CreatorsPublishersAdvertisers
View more in
Science

Title:Partial sensitivity analysis in differential privacy

By Tamara T. Mueller, Alexander Ziller, Dmitrii Usynin, Moritz Knolle, Friederike Jungmann, Daniel Rueckert, Georgios Kaissis
arxiv.org
 6 days ago

Authors:Tamara T. Mueller, Alexander Ziller, Dmitrii Usynin, Moritz Knolle, Friederike Jungmann, Daniel Rueckert, Georgios Kaissis. Abstract: Differential privacy (DP) allows the quantification of privacy loss when the data of individuals is subjected to algorithmic processing such as machine learning, as well as the provision of objective privacy guarantees. However, while techniques such as individual Rényi DP (RDP) allow for granular, per-person privacy accounting, few works have investigated the impact of each input feature on the individual's privacy loss. Here we extend the view of individual RDP by introducing a new concept we call partial sensitivity, which leverages symbolic automatic differentiation to determine the influence of each input feature on the gradient norm of a function. We experimentally evaluate our approach on queries over private databases, where we obtain a feature-level contribution of private attributes to the DP guarantee of individuals. Furthermore, we explore our findings in the context of neural network training on synthetic data by investigating the partial sensitivity of input pixels on an image classification task.

arxiv.org

Comments / 0

Related
arxiv.org

Data-Driven Theory-guided Learning of Partial Differential Equations using SimultaNeous Basis Function Approximation and Parameter Estimation (SNAPE)

The measured spatiotemporal response of various physical processes is utilized to infer the governing partial differential equations (PDEs). We propose SimultaNeous Basis Function Approximation and Parameter Estimation (SNAPE), a technique of parameter estimation of PDEs that is robust against high levels of noise nearly 100 %, by simultaneously fitting basis functions to the measured response and estimating the parameters of both ordinary and partial differential equations. The domain knowledge of the general multidimensional process is used as a constraint in the formulation of the optimization framework. SNAPE not only demonstrates its applicability on various complex dynamic systems that encompass wide scientific domains including Schrödinger equation, chaotic duffing oscillator, and Navier-Stokes equation but also estimates an analytical approximation to the process response. The method systematically combines the knowledge of well-established scientific theories and the concepts of data science to infer the properties of the process from the observed data.
MATHEMATICS
arxiv.org

A Systematic Literature Review on Wearable Health Data Publishing under Differential Privacy

Munshi Saifuzzaman, Tajkia Nuri Ananna, Mohammad Jabed Morshed Chowdhury, Md Sadek Ferdous, Farida Chowdhury. Wearable devices generate different types of physiological data about the individuals. These data can provide valuable insights for medical researchers and clinicians that cannot be availed through traditional measures. Researchers have historically relied on survey responses or observed behavior. Interestingly, physiological data can provide a richer amount of user cognition than that obtained from any other sources, including the user himself. Therefore, the inexpensive consumer-grade wearable devices have become a point of interest for the health researchers. In addition, they are also used in continuous remote health monitoring and sometimes by the insurance companies. However, the biggest concern for such kind of use cases is the privacy of the individuals. There are a few privacy mechanisms, such as abstraction and k-anonymity, are widely used in information systems. Recently, Differential Privacy (DP) has emerged as a proficient technique to publish privacy sensitive data, including data from wearable devices. In this paper, we have conducted a Systematic Literature Review (SLR) to identify, select and critically appraise researches in DP as well as to understand different techniques and exiting use of DP in wearable data publishing. Based on our study we have identified the limitations of proposed solutions and provided future directions.
HEALTH
arxiv.org

