Bounding data reconstruction attacks with the hypothesis testing interpretation of differential privacy

• URL: http://arxiv.org/abs/2307.03928v1
• Date: Sat, 8 Jul 2023 08:02:47 GMT
• Title: Bounding data reconstruction attacks with the hypothesis testing interpretation of differential privacy
• Authors: Georgios Kaissis, Jamie Hayes, Alexander Ziller, Daniel Rueckert
• Abstract summary: Reconstruction Robustness (ReRo) was recently proposed as an upper bound on the success of data reconstruction attacks against machine learning models. Previous research has demonstrated that differential privacy (DP) mechanisms also provide ReRo, but so far, only Monte Carlo estimates of a tight ReRo bound have been shown.
• Score: 78.32404878825845
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: We explore Reconstruction Robustness (ReRo), which was recently proposed as an upper bound on the success of data reconstruction attacks against machine learning models. Previous research has demonstrated that differential privacy (DP) mechanisms also provide ReRo, but so far, only asymptotic Monte Carlo estimates of a tight ReRo bound have been shown. Directly computable ReRo bounds for general DP mechanisms are thus desirable. In this work, we establish a connection between hypothesis testing DP and ReRo and derive closed-form, analytic or numerical ReRo bounds for the Laplace and Gaussian mechanisms and their subsampled variants.

Related papers

• Efficient and Private Marginal Reconstruction with Local Non-Negativity [28.968601257521644]
  We introduce a principled and efficient postprocessing method ReM for reconstructing answers to marginal queries. An extension GReM-LNN reconstructs marginals under Gaussian noise satisfying consistency and non-negativity. We demonstrate the utility of ReM and GReM-LNN by applying them to improve existing private query answering mechanisms.
  arXiv  Detail & Related papers  (2024-10-01T21:39:28Z)
• Model Reconstruction Using Counterfactual Explanations: A Perspective From Polytope Theory [9.771997770574947]
  We analyze how model reconstruction using counterfactuals can be improved. Our main contribution is to derive novel theoretical relationships between the error in model reconstruction and the number of counterfactual queries.
  arXiv  Detail & Related papers  (2024-05-08T18:52:47Z)
• Rethinking Radiology Report Generation via Causal Inspired Counterfactual Augmentation [11.266364967223556]
  Radiology Report Generation (RRG) draws attention as a vision-and-language interaction of biomedical fields. Previous works inherited the ideology of traditional language generation tasks, aiming to generate paragraphs with high readability as reports. Despite significant progress, the independence between diseases-a specific property of RRG-was neglected, yielding the models being confused by the co-occurrence of diseases brought on by the biased data distribution.
  arXiv  Detail & Related papers  (2023-11-22T10:55:36Z)
• Reconstructing Graph Diffusion History from a Single Snapshot [87.20550495678907]
  We propose a novel barycenter formulation for reconstructing Diffusion history from A single SnapsHot (DASH) We prove that estimation error of diffusion parameters is unavoidable due to NP-hardness of diffusion parameter estimation. We also develop an effective solver named DIffusion hiTting Times with Optimal proposal (DITTO)
  arXiv  Detail & Related papers  (2023-06-01T09:39:32Z)
• Variational Laplace Autoencoders [53.08170674326728]
  Variational autoencoders employ an amortized inference model to approximate the posterior of latent variables. We present a novel approach that addresses the limited posterior expressiveness of fully-factorized Gaussian assumption. We also present a general framework named Variational Laplace Autoencoders (VLAEs) for training deep generative models.
  arXiv  Detail & Related papers  (2022-11-30T18:59:27Z)
• Posterior Coreset Construction with Kernelized Stein Discrepancy for Model-Based Reinforcement Learning [78.30395044401321]
  We develop a novel model-based approach to reinforcement learning (MBRL) It relaxes the assumptions on the target transition model to belong to a generic family of mixture models. It can achieve up-to 50 percent reduction in wall clock time in some continuous control environments.
  arXiv  Detail & Related papers  (2022-06-02T17:27:49Z)
• CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks [58.29502185344086]
  In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks. It is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. We propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds.
  arXiv  Detail & Related papers  (2021-09-22T12:46:04Z)
• Oversampling Divide-and-conquer for Response-skewed Kernel Ridge Regression [20.00435452480056]
  We develop a novel response-adaptive partition strategy to overcome the limitation of the divide-and-conquer method. We show the proposed estimate has a smaller mean squared error (AMSE) than that of the classical dacKRR estimate under mild conditions.
  arXiv  Detail & Related papers  (2021-07-13T04:01:04Z)
• Cross-replication Reliability -- An Empirical Approach to Interpreting Inter-rater Reliability [2.2091544233596596]
  We present a new approach to interpreting IRR that is empirical and contextualized. It is based upon benchmarking IRR against baseline measures in a replication, one of which is a novel cross-replication reliability (xRR) measure based on Cohen's kappa.
  arXiv  Detail & Related papers  (2021-06-11T16:15:46Z)
• Lower bounds in multiple testing: A framework based on derandomized proxies [107.69746750639584]
  This paper introduces an analysis strategy based on derandomization, illustrated by applications to various concrete models. We provide numerical simulations of some of these lower bounds, and show a close relation to the actual performance of the Benjamini-Hochberg (BH) algorithm.
  arXiv  Detail & Related papers  (2020-05-07T19:59:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.