Abstract
Differential privacy (DP) is considered a de-facto standard for protecting users' privacy in data analysis, machine, and deep learning. Existing DP-based privacy-preserving training approaches consist of adding noise to the clients' gradients before sharing them with the server. However, implementing DP on the gradient is not efficient as the privacy leakage increases by increasing the synchronization training epochs due to the composition theorem. Recently researchers were able to recover images used in the training dataset using Generative Regression Neural Network (GRNN) even when the gradient was protected by DP. In this paper, we propose two layers of privacy protection approach to overcome the limitations of the existing DP-based approaches. The first layer reduces the dimension of the training dataset based on Hensel's Lemma. We are the first to use Hensel's Lemma for reducing the dimension (i.e., compress) of a dataset. The new dimensionality reduction method allows reducing the dimension of a dataset without losing information since Hensel's Lemma guarantees uniqueness. The second layer applies DP to the compressed dataset generated by the first layer. The proposed approach overcomes the problem of privacy leakage due to composition by applying DP only once before the training; clients train their local model on the privacy-preserving dataset generated by the second layer. Experimental results show that the proposed approach ensures strong privacy protection while achieving good accuracy. The new dimensionality reduction method achieves an accuracy of 97%, with only 25 % of the original data size.
Highlights
I N recent years, deep learning (DL) demonstrates a big success in many fields such as Healthcare, Marketing, Transportation, etc
CONTRIBUTIONS This paper presents a detailed survey of Differential privacy (DP) mechanisms designed for PP in DL and federated learning (FL), we bridge the gap of the existing literature by providing:
We present the different probability distributions proposed in the literature and satisfy either ε-DP or (ε, δ)-DP
Summary
I N recent years, deep learning (DL) demonstrates a big success in many fields such as Healthcare, Marketing, Transportation, etc. Techniques protecting users’ privacy during the training These techniques allow collaboratively training a model between many clients (i.e., parties) while keeping the dataset of each client private. DP is used for protecting users’ privacy while interrogating a database This is because an attacker with some background knowledge can perform some count and sum queries on a database and conclude the sensitive information of the victim. By limiting the distance between classes and the whole dataset, the amount of useful information that an adversary can learn from the quasi-identifier values of an individual and the distribution of the class is limited and does not reveal precious information Since it limits disclosure about the correlation between quasiidentifier attributes and the sensitive attribute.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
