Supervised Machine Learning with Plausible Deniability
- URL: http://arxiv.org/abs/2106.04267v1
- Date: Tue, 8 Jun 2021 11:54:51 GMT
- Title: Supervised Machine Learning with Plausible Deniability
- Authors: Stefan Rass, Sandra K\"onig, Jasmin Wachter, Manuel Egger, Manuel
Hobisch
- Abstract summary: We study the question of how well machine learning (ML) models trained on a certain data set provide privacy for the training data.
We show that one can take a set of purely random training data, and from this define a suitable learning rule'' that will produce a ML model that is exactly $f$.
- Score: 1.685485565763117
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: We study the question of how well machine learning (ML) models trained on a
certain data set provide privacy for the training data, or equivalently,
whether it is possible to reverse-engineer the training data from a given ML
model. While this is easy to answer negatively in the most general case, it is
interesting to note that the protection extends over non-recoverability towards
plausible deniability: Given an ML model $f$, we show that one can take a set
of purely random training data, and from this define a suitable ``learning
rule'' that will produce a ML model that is exactly $f$. Thus, any speculation
about which data has been used to train $f$ is deniable upon the claim that any
other data could have led to the same results. We corroborate our theoretical
finding with practical examples, and open source implementations of how to find
the learning rules for a chosen set of raining data.
Related papers
- Training on the Benchmark Is Not All You Need [52.01920740114261]
We propose a simple and effective data leakage detection method based on the contents of multiple-choice options.
Our method is able to work under black-box conditions without access to model training data or weights.
We evaluate the degree of data leakage of 31 mainstream open-source LLMs on four benchmark datasets.
arXiv Detail & Related papers (2024-09-03T11:09:44Z) - AI Model Disgorgement: Methods and Choices [127.54319351058167]
We introduce a taxonomy of possible disgorgement methods that are applicable to modern machine learning systems.
We investigate the meaning of "removing the effects" of data in the trained model in a way that does not require retraining from scratch.
arXiv Detail & Related papers (2023-04-07T08:50:18Z) - Verifiable and Provably Secure Machine Unlearning [37.353982787321385]
Machine unlearning aims to remove points from the training dataset of a machine learning model after training.
We present the first cryptographic definition of verifiable unlearning to capture the guarantees of a machine unlearning system.
We implement the protocol for three different unlearning techniques to validate its feasibility for linear regression, logistic regression, and neural networks.
arXiv Detail & Related papers (2022-10-17T14:19:52Z) - Learning from aggregated data with a maximum entropy model [73.63512438583375]
We show how a new model, similar to a logistic regression, may be learned from aggregated data only by approximating the unobserved feature distribution with a maximum entropy hypothesis.
We present empirical evidence on several public datasets that the model learned this way can achieve performances comparable to those of a logistic model trained with the full unaggregated data.
arXiv Detail & Related papers (2022-10-05T09:17:27Z) - Datamodels: Predicting Predictions from Training Data [86.66720175866415]
We present a conceptual framework, datamodeling, for analyzing the behavior of a model class in terms of the training data.
We show that even simple linear datamodels can successfully predict model outputs.
arXiv Detail & Related papers (2022-02-01T18:15:24Z) - Zero-Shot Machine Unlearning [6.884272840652062]
Modern privacy regulations grant citizens the right to be forgotten by products, services and companies.
No data related to the training process or training samples may be accessible for the unlearning purpose.
We propose two novel solutions for zero-shot machine unlearning based on (a) error minimizing-maximizing noise and (b) gated knowledge transfer.
arXiv Detail & Related papers (2022-01-14T19:16:09Z) - An Information-Theoretic Approach to Personalized Explainable Machine
Learning [92.53970625312665]
We propose a simple probabilistic model for the predictions and user knowledge.
We quantify the effect of an explanation by the conditional mutual information between the explanation and prediction.
arXiv Detail & Related papers (2020-03-01T13:06:29Z) - Approximate Data Deletion from Machine Learning Models [31.689174311625084]
Deleting data from a trained machine learning (ML) model is a critical task in many applications.
We propose a new approximate deletion method for linear and logistic models.
We also develop a new feature-injection test to evaluate the thoroughness of data deletion from ML models.
arXiv Detail & Related papers (2020-02-24T05:12:03Z) - Certified Data Removal from Machine Learning Models [79.91502073022602]
Good data stewardship requires removal of data at the request of the data's owner.
This raises the question if and how a trained machine-learning model, which implicitly stores information about its training data, should be affected by such a removal request.
We study this problem by defining certified removal: a very strong theoretical guarantee that a model from which data is removed cannot be distinguished from a model that never observed the data to begin with.
arXiv Detail & Related papers (2019-11-08T03:57:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.