Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 - - PowerPoint PPT Presentation

Privacy in Machine Learning

Fatemehsadat Mireshghallah ICLR2020

Privacy: A Major Concern for Machine Learning

2

Graphics Adopted from The New York Times Privacy Project

Famous incidents - Anonymization

• “A

Face Is Exposed for AOL Searcher No. 4417749” [Barbaro & Zeller ’06]

• “Robust De-anonymization of Large Datasets

(How to Break Anonymity

• f

the Netflix Prize Dataset)”[Narayanan & Shmatikov ’08]

• “Matching Known Patients to Health Records in

Washington State Data” [Sweeney ’13]

Machine Learning Models that Remember Too Much [Song’17]

Membership Inference Attacks Against Machine Learning Models [Shokri’17] Practical Black-Box Attacks against Machine Learning [Papernot’17] Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures [Fredrikson’15]

Privacy Protection: A Timeline

5

Data Aggregation Privacy [Sweeney et

al.’02, Dwork et al. ’06]

DNN Training Privacy [Shokri

& Shmatikov’ 15, Abadi et al.’16]

DNN Inference Privacy

[Mireshghallah et

• al. 20, Juvekar et

al.’18]

5000+ Papers 900+ Papers ~30 Papers GDPR: General Data Protection Regulation CCPA: California Consumer Privacy Act

2002 2016 2020 2018 2006 2011

600+ Papers

Machine Learning Privacy

[Chaudhuri et al.’11]

11

Privacy-Enhancing Execution Models

6

These are execution models and environments that help enhance privacy and are not by themselves privacy-preserving.

Federated Learning [McMahan et al.’17] Split Learning [Gupta & Raskar ’18] Trusted Execution Environment

You can find the list of papers mentioned, and more related papers in this link:

https://tinyurl.com/paperlist-ppml