Content-Aware Differential Privacy with Conditional Invertible Neural Networks

• URL: http://arxiv.org/abs/2207.14625v1
• Date: Fri, 29 Jul 2022 11:52:16 GMT
• Title: Content-Aware Differential Privacy with Conditional Invertible Neural Networks
• Authors: Malte T\"olle, Ullrich K\"othe, Florian Andr\'e, Benjamin Meder, Sandy Engelhardt
• Abstract summary: Invertible Neural Networks (INNs) have shown excellent generative performance while still providing the ability to quantify the exact likelihood. We hypothesize that adding noise to the latent space of an INN can enable differentially private image modification. We conduct experiments on publicly available benchmarking datasets as well as dedicated medical ones.
• Score: 0.7102341019971402
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Differential privacy (DP) has arisen as the gold standard in protecting an individual's privacy in datasets by adding calibrated noise to each data sample. While the application to categorical data is straightforward, its usability in the context of images has been limited. Contrary to categorical data the meaning of an image is inherent in the spatial correlation of neighboring pixels making the simple application of noise infeasible. Invertible Neural Networks (INN) have shown excellent generative performance while still providing the ability to quantify the exact likelihood. Their principle is based on transforming a complicated distribution into a simple one e.g. an image into a spherical Gaussian. We hypothesize that adding noise to the latent space of an INN can enable differentially private image modification. Manipulation of the latent space leads to a modified image while preserving important details. Further, by conditioning the INN on meta-data provided with the dataset we aim at leaving dimensions important for downstream tasks like classification untouched while altering other parts that potentially contain identifying information. We term our method content-aware differential privacy (CADP). We conduct experiments on publicly available benchmarking datasets as well as dedicated medical ones. In addition, we show the generalizability of our method to categorical data. The source code is publicly available at https://github.com/Cardio-AI/CADP.

Related papers

• Integrating kNN with Foundation Models for Adaptable and Privacy-Aware Image Classification [0.13108652488669734]
  Traditional deep learning models implicity encode knowledge limiting their transparency and ability to adapt to data changes. We address this limitation by storing embeddings of the underlying training data independently of the model weights. Our approach integrates the $k$-Nearest Neighbor ($k$-NN) classifier with a vision-based foundation model, pre-trained self-supervised on natural images.
  arXiv  Detail & Related papers  (2024-02-19T20:08:13Z)
• Fine-grained Recognition with Learnable Semantic Data Augmentation [68.48892326854494]
  Fine-grained image recognition is a longstanding computer vision challenge. We propose diversifying the training data at the feature-level to alleviate the discriminative region loss problem. Our method significantly improves the generalization performance on several popular classification networks.
  arXiv  Detail & Related papers  (2023-09-01T11:15:50Z)
• Differentially Private Graph Neural Network with Importance-Grained Noise Adaption [6.319864669924721]
  Graph Neural Networks (GNNs) with differential privacy have been proposed to preserve graph privacy when nodes represent personal and sensitive information. We study the problem of importance-grained privacy, where nodes contain personal data that need to be kept private but are critical for training a GNN. We propose NAP-GNN, a node-grained privacy-preserving GNN algorithm with privacy guarantees based on adaptive differential privacy to safeguard node information.
  arXiv  Detail & Related papers  (2023-08-09T13:18:41Z)
• ConfounderGAN: Protecting Image Data Privacy with Causal Confounder [85.6757153033139]
  We propose ConfounderGAN, a generative adversarial network (GAN) that can make personal image data unlearnable to protect the data privacy of its owners. Experiments are conducted in six image classification datasets, consisting of three natural object datasets and three medical datasets.
  arXiv  Detail & Related papers  (2022-12-04T08:49:14Z)
• Synthetic Dataset Generation for Privacy-Preserving Machine Learning [7.489265323050362]
  We propose a method to generate secure synthetic datasets from the original private datasets. We show that our proposed method preserves data-privacy under various privacy-leakage attacks.
  arXiv  Detail & Related papers  (2022-10-06T20:54:52Z)
• Syfer: Neural Obfuscation for Private Data Release [58.490998583666276]
  We develop Syfer, a neural obfuscation method to protect against re-identification attacks. Syfer composes trained layers with random neural networks to encode the original data. It maintains the ability to predict diagnoses from the encoded data.
  arXiv  Detail & Related papers  (2022-01-28T20:32:04Z)
• Partial sensitivity analysis in differential privacy [58.730520380312676]
  We investigate the impact of each input feature on the individual's privacy loss. We experimentally evaluate our approach on queries over private databases. We also explore our findings in the context of neural network training on synthetic data.
  arXiv  Detail & Related papers  (2021-09-22T08:29:16Z)
• Data-driven Meta-set Based Fine-Grained Visual Classification [61.083706396575295]
  We propose a data-driven meta-set based approach to deal with noisy web images for fine-grained recognition. Specifically, guided by a small amount of clean meta-set, we train a selection net in a meta-learning manner to distinguish in- and out-of-distribution noisy images.
  arXiv  Detail & Related papers  (2020-08-06T03:04:16Z)
• RDP-GAN: A R\'enyi-Differential Privacy based Generative Adversarial Network [75.81653258081435]
  Generative adversarial network (GAN) has attracted increasing attention recently owing to its impressive ability to generate realistic samples with high privacy protection. However, when GANs are applied on sensitive or private training examples, such as medical or financial records, it is still probable to divulge individuals' sensitive and private information. We propose a R'enyi-differentially private-GAN (RDP-GAN), which achieves differential privacy (DP) in a GAN by carefully adding random noises on the value of the loss function during training.
  arXiv  Detail & Related papers  (2020-07-04T09:51:02Z)
• Privacy-Preserving Image Classification in the Local Setting [17.375582978294105]
  Local Differential Privacy (LDP) brings us a promising solution, which allows the data owners to randomly perturb their input to provide the plausible deniability of the data before releasing. In this paper, we consider a two-party image classification problem, in which data owners hold the image and the untrustworthy data user would like to fit a machine learning model with these images as input. We propose a supervised image feature extractor, DCAConv, which produces an image representation with scalable domain size.
  arXiv  Detail & Related papers  (2020-02-09T01:25:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.