Analysis and Measurement of Attack Resilience of Differential Privacy
Guerra-Balboa, Patricia
1; Sauer, Annika 1; Strufe, Thorsten
1
1 Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL), Karlsruher Institut für Technologie (KIT)
1; Sauer, Annika 1; Strufe, Thorsten
11 Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL), Karlsruher Institut für Technologie (KIT)
Abstract (englisch):
Differential Privacy (DP) is the de facto standard privacy metric in private learning. Its robust mathematical definition makes it especially appealing for global data analytics without compromising individual privacy.
However, DP resilience against state-of-the-art attacks is not formalized consistently, and the interpretation of the privacy implications of parameter choices is not intuitive. This formalization is relevant because DP relies on the choice of a privacy budget, which is crucial in obtaining a good trade-off between the privacy of the individuals in the dataset and the utility of the results for data analysis.
This paper presents a systematic overview of theoretical bounds obtained in the literature on DP resilience against three types of attacks: the membership-inference, the attribute-inference, and the data reconstruction attacks. For each attack, we introduce tighter theoretical bounds and analyze the limitations of existing performance metrics. To overcome these limitations, we propose a new attack performance metric: Unbiased Reconstruction Robustness. In addition, we prove the relation between Unbiased Reconstruction Robustness and the already existing metrics, showing its consistency. ... mehr
However, DP resilience against state-of-the-art attacks is not formalized consistently, and the interpretation of the privacy implications of parameter choices is not intuitive. This formalization is relevant because DP relies on the choice of a privacy budget, which is crucial in obtaining a good trade-off between the privacy of the individuals in the dataset and the utility of the results for data analysis.
This paper presents a systematic overview of theoretical bounds obtained in the literature on DP resilience against three types of attacks: the membership-inference, the attribute-inference, and the data reconstruction attacks. For each attack, we introduce tighter theoretical bounds and analyze the limitations of existing performance metrics. To overcome these limitations, we propose a new attack performance metric: Unbiased Reconstruction Robustness. In addition, we prove the relation between Unbiased Reconstruction Robustness and the already existing metrics, showing its consistency. ... mehr
| Zugehörige Institution(en) am KIT | Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 21.11.2024 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-84-00-71239-5 KITopen-ID: 1000176708 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | WPES '24: Proceedings of the 23rd Workshop on Privacy in the Electronic Society. Ed.: E. Ayday |
| Veranstaltung | 23rd Workshop on Privacy in the Electronic Society (WPES 2024), Salt Lake City, UT, USA, 14.10.2024 – 18.10.2024 |
| Verlag | Association for Computing Machinery (ACM) |
| Seiten | 155–171 |
| Nachgewiesen in | Dimensions |