A Pragmatic Privacy-Preserving Deep Learning Framework Satisfying Differential Privacy

被引：0

作者：

Dang T.K. ^{[1
]}

Tran-Truong P.T. ^{[1
,2
]}

机构：

[1] Ho Chi Minh City University of Industry and Trade, Ho Chi Minh City

[2] University of Technology, VNU-HCM, Ho Chi Minh City

来源：

SN Computer Science | / 5卷 / 1期

关键词：

Data privacy; Differential privacy; Privacy in deep learning; Trustworthy AI;

D O I：

10.1007/s42979-023-02437-1

中图分类号：

学科分类号：

摘要：

With the increasing use of technology in our daily lives, data privacy has become a critical issue. It is essential to carefully design technologies to ensure the protection of people’s personal information. In fact, what we need are privacy-enhancing technologies (PETs) rather than solely focusing on technologies themselves. Artificial intelligence (AI) and deep learning technologies, which are considered societal locomotives, are no exception. However, AI practitioners usually design and develop without considering privacy concerns. To address this gap, we propose a pragmatic privacy-preserving deep learning framework that is suitable for AI practitioners. Our proposed framework is designed to satisfy differential privacy, a rigorous standard for preserving privacy. It is based on a setting called Private Aggregation of Teacher Ensembles (PATE), in which we have made several improvements to achieve a better level of accuracy and privacy protection. Specifically, we use a differential private aggregation mechanism called sparse vector technique and combine it with several other improvements such as human-in-the-loop and pre-trained models. Our proposed solution demonstrates the possibility of producing privacy-preserving models that approximate ground-truth models with a fixed privacy budget. These models are capable of handling a large number of training requests, making them suitable for deep learning training processes. Furthermore, our framework can be deployed in both centralized and distributed training settings. We hope that our work will encourage AI practitioners to adopt PETs and build technologies with privacy in mind. © 2023, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.

引用

共 38 条

[1] Isaak J., Hanna M.J., User data privacy: facebook, cambridge analytica, and privacy protection, Computer, 51, 8, pp. 56-59, (2018)
[2] Zulkifli A., Tiktok in 2022: revisiting data and privacy, Computer, 55, 6, pp. 77-80, (2022)
[3] 679 of the European Parliament and of the Council, (2016)
[4] Nissim K., Bembenek A., Wood A., Bun M., Gaboardi M., Gasser U., O'Brien D.R., Steinke T., Vadhan S., Bridging the gap between computer science and legal approaches to privacy, Harv JL Tech, 31, pp. 687-780, (2017)
[5] Shokri R., Stronati M., Song C., Shmatikov V., Membership inference attacks against machine learning models, 2017 IEEE Symposium on Security and Privacy (S &P), pp. 3-18, (2017)
[6] Nasr M., Shokri R., Houmansadr A., Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning, 2019 IEEE Symposium on Security and Privacy (S &P), pp. 739-753, (2019)
[7] Ha T., Dang T.K., Le H., Truong T.A., Security and privacy issues in deep learning: a brief review, SN Comput Sci, 1, 5, (2020)
[8] Dang T.K., Truong P.T.T., Tran P.T., Data poisoning attack on deep neural network and some defense methods, 2020 International Conference on Advanced Computing and Applications (ACOMP), pp. 15-22, (2020)
[9] Dwork C., Roth A., Etal: The algorithmic foundations of differential privacy. Found. Trends®, Theor. Comput. Sci, 9, 3-4, pp. 211-407, (2014)
[10] Abowd J.M., The us census bureau adopts differential privacy, Proceedings of the 24Th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, (2018)

← 1 2 3 4 →