12,327 research outputs found
Flexible Differentially Private Vertical Federated Learning with Adaptive Feature Embeddings
The emergence of vertical federated learning (VFL) has stimulated concerns
about the imperfection in privacy protection, as shared feature embeddings may
reveal sensitive information under privacy attacks. This paper studies the
delicate equilibrium between data privacy and task utility goals of VFL under
differential privacy (DP). To address the generality issue of prior arts, this
paper advocates a flexible and generic approach that decouples the two goals
and addresses them successively. Specifically, we initially derive a rigorous
privacy guarantee by applying norm clipping on shared feature embeddings, which
is applicable across various datasets and models. Subsequently, we demonstrate
that task utility can be optimized via adaptive adjustments on the scale and
distribution of feature embeddings in an accuracy-appreciative way, without
compromising established DP mechanisms. We concretize our observation into the
proposed VFL-AFE framework, which exhibits effectiveness against privacy
attacks and the capacity to retain favorable task utility, as substantiated by
extensive experiments
User's Privacy in Recommendation Systems Applying Online Social Network Data, A Survey and Taxonomy
Recommender systems have become an integral part of many social networks and
extract knowledge from a user's personal and sensitive data both explicitly,
with the user's knowledge, and implicitly. This trend has created major privacy
concerns as users are mostly unaware of what data and how much data is being
used and how securely it is used. In this context, several works have been done
to address privacy concerns for usage in online social network data and by
recommender systems. This paper surveys the main privacy concerns, measurements
and privacy-preserving techniques used in large-scale online social networks
and recommender systems. It is based on historical works on security,
privacy-preserving, statistical modeling, and datasets to provide an overview
of the technical difficulties and problems associated with privacy preserving
in online social networks.Comment: 26 pages, IET book chapter on big data recommender system
Recoverable Privacy-Preserving Image Classification through Noise-like Adversarial Examples
With the increasing prevalence of cloud computing platforms, ensuring data
privacy during the cloud-based image related services such as classification
has become crucial. In this study, we propose a novel privacypreserving image
classification scheme that enables the direct application of classifiers
trained in the plaintext domain to classify encrypted images, without the need
of retraining a dedicated classifier. Moreover, encrypted images can be
decrypted back into their original form with high fidelity (recoverable) using
a secret key. Specifically, our proposed scheme involves utilizing a feature
extractor and an encoder to mask the plaintext image through a newly designed
Noise-like Adversarial Example (NAE). Such an NAE not only introduces a
noise-like visual appearance to the encrypted image but also compels the target
classifier to predict the ciphertext as the same label as the original
plaintext image. At the decoding phase, we adopt a Symmetric Residual Learning
(SRL) framework for restoring the plaintext image with minimal degradation.
Extensive experiments demonstrate that 1) the classification accuracy of the
classifier trained in the plaintext domain remains the same in both the
ciphertext and plaintext domains; 2) the encrypted images can be recovered into
their original form with an average PSNR of up to 51+ dB for the SVHN dataset
and 48+ dB for the VGGFace2 dataset; 3) our system exhibits satisfactory
generalization capability on the encryption, decryption and classification
tasks across datasets that are different from the training one; and 4) a
high-level of security is achieved against three potential threat models. The
code is available at https://github.com/csjunjun/RIC.git.Comment: 23 pages, 9 figure
DP-Mix: Mixup-based Data Augmentation for Differentially Private Learning
Data augmentation techniques, such as simple image transformations and
combinations, are highly effective at improving the generalization of computer
vision models, especially when training data is limited. However, such
techniques are fundamentally incompatible with differentially private learning
approaches, due to the latter's built-in assumption that each training image's
contribution to the learned model is bounded. In this paper, we investigate why
naive applications of multi-sample data augmentation techniques, such as mixup,
fail to achieve good performance and propose two novel data augmentation
techniques specifically designed for the constraints of differentially private
learning. Our first technique, DP-Mix_Self, achieves SoTA classification
performance across a range of datasets and settings by performing mixup on
self-augmented data. Our second technique, DP-Mix_Diff, further improves
performance by incorporating synthetic data from a pre-trained diffusion model
into the mixup process. We open-source the code at
https://github.com/wenxuan-Bao/DP-Mix.Comment: 17 pages, 2 figures, to be published in Neural Information Processing
Systems 202
- …