Real-Time Privacy Risk Measurement with Privacy Tokens for Gradient Leakage

TL;DR

This paper introduces privacy tokens and mutual information metrics for real-time, proactive measurement of privacy risks from gradient leakage during deep learning training, moving beyond reactive attack simulations.

Contribution

It proposes a novel privacy risk assessment framework using privacy tokens and mutual information, enabling continuous, real-time privacy monitoring during training.

Findings

Privacy tokens effectively encapsulate gradient features.

Mutual information provides precise leakage quantification.

Framework enables proactive privacy risk assessment.

Abstract

The widespread deployment of deep learning models in privacy-sensitive domains has amplified concerns regarding privacy risks, particularly those stemming from gradient leakage during training. Current privacy assessments primarily rely on post-training attack simulations. However, these methods are inherently reactive, unable to encompass all potential attack scenarios, and often based on idealized adversarial assumptions. These limitations underscore the need for proactive approaches to privacy risk assessment during the training process. To address this gap, we propose the concept of privacy tokens, which are derived directly from private gradients during training. Privacy tokens encapsulate gradient features and, when combined with data features, offer valuable insights into the extent of private information leakage from training data, enabling real-time measurement of privacy risks without relying on adversarial attack simulations. Additionally, we employ Mutual Information (MI) as a robust metric to quantify the relationship between training data and gradients, providing precise and continuous assessments of privacy leakage throughout the training process. Extensive experiments validate our framework, demonstrating the effectiveness of privacy tokens and MI in identifying and quantifying privacy risks. This proactive approach marks a significant advancement in privacy monitoring, promoting the safer deployment of deep learning models in sensitive applications.