Efficient Differentiable Simulation of Articulated Bodies

We present a method for efficient differentiable simulation of articulated bodies. This enables integration of articulated body dynamics into deep learning frameworks, and gradient-based optimization of neural networks that operate on articulated bodies. We derive the gradients of the forward dynamics using spatial algebra and the adjoint method. Our approach is an order of magnitude faster than autodiff tools. By only saving the initial states throughout the simulation process, our method reduces memory requirements by two orders of magnitude. We demonstrate the utility of efficient differentiable dynamics for articulated bodies in a variety of applications. We show that reinforcement learning with articulated systems can be accelerated using gradients provided by our method. In applications to control and inverse problems, gradient-based optimization enabled by our work accelerates convergence by more than an order of magnitude.
COMPUTERS
arxiv.org

DPGen: Automated Program Synthesis for Differential Privacy

Differential privacy has become a de facto standard for releasing data in a privacy-preserving way. Creating a differentially private algorithm is a process that often starts with a noise-free (non-private) algorithm. The designer then decides where to add noise, and how much of it to add. This can be a non-trivial process -- if not done carefully, the algorithm might either violate differential privacy or have low utility.
CODING & PROGRAMMING
IN THIS ARTICLE
#Differential Privacy#R Nyi Dp#Artificial Intelligence
towardsdatascience.com

Rebuild The Chain Rule to Automatic Differentiation

Neural networks are cool. The different machine learning frameworks are even cooler. As you may know, modern neural networks are large formulas with a huge number of variables. Given a problem, these frameworks will help you find a suitable set of parameter values, with a process called “training”. This training process can be done quite efficiently thanks to automatic differentiation, or auto diff. Instead of “behind the scene”, I would say that it influences the whole training process below the scene. It is the underlying fundament of the whole training process.
CODING & PROGRAMMING
arxiv.org

Denial-of-Service Attack Detection via Differential Analysis of Generalized Entropy Progressions

Denial-of-Service (DoS) attacks are one the most common and consequential cyber attacks in computer networks. While existing research offers a plethora of detection methods, the issue of achieving both scalability and high detection accuracy remains open. In this work, we address this problem by developing a differential method based on generalized entropy progression. In this method, we continuously fit the line of best fit to the entropy progression and check if the derivative, that is, the slope of this line is less than the negative of the dynamically computed standard deviation of the derivatives. As a result, we omit the usage of the thresholds and the results with five real-world network traffic datasets confirm that our method outperforms threshold-based DoS attack detection by two orders of magnitude on average. Our method achieves false positive rates that are up to 7% where the arithmetic mean is 3% with Tsallis entropy and only 5% sampling of the total network flow. Moreover, since the main computation cost of our method is the entropy computation, which is linear in the volume of the unit-time network flow and it uses integer only operations and a small fraction of the total flow, it is therefore lightweight and scalable.
COMPUTERS
arxiv.org

Self-Adaptive Partial Domain Adaptation

Jian Hu, Hongya Tuo, Shizhao Zhang, Chao Wang, Haowen Zhong, Zhikang Zou, Zhongliang Jing, Henry Leung, Ruping Zou. Partial Domain adaptation (PDA) aims to solve a more practical cross-domain learning problem that assumes target label space is a subset of source label space. However, the mismatched label space causes significant negative transfer. A traditional solution is using soft weights to increase weights of source shared domain and reduce those of source outlier domain. But it still learns features of outliers and leads to negative immigration. The other mainstream idea is to distinguish source domain into shared and outlier parts by hard binary weights, while it is unavailable to correct the tangled shared and outlier classes. In this paper, we propose an end-to-end Self-Adaptive Partial Domain Adaptation(SAPDA) Network. Class weights evaluation mechanism is introduced to dynamically self-rectify the weights of shared, outlier and confused classes, thus the higher confidence samples have the more sufficient weights. Meanwhile it can eliminate the negative transfer caused by the mismatching of label space greatly. Moreover, our strategy can efficiently measure the transferability of samples in a broader sense, so that our method can achieve competitive results on unsupervised DA task likewise. A large number of experiments on multiple benchmarks have demonstrated the effectiveness of our SAPDA.
COMPUTERS
arxiv.org

Title:Generalized Poincaré Orthogonality: A New Approach to POLSAR Data Analysis

Abstract: In this paper we outline a new approach to the analysis of polarimetric synthetic aperture (POLSAR) data. Here we exploit target orthogonality as a multi-dimensional extension of wave orthogonality, familiar on the Poincaré sphere. We first show how to formulate a general basis for a complex orthogonal scattering space using a generalization of the Poincaré formulation, and then show how to optimize the backscattered signal in this space for both monostatic and bistatic radar systems. We illustrate application of the new approach, first to ship detection, using data collected off the north-west of Scotland and then land-use applications in a mixed scene around Glasgow, Scotland, both using L-band ALOS-2 POLSAR data.
SCIENCE
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Science
NewsBreak
Data Privacy
NewsBreak
Computer Science
arxiv.org

Robust Control Under Uncertainty via Bounded Rationality and Differential Privacy

The rapid development of affordable and compact high-fidelity sensors (e.g., cameras and LIDAR) allows robots to construct detailed estimates of their states and environments. However, the availability of such rich sensor information introduces two technical challenges: (i) the lack of analytic sensing models, which makes it difficult to design controllers that are robust to sensor failures, and (ii) the computational expense of processing the high-dimensional sensor information in real time. This paper addresses these challenges using the theory of differential privacy, which allows us to (i) design controllers with bounded sensitivity to errors in state estimates, and (ii) bound the amount of state information used for control (i.e., to impose bounded rationality). The resulting framework approximates the separation principle and allows us to derive an upper-bound on the cost incurred with a faulty state estimator in terms of three quantities: the cost incurred using a perfect state estimator, the magnitude of state estimation errors, and the level of differential privacy. We demonstrate the efficacy of our framework numerically on different robotics problems, including nonlinear system stabilization and motion planning.
ENGINEERING
arxiv.org

Releasing Graph Neural Networks with Differential Privacy Guarantees

With the increasing popularity of Graph Neural Networks (GNNs) in several sensitive applications like healthcare and medicine, concerns have been raised over the privacy aspects of trained GNNs. More notably, GNNs are vulnerable to privacy attacks, such as membership inference attacks, even if only blackbox access to the trained model is granted. To build defenses, differential privacy has emerged as a mechanism to disguise the sensitive data in training datasets. Following the strategy of Private Aggregation of Teacher Ensembles (PATE), recent methods leverage a large ensemble of teacher models. These teachers are trained on disjoint subsets of private data and are employed to transfer knowledge to a student model, which is then released with privacy guarantees. However, splitting graph data into many disjoint training sets may destroy the structural information and adversely affect accuracy. We propose a new graph-specific scheme of releasing a student GNN, which avoids splitting private training data altogether. The student GNN is trained using public data, partly labeled privately using the teacher GNN models trained exclusively for each query node. We theoretically analyze our approach in the Rènyi differential privacy framework and provide privacy guarantees. Besides, we show the solid experimental performance of our method compared to several baselines, including the PATE baseline adapted for graph-structured data. Our anonymized code is available.
COMPUTERS
arxiv.org

Title:Limit Cycles Bifurcating from a Periodic Annulus in Discontinuous Planar Piecewise Linear Hamiltonian differential System with Three Zones

Abstract: In this paper, we study the number of limit cycles that can bifurcating from a periodic annulus in discontinuous planar piecewise linear Hamiltonian differential system with three zones separated by two parallel straight lines. We prove that if the central subsystem, i.e. the system defined between the two parallel lines, has a real center and the others subsystems have centers or saddles, then we have at least three limit cycles that appear after perturbations of periodic annulus. For this, we study the number of zeros of a Melnikov function for piecewise Hamiltonian system and present a normal form for this system in order to simplify the computations.
MATHEMATICS
arxiv.org

Differentiable Surface Triangulation

Triangle meshes remain the most popular data representation for surface geometry. This ubiquitous representation is essentially a hybrid one that decouples continuous vertex locations from the discrete topological triangulation. Unfortunately, the combinatorial nature of the triangulation prevents taking derivatives over the space of possible meshings of any given surface. As a result, to date, mesh processing and optimization techniques have been unable to truly take advantage of modular gradient descent components of modern optimization frameworks. In this work, we present a differentiable surface triangulation that enables optimization for any per-vertex or per-face differentiable objective function over the space of underlying surface triangulations. Our method builds on the result that any 2D triangulation can be achieved by a suitably perturbed weighted Delaunay triangulation. We translate this result into a computational algorithm by proposing a soft relaxation of the classical weighted Delaunay triangulation and optimizing over vertex weights and vertex locations. We extend the algorithm to 3D by decomposing shapes into developable sets and differentiably meshing each set with suitable boundary constraints. We demonstrate the efficacy of our method on various planar and surface meshes on a range of difficult-to-optimize objective functions. Our code can be found online: this https URL.
COMPUTERS
arxiv.org

DeSMP: Differential Privacy-exploited Stealthy Model Poisoning Attacks in Federated Learning

Federated learning (FL) has become an emerging machine learning technique lately due to its efficacy in safeguarding the client's confidential information. Nevertheless, despite the inherent and additional privacy-preserving mechanisms (e.g., differential privacy, secure multi-party computation, etc.), the FL models are still vulnerable to various privacy-violating and security-compromising attacks (e.g., data or model poisoning) due to their numerous attack vectors which in turn, make the models either ineffective or sub-optimal. Existing adversarial models focusing on untargeted model poisoning attacks are not enough stealthy and persistent at the same time because of their conflicting nature (large scale attacks are easier to detect and vice versa) and thus, remain an unsolved research problem in this adversarial learning paradigm. Considering this, in this paper, we analyze this adversarial learning process in an FL setting and show that a stealthy and persistent model poisoning attack can be conducted exploiting the differential noise. More specifically, we develop an unprecedented DP-exploited stealthy model poisoning (DeSMP) attack for FL models. Our empirical analysis on both the classification and regression tasks using two popular datasets reflects the effectiveness of the proposed DeSMP attack. Moreover, we develop a novel reinforcement learning (RL)-based defense strategy against such model poisoning attacks which can intelligently and dynamically select the privacy level of the FL models to minimize the DeSMP attack surface and facilitate the attack detection.
COMPUTERS
arxiv.org

Robin Hood and Matthew Effects -- Differential Privacy Has Disparate Impact on Synthetic Data

Generative models trained using Differential Privacy (DP) are increasingly used to produce and share synthetic data in a privacy-friendly manner. In this paper, we set out to analyze the impact of DP on these models vis-a-vis underrepresented classes and subgroups of data. We do so from two angles: 1) the size of classes and subgroups in the synthetic data, and 2) classification accuracy on them. We also evaluate the effect of various levels of imbalance and privacy budgets.
TECHNOLOGY
arxiv.org

Title:Quadrant polarization parameters for the scattered light of circumstellar disks. Analysis of debris disk models and observations of HR 4796A

Authors:H.M. Schmid (ETH Zurich, Switzerland) Abstract: This paper introduces the quadrant polarization parameters $Q_{000}$, $Q_{090}$, $Q_{180}$, $Q_{270}$ for Stokes $Q$ and $U_{045}$, $U_{135}$, $U_{225}$, $U_{315}$ for Stokes $U$ for the characterization of the azimuthal dependence of the scattering polarization of spatially resolved circumstellar disks illuminated by the central star. These parameters are based on the natural Stokes $Q$ and $U$ quadrant pattern produced by circumstellar scattering. They provide a simple test of the deviations of the disk geometry from axisymmetry and can be used to constrain the scattering phase function for optically thin disks without detailed model fitting of disk images. The parameters are easy to derive from observations and model calculations and are therefore well suited to systematic studies of the dust scattering in circumstellar disks.
ASTRONOMY
arxiv.org

