Online Program Home
  My Program

All Times EDT

Abstract Details

Activity Number: 20 - Industrial Data Science: Transforming Analytics into Business Impact
Type: Topic-Contributed
Date/Time: Sunday, August 8, 2021 : 1:30 PM to 3:20 PM
Sponsor: Section on Statistical Learning and Data Science
Abstract #317442
Title: Privacy Risk Evaluation for Deep Neural Networks
Author(s): Sen Yuan*
Companies: Facebook
Keywords: Differential Privacy; DP-SGD; PPML; Threat model; Deep Neural Networks; Privacy Risk
Abstract:

Deep neural networks have been widely adopted in verticals such as healthcare, banking, e-commerce etc. to address business challenges. There is growing trend of protecting user privacy due to General Data Protection Regulation (GDPR) or other privacy related law regulations. Consequently, designing deep neural network systems that protect user privacy has been brought to the spotlight in recent years. One big challenge for developing such privacy preserving machine learning (PPML) systems is to evaluate their privacy risks. Recent works such as differentially private SGD (DP-SGD) successfully addresses the theoretical privacy risk upper bound estimation issue. Nevertheless, threat model specific understanding of PPML designs are still not well studied. In this work, we propose a set of methods to gauge privacy risks under various threat models for deep neural networks. We compare our privacy assessment with provable DP-SGD upper bound to demonstrate the gap between theoretical bound and threat model specific risk. We hope our works provide practical guidance on choosing reasonable strategies for privacy enhancement and risk measurement.


Authors who are presenting talks have a * after their name.

Back to the full JSM 2021 program