3. Some challenges of learning from private data
?
Membership attacks
Shokri et al. (2016) Membership Inference Attacks against ML Models
https://arxiv.org/abs/1610.05820
Training-data extraction attacks
Fredrikson et al. (2015) Model Inversion Attacks
https://www.cs.cmu.edu/~mfredrik/papers/fjr2015ccs.pdf
?
?
?
?
10. By Carefully Controlling the Random Noise
We can Ensure Model has Differential Privacy
DD′
Training Data ModelSGD
Editor's Notes
More robust
Also saves us from worrying about counting uses of the model
In application to machine learning example, the adversary has two alternative - D and D’, red and blue, that differ in a single training example. After examining the trained model, the adversary cannot tell with confidence whether the input was red or blue.