Generalised Likelihood Ratio Testing Adversaries through the Differential Privacy Lens
Georgios Kaissis, Alexander Ziller, Stefan Kolek Martinez de Azagra,, Daniel Rueckert
TL;DR
This paper explores how relaxing the assumption of optimal adversaries in differential privacy to generalized likelihood tests enhances privacy guarantees, with theoretical analysis and numerical validation.
Contribution
It introduces a framework for analyzing privacy under GLRT adversaries, extending Gaussian DP and $( ext{ε,δ})$-DP, and provides composition and subsampling results.
Findings
Improved privacy bounds under GLRT adversaries.
Numerical results match theoretical upper bounds.
Enhanced understanding of privacy guarantees in practical scenarios.
Abstract
Differential Privacy (DP) provides tight upper bounds on the capabilities of optimal adversaries, but such adversaries are rarely encountered in practice. Under the hypothesis testing/membership inference interpretation of DP, we examine the Gaussian mechanism and relax the usual assumption of a Neyman-Pearson-Optimal (NPO) adversary to a Generalized Likelihood Test (GLRT) adversary. This mild relaxation leads to improved privacy guarantees, which we express in the spirit of Gaussian DP and -DP, including composition and sub-sampling results. We evaluate our results numerically and find them to match the theoretical upper bounds.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Adversarial Robustness in Machine Learning · Statistical Methods and Inference
MethodsTest