1 / 11

Privacy-preserving Prediction

Privacy-preserving Prediction. Vitaly Feldman Brain. with Cynthia Dwork. Privacy-preserving learning. Input: dataset Goal : given predict. Differentially private learning algorithm. Model. Trade-offs. Linear regression in With -DP needs factor more data

ianc
Download Presentation

Privacy-preserving Prediction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy-preserving Prediction Vitaly Feldman Brain with Cynthia Dwork

  2. Privacy-preserving learning • Input:dataset • Goal:given predict Differentially private learning algorithm Model

  3. Trade-offs Linear regression in With -DP needs factor more data [Bassily,Smith,Thakurta 14] Learning a linear classifier over Needs factor more data [Feldman,Xiao 13] MNIST accuracy with small vs 99.8% without privacy [AbadiCGMMTZ 16]

  4. Prediction Users need predictions not models Fits many existing systems Prediction API Users DP

  5. Attacks Black-box membership inference with high accuracy [Shokri,Stronati,Song,Shmatikov 17; LongBWBWTGC 18; SalemZFHB 18]

  6. Learning with DP prediction Accuracy-privacy trade-off Single prediction query • Differentially private prediction : • is -DP prediction algorithm if for every , is -DP private w.r.t.

  7. Label aggregation • [HCB 16; PAEGT 17; PSMRTE 18; BTT 18] (non-DP) learning algo Differentially private aggregation e.g. exponential mechanism

  8. Classification via aggregation PAC model: Let be a class of function over For all distributions over output such that w.h.p. • Realizable case: Agnostic: • Representation dimension[Beimel,Nissim,Stemmer 13] • [KLNRS 08] • For many classes [F.,Xiao 13]

  9. Prediction stability • À la [Bousquet,Elisseeff 02]: • is uniformly -stable algorithm if for every, neighboring and , • Convex regression: given • For over ,minimize: • over convex , where is convex in for all • Convex -Lipschitz regression over ball of radius : • Excess loss:

  10. Beyond aggregation • Threshold functions on a line Excess error for agnostic learning DP prediction implies generalization

  11. Conclusions • Natural setting for learning with privacy • Better accuracy-privacy trade-off • Paper (COLT 2018): https://arxiv.org/abs/1803.10266 • Open problems: • General agnostic learning • Other general approaches • Handling of multiple queries [BTT 18]

More Related