A Validated Privacy-Utility Preserving Recommendation System with Local Differential Privacy

This paper proposes a new recommendation system preserving both privacy and utility. It relies on the local differential privacy (LDP) for the browsing user to transmit his noisy preference profile, as perturbed Bloom filters, to the service provider. The originality of the approach is multifold. First, as far as we know, the approach is the first one including at the user side two perturbation rounds - PRR (Permanent Randomized Response) and IRR (Instantaneous Randomized Response) - over a complete user profile. Second, a full validation experimentation chain is set up, with a machine learning decoding algorithm based on neural network or XGBoost for decoding the perturbed Bloom filters and the clustering Kmeans tool for clustering users. Third, extensive experiments show that our method achieves good utility-privacy trade-off, i.e. a 90$\%$ clustering success rate, resp. 80.3$\%$ for a value of LDP $\epsilon = 0.8$, resp. $\epsilon = 2$. Fourth, an experimental and theoretical analysis gives concrete results on the resistance of our approach to the plausible deniability and resistance against averaging attacks.
TECHNOLOGY
TrendHunter.com

Protective Privacy Smartphone Sleeves

The Harber London Magnetic Envelope Sleeve is an accessory for the iPhone that will provide users with the ability to keep the device protected, while also focusing on their privacy at the same time. The case is constructed with a premium leather exterior along with a soft woolen interior and will allow access to the smartphone inside via a magnetically enhanced flap closure. This will offer enhanced protection from damage, while also covering the display when not in use to prevent unauthorized users from seeing incoming notifications.
TECHNOLOGY
arxiv.org

A Generative Federated Learning Framework for Differential Privacy

In machine learning, differential privacy and federated learning concepts are gaining more and more importance in an increasingly interconnected world. While the former refers to the sharing of private data characterized by strict security rules to protect individual privacy, the latter refers to distributed learning techniques in which a central server exchanges information with different clients for machine learning purposes. In recent years, many studies have shown the possibility of bypassing the privacy shields of these systems and exploiting the vulnerabilities of machine learning models, making them leak the information with which they have been trained. In this work, we present the 3DGL framework, an alternative to the current federated learning paradigms. Its goal is to share generative models with high levels of $\varepsilon$-differential privacy. In addition, we propose DDP-$\beta$VAE, a deep generative model capable of generating synthetic data with high levels of utility and safety for the individual. We evaluate the 3DGL framework based on DDP-$\beta$VAE, showing how the overall system is resilient to the principal attacks in federated learning and improves the performance of distributed learning algorithms.
COMPUTERS
EETimes.com

Differentiation Through the Chip Design and Verification Flow

The makeup of the semiconductor industry is evolving and expanding once again. This time it’s a variety of companies, including tech giants Apple, Amazon, Facebook, Microsoft and Tesla, not known previously to be in the chip development business, instigating the change. They are hiring experienced engineers to design better performing, power-efficient computer chips for all kinds of applications, from networking and cloud to autonomous driving. Along the way, they are ripping up the pages of the traditional semiconductor playbook and putting in place their own individual guides to semiconductor design. The result is custom-made chips rather than using a generic chip to fit their requirements.
ENGINEERING
technologynetworks.com

Sensor Can Differentiate Which Viruses Are Infectious

A new sensor can detect not only whether a virus is present, but whether it’s infectious – an important distinction for containing viral spread. Researchers at the University of Illinois Urbana-Champaign and collaborators developed the sensor, which integrates specially designed DNA fragments and nanopore sensing, to target and detect infectious viruses in minutes without the need to pre-treat samples. They demonstrated the sensor’s power with two key viruses that cause infections worldwide: the human adenovirus and the virus that causes COVID-19.
SCIENCE

Comments / 0

Community Policy