Abstract:Good training data is a prerequisite to develop useful ML applications. However, in many domains existing data sets cannot be shared due to privacy regulations (e.g., from medical studies). This work investigates a simple yet unconventional approach for anonymized data synthesis to enable third parties to benefit from such private data. We explore the feasibility of learning implicitly from unrealistic, task-relevant stimuli, which are synthesized by exciting the neurons of a trained deep neural network (DNN). As such, neuronal excitation serves as a pseudo-generative model. The stimuli data is used to train new classification models. Furthermore, we extend this framework to inhibit representations that are associated with specific individuals. We use sleep monitoring data from both an open and a large closed clinical study and evaluate whether (1) end-users can create and successfully use customized classification models for sleep apnea detection, and (2) the identity of participants in the study is protected. Extensive comparative empirical investigation shows that different algorithms trained on the stimuli are able generalize successfully on the same task as the original model. However, architectural and algorithmic similarity between new and original models play an important role in performance. For similar architectures, the performance is close to that of using the true data (e.g., Accuracy difference of 0.56\%, Kappa coefficient difference of 0.03-0.04). Further experiments show that the stimuli can to a large extent successfully anonymize participants of the clinical studies.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is how to use patterns learned from visually untrue stimuli to train machine - learning models under the premise of protecting privacