Evaluating differentially private decision tree model over model inversion attack

Machine learning techniques have been widely used and shown remarkable performance in various fields. Along with the widespread utilization of machine learning, concerns about privacy violations have been raised. Recently, as privacy invasion attacks on machine learning models have been reported, research on privacy-preserving machine learning has been conducted. In particular, in the field of differential privacy, which is the rigorous notion of privacy, various mechanisms have been proposed to preserve privacy of machine learning models. However, there is a lack of research that analyzes the relationship between the degree of privacy guarantee and substantial privacy breach attacks. In this paper, we analyze the relationship between differentially private models and privacy breach attacks according to the degree of privacy preservation and study how to set appropriate privacy parameters. In particular, we focus on the model inversion attack for decision trees and analyze various differentially private decision tree algorithms over the attack. Our main finding from investigating the trade-off between data privacy and model utility is that well-designed differentially private algorithms can significantly mitigate the substantial privacy invasion attack while preserving model utility.