PASS: Private Attributes Protection with Stochastic Data Substitution

TL;DR

PASS introduces a stochastic data substitution method to better protect private attributes in machine learning data, overcoming vulnerabilities of previous adversarial training approaches and maintaining data utility across diverse datasets.

Contribution

The paper proposes PASS, a novel stochastic substitution technique with a new information-theoretic loss, enhancing privacy protection and utility preservation in ML data.

Findings

PASS effectively protects private attributes across multiple data modalities.

PASS outperforms existing methods in privacy-utility trade-offs.

The approach demonstrates strong generalizability and robustness.

Abstract

The growing Machine Learning (ML) services require extensive collections of user data, which may inadvertently include people's private information irrelevant to the services. Various studies have been proposed to protect private attributes by removing them from the data while maintaining the utilities of the data for downstream tasks. Nevertheless, as we theoretically and empirically show in the paper, these methods reveal severe vulnerability because of a common weakness rooted in their adversarial training based strategies. To overcome this limitation, we propose a novel approach, PASS, designed to stochastically substitute the original sample with another one according to certain probabilities, which is trained with a novel loss function soundly derived from information-theoretic objective defined for utility-preserving private attributes protection. The comprehensive evaluation of PASS on various datasets of different modalities, including facial images, human activity sensory signals, and voice recording datasets, substantiates PASS's effectiveness and generalizability.