache found/cleared raid raid murder counter mortar patrol 0.05 0.15 0.25 0.05 0.15 0.1 0.2 0.1 0.2 0 0 friendly and host casualties friendly and host casualties civilian casualties civilian casualties enemy casualties enemy casualties

  47. Experiments - Clustering MND − BAGHDAD State 2 MND − C Region code MND − N MND − SE State 1 MNF − W Jan 2004 Jan 2005 Jan 2006 Surge announced Jan 2008 Peak troops Month

  48. Conclusion New method for private posterior sampling from exponential families Open Problems: 1. Private sampling from more complex posteriors 2. Private versions of other Bayesian posterior approximation schemes (variational Bayes, etc) 3. Combining Bayesian inference with more relaxed forms of DP (eg, concentrated DP , distributional DP , etc)

  49. Talk Agenda: 1. Privacy for Uncorrelated Data - How to define privacy - Privacy-preserving Bayesian Learning 2. Privacy for Correlated Data

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU,

Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU,

Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU, CryptoLab) Thanks to YongSoo Song, Kiwoo Lee, Andrey KIM Outline 1. Homomorphic Encryption 2. HEAAN 3. Bootstrapping of HEAAN 4. Toolkit for

981 views • 50 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith

BLAZE: BLAZING FAST PRIVACY-PRESERVING MACHINE LEARNING ARPITA PATRA AND AJITH SURESH Ajith Suresh CrIS Lab, IISc https://www.csa.iisc.ac.in/~cris Outline q Secure Multi-party Computation (MPC) q MPC for small number of parties (3PC) q Our

2.46k views • 53 slides
Privacy-preserving Neural Representations of Text Maximin Coavoux Shashi Narayan Shay B.

Privacy-preserving Neural Representations of Text Maximin Coavoux Shashi Narayan Shay B.

Privacy-preserving Neural Representations of Text Maximin Coavoux Shashi Narayan Shay B. Cohen University of Edinburgh ILCC EMNLP 2018 Brussels 1 / 15 Context: Privacy and Neural Networks Machine learning uses data (e.g. UGC)

481 views • 19 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for Machine Learning Graphics Adopted from The New York Times Privacy Project 2 Famous incidents - Anonymization - A Face Is Exposed for AOL

1.03k views • 7 slides
PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien

Innovation Centre PINFER: PRIVACY-PRESERVING INFERENCE DPM 2019 Luxembourg Sep. 26, 2019 Marc Joye Fabien Petitcolas MACHINE LEARNING AS A SERVICE GENERIC MODEL result Client Cloud (Server) 1 exchange of messages c 2019 OneSpan

588 views • 16 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
privacy-preserving decentralized learning of personalized models and collaboration graphs

privacy-preserving decentralized learning of personalized models and collaboration graphs

privacy-preserving decentralized learning of personalized models and collaboration graphs Aurlien Bellet (Inria) Includes work with: M. Tommasi, P. Vanhaesebrouck (University of Lille & Inria) R. Guerraoui, M. Taziki (EPFL) V. Zantedeschi

376 views • 33 slides
Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Machine Learning and Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine learning, we need data. What if the data contains sensitive information? medical data, web search query data, salary data,

725 views • 15 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a concern in ML? Patient History Genetic Data Search History Famous incidents - Anonymization - A Face Is Exposed for AOL Searcher No.

1.51k views • 17 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan When did consumers become concerned about privacy and computing? From Understanding Privacy Concerns (1992) A 1990 Louis Harris survey commissioned

443 views • 30 slides
FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare

FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare

FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare Yeting Guo, Zhiping Cai, Nong Xiao: National University of Defense Technology Fang Liu: Sun Yat-Sen University Li Chen: University of Louisiana at

247 views • 20 slides
Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity Machine Learning for Compressive Privacy Professor S.Y. Kung Email: kung@princeton.edu References: `Kernel Method and Machine

1.79k views • 142 slides
PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis

PRIVACY-PRESERVING PROCESSING OF RAW GENOMIC DATA Er Erman Ay man Ayday day , Jean Louis Raisaro, Urs Hengartner, Adam Molyneaux and Jean-Pierre Hubaux SEPTEMBER 2013 Raw data (short reads) Sequencing Samples machine SAM file 3 billion

555 views • 26 slides
CS345a: Data Mining Jure Leskovec and Anand Rajaraman j Stanford University Instead of generic

CS345a: Data Mining Jure Leskovec and Anand Rajaraman j Stanford University Instead of generic

CS345a: Data Mining Jure Leskovec and Anand Rajaraman j Stanford University Instead of generic popularity can we measure Instead of generic popularity, can we measure popularity within a topic? E.g., computer science, health Bias the

624 views • 49 slides
Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support

Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support

Health Coverage for your County Jails Pretrial Population Thursday, February 23, 2012 Support for this webinar was provided by the Public Welfare Foundation Webinar Agenda Speakers Sarah Somers, Managing Attorney, National Health Law

476 views • 45 slides
Mamoudou Gazibo Professor of political science 1 Introduction I- China in Africa : past and

Mamoudou Gazibo Professor of political science 1 Introduction I- China in Africa : past and

Mamoudou Gazibo Professor of political science 1 Introduction I- China in Africa : past and present II- China and the development aid landscape III- Impact on democracy revisited Conclusions 2 Source : IMF - 1979 : China launched its

329 views • 20 slides
IMPACT OF COVID -19 ON IPPF OPERATIONS COVID -19 & SRHR Landscape 121 countries 6

IMPACT OF COVID -19 ON IPPF OPERATIONS COVID -19 & SRHR Landscape 121 countries 6

IMPACT OF COVID -19 ON IPPF OPERATIONS COVID -19 & SRHR Landscape 121 countries 6 continents DECREASED ACCESS March 28-31 2020 Online survey in 3 languages Round 1 analysis complete additional in-depth LIMITED DECREASED

478 views • 4 slides
2020 Convening & Collaborating / 2020 Reach Competition Information Session Shannon Tolleson

2020 Convening & Collaborating / 2020 Reach Competition Information Session Shannon Tolleson

2020 Convening & Collaborating / 2020 Reach Competition Information Session Shannon Tolleson | Coordinator, Research Competitions Yuliya Shapova | Coordinator, Research Competitions Info Session Agenda Program Highlights Review

608 views • 23 slides
What is Quality? Workshop on Quality Assurance and Quality Measurement for Language and Speech

What is Quality? Workshop on Quality Assurance and Quality Measurement for Language and Speech

What is Quality? Workshop on Quality Assurance and Quality Measurement for Language and Speech Resources Christopher Cieri Linguistic Data Consortium { ccieri}@ldc.upenn.edu LREC2006: The 5 th Language Resource and Evaluation Conference,

804 views • 52 slides
T o p 10ish Wo me n s He a lth o r to pic s in the ne ws Mo stly g yn, a little o b

T o p 10ish Wo me n s He a lth o r to pic s in the ne ws Mo stly g yn, a little o b

Pre vie w Artic le s tha t mig ht c ha ng e pra c tic e T o p 10ish Wo me n s He a lth o r to pic s in the ne ws Mo stly g yn, a little o b Artic le s o f 2015-16 Bre a d a nd b utte r: me no pa use , dyspla sia , c o ntra c

308 views • 12 slides
Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R ,

Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R ,

Short-Term Certificates D R A F T - I E T F - A C M E - S T A R - 0 0 Y A R O N S H E F F E R , D I E G O L O P E Z , T H O M A S F O S S A T I , O S C A R G O N Z A L E Z D E D I O S , A N T O N I O P A S T O R P E R A L E S I E T F

479 views • 9 slides

More recommend