Deep Learning with Gaussian Differential Privacy

Bu, Zhiqi; Dong, Jinshuo; Long, Qi; Su, Weijie

doi:10.1162/99608f92.cfc5dd25

Cited by 106 publications

(85 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cryptography based privacy-preserving methods, such as secure aggregation protocol [5], Homomorphic Encryption (HE) [3,27], Diferential Privacy (DP) [7,9,10] have been developed for privacy-preserving learning, for instance, linear regression model [12,35], decision trees [4,6], deep neural networks [19,20,27]. However, the cryptography operations are computationally expensive, and the consistency of visual patterns of images is generally not guaranteed in encrypted data format, which usually leads to a learning model with poor generalization ability.…”

Section: Related Workmentioning

confidence: 99%

GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

Ren

Deng

Xie

2022

ACM Trans. Intell. Syst. Technol.

View full text Add to dashboard Cite

Data privacy has become an increasingly important issue in Machine Learning (ML), where many approaches have been developed to tackle this challenge, e.g. cryptography (Homomorphic Encryption (HE), Differential Privacy (DP), etc. ) and collaborative training (Secure Multi-Party Computation (MPC), Distributed Learning and Federated Learning (FL)). These techniques have a particular focus on data encryption or secure local computation. They transfer the intermediate information to the third party to compute the final result. Gradient exchanging is commonly considered to be a secure way of training a robust model collaboratively in Deep Learning (DL). However, recent researches have demonstrated that sensitive information can be recovered from the shared gradient. Generative Adversarial Network (GAN), in particular, has shown to be effective in recovering such information. However, GAN based techniques require additional information, such as class labels which are generally unavailable for privacy-preserved learning. In this paper, we show that, in the FL system, image-based privacy data can be easily recovered in full from the shared gradient only via our proposed Generative Regression Neural Network (GRNN). We formulate the attack to be a regression problem and optimize two branches of the generative model by minimizing the distance between gradients. We evaluate our method on several image classification tasks. The results illustrate that our proposed GRNN outperforms state-of-the-art methods with better stability, stronger robustness, and higher accuracy. It also has no convergence requirement to the global FL model. Moreover, we demonstrate information leakage using face re-identification. Some defense strategies are also discussed in this work.

show abstract

Section: Related Workmentioning

confidence: 99%

GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

Ren

Deng

Xie

2022

ACM Trans. Intell. Syst. Technol.

View full text Add to dashboard Cite

show abstract

“…The red lines are obtained via Corollary 4, while the blue dashed lines are produced by the tensorflow/privacy library. See https://github.com/tenso rflow/ privacy for the details of the setting and more experiments in follow-up work (Bu et al, 2019) [Colour figure can be viewed at wileyonlinelibrary.com] where x * is the unique fixed point of f. We will let the sampling fraction p tend to 0 as T approaches infinity. In the following theorem, a 2 + is a short-hand for (max{a, 0}) 2 .…”

Section: Asymptotic Privacy Analysismentioning

confidence: 99%

Sebastian Dietz’s Contribution to the Discussion of ‘Gaussian Differential Privacy’ by Dong et al.

Dietz

2022

Journal of the Royal Statistical Society Series B: Statistical Methodology

View full text Add to dashboard Cite

show abstract

“…Another PPDL method that utilizes differential privacy is Bu19 [92]. Bu19 proposes Gaussian Differential Privacy (Gaussian DP) which formalizes the original DP technique as a hypothesis test from the adversaries' perspective.The Table 4 shows the features of our surveyed differential privacy-based PPDL.…”

Section: Differential Privacy-based Ppdlmentioning

confidence: 99%

Privacy-Preserving Deep Learning on Machine Learning as a Service—a Comprehensive Survey

et al. 2020

View full text Add to dashboard Cite

The exponential growth of big data and deep learning has increased the data exchange traffic in society. Machine Learning as a Service, (MLaaS) which leverages deep learning techniques for predictive analytics to enhance decision-making, has become a hot commodity. However, the adoption of MLaaS introduces data privacy challenges for data owners and security challenges for deep learning model owners. Data owners are concerned about the safety and privacy of their data on MLaaS platforms, while MLaaS platform owners worry that their models could be stolen by adversaries who pose as clients. Consequently, Privacy-Preserving Deep Learning (PPDL) arises as a possible solution to this problem. Recently, several papers about PPDL for MLaaS have been published. However, to the best of our knowledge, no previous paper has summarized the existing literature on PPDL and its specific applicability to the MLaaS environment. In this paper, we present a comprehensive survey of privacypreserving techniques, starting from classical privacy-preserving techniques to well-known deep learning techniques. Additionally, we present a detailed description of PPDL and address the issue of using PPDL for MLaaS. Furthermore, we undertake detailed comparisons between state-of-the-art PPDL methods. Subsequently, we classify an adversarial model on PPDL by highlighting possible PPDL attacks and their potential solutions. Ultimately, our paper serves as a single point of reference for detailed knowledge on PPDL and its applicability to MLaaS environments for both new and experienced researchers.

show abstract

Deep Learning with Gaussian Differential Privacy

Cited by 106 publications

References 36 publications

GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

Sebastian Dietz’s Contribution to the Discussion of ‘Gaussian Differential Privacy’ by Dong et al.

Privacy-Preserving Deep Learning on Machine Learning as a Service—a Comprehensive Survey

Contact Info

Product

Resources

About