Privacy Preserving Machine Learning Workflow: from Anonymization to Personalized Differential Privacy Budgets in Federated Learning

TL;DR

This paper proposes a comprehensive federated learning workflow that incorporates anonymization, client drift detection, and personalized differential privacy budgets to enhance privacy and model performance on sensitive data.

Contribution

It introduces a formal definition of client drift, methods for detecting it, and a novel approach for assigning personalized privacy budgets based on re-identification risk.

Findings

Personalized privacy budgets improve model accuracy over fixed budgets.

The methodology effectively detects client drift to mitigate poisoning attacks.

Experimental results on medical data validate the approach's effectiveness.

Abstract

The growing development of artificial intelligence based solutions, together with privacy legislation, has driven the rise of the so-called privacy preserving machine learning architectures, such as federated learning. While federated learning enables model training on decentralized data preventing their sharing and centralization, it still faces several challenges related to data integrity and privacy. This paper presents a comprehensive privacy preserving federated learning workflow for sensitive tabular data, including anonymization and differential privacy techniques. We also introduce a formal definition for the concept of client drift, together with ways of detecting it to mitigate poisoning attacks. Then, we detail a complete methodology for assigning personalized privacy budgets for global differential privacy to the different clients participating in the network, based on a re-identification risk metric. The proposed methodology is presented and tested on an openly available dataset of medical records. Within the experimental setup we show that the approach based on personalized budgets, compared to the architecture including global differential privacy with fixed privacy budget, achieves a better model performance in terms of two error metrics.