TL;DR
This paper investigates how the magnitude of model representations relates to privacy vulnerabilities in machine learning, proposing a novel module to mitigate membership privacy leakage while preserving model performance.
Contribution
It introduces the Saturn Ring Classifier Module (SRCM), a plug-in solution that reduces privacy vulnerability by controlling representation magnitude disparity.
Findings
Representation magnitude disparity correlates with privacy vulnerability.
SRCM effectively mitigates membership privacy leakage.
Model generalizability is maintained with SRCM.
Abstract
The privacy-preserving approaches to machine learning (ML) models have made substantial progress in recent years. However, it is still opaque in which circumstances and conditions the model becomes privacy-vulnerable, leading to a challenge for ML models to maintain both performance and privacy. In this paper, we first explore the disparity between member and non-member data in the representation of models under common training frameworks. We identify how the representation magnitude disparity correlates with privacy vulnerability and address how this correlation impacts privacy vulnerability. Based on the observations, we propose Saturn Ring Classifier Module (SRCM), a plug-in model-level solution to mitigate membership privacy leakage. Through a confined yet effective representation space, our approach ameliorates models' privacy vulnerability while maintaining generalizability. The…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
