Decoupling Generalizability and Membership Privacy Risks in Neural Networks
Xingli Fang, Jung-Eun Kim
TL;DR
This paper introduces a new training principle that separates generalizability from privacy risks in neural networks, enabling models to maintain performance while enhancing privacy.
Contribution
The paper proposes the Privacy-Preserving Training Principle (PPTP), a novel approach to decouple and mitigate privacy risks without sacrificing model generalizability.
Findings
PPTP effectively reduces privacy risks in neural networks.
Models trained with PPTP maintain higher utility compared to existing methods.
Extensive evaluations confirm improved privacy preservation with minimal utility loss.
Abstract
A deep learning model usually has to sacrifice some utilities when it acquires some other abilities or characteristics. Privacy preservation has such trade-off relationships with utilities. The loss disparity between various defense approaches implies the potential to decouple generalizability and privacy risks to maximize privacy gain. In this paper, we identify that the model's generalization and privacy risks exist in different regions in deep neural network architectures. Based on the observations that we investigate, we propose Privacy-Preserving Training Principle (PPTP) to protect model components from privacy risks while minimizing the loss in generalizability. Through extensive evaluations, our approach shows significantly better maintenance in model generalizability while enhancing privacy preservation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Adversarial Robustness in Machine Learning · Advanced Graph Neural Networks