Metric-Normalized Posterior Leakage (mPL): Attacker-Aligned Privacy for Joint Consumption
Gaoyi Chen, Minghao Li, Weishi Shi, Yan Huang, Yusheng Wei, Sourabh Yadav, Chenxi Qiu
TL;DR
This paper introduces metric-normalized posterior leakage (mPL), a privacy measure aligned with attacker inference, and proposes a practical framework (AmPL) to control privacy leakage in joint ML consumption scenarios.
Contribution
It formalizes probabilistically bounded mPL (PBmPL) and operationalizes it through Adaptive mPL (AmPL), improving privacy guarantees under joint observation.
Findings
Neural adversaries can violate mPL under joint consumption despite mDP.
AmPL reduces the frequency of privacy violations in a word-embedding case study.
AmPL maintains low utility loss while providing certifiable privacy protection.
Abstract
Metric differential privacy (mDP) strengthens local differential privacy (LDP) by scaling noise to semantic distance, but many machine learning (ML) systems are consumed under joint observation, where model-agnostic, per-record guarantees can miss leakage from evidence aggregation. We introduce metric-normalized posterior leakage (mPL), an attacker-aligned, distance-calibrated measure of posterior-odds shift induced by releases, and show that for single or independent releases, uniformly bounding mPL is equivalent to mDP. Under joint observation, however, satisfying mDP may still leave mPL high because learned aggregators compound evidence across correlated items. To make control practical, we formalize probabilistically bounded mPL (PBmPL), which limits how often mPL may exceed a target budget, and we operationalize it via Adaptive mPL (AmPL), a trust-and-verify framework that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.