237 research outputs found
A Survey on Differential Privacy with Machine Learning and Future Outlook
Nowadays, machine learning models and applications have become increasingly
pervasive. With this rapid increase in the development and employment of
machine learning models, a concern regarding privacy has risen. Thus, there is
a legitimate need to protect the data from leaking and from any attacks. One of
the strongest and most prevalent privacy models that can be used to protect
machine learning models from any attacks and vulnerabilities is differential
privacy (DP). DP is strict and rigid definition of privacy, where it can
guarantee that an adversary is not capable to reliably predict if a specific
participant is included in the dataset or not. It works by injecting a noise to
the data whether to the inputs, the outputs, the ground truth labels, the
objective functions, or even to the gradients to alleviate the privacy issue
and protect the data. To this end, this survey paper presents different
differentially private machine learning algorithms categorized into two main
categories (traditional machine learning models vs. deep learning models).
Moreover, future research directions for differential privacy with machine
learning algorithms are outlined.Comment: 12 pages, 3 figure
Privacy Amplification by Iteration
Many commonly used learning algorithms work by iteratively updating an
intermediate solution using one or a few data points in each iteration.
Analysis of differential privacy for such algorithms often involves ensuring
privacy of each step and then reasoning about the cumulative privacy cost of
the algorithm. This is enabled by composition theorems for differential privacy
that allow releasing of all the intermediate results. In this work, we
demonstrate that for contractive iterations, not releasing the intermediate
results strongly amplifies the privacy guarantees.
We describe several applications of this new analysis technique to solving
convex optimization problems via noisy stochastic gradient descent. For
example, we demonstrate that a relatively small number of non-private data
points from the same distribution can be used to close the gap between private
and non-private convex optimization. In addition, we demonstrate that we can
achieve guarantees similar to those obtainable using the
privacy-amplification-by-sampling technique in several natural settings where
that technique cannot be applied.Comment: Extended abstract appears in Foundations of Computer Science (FOCS)
201
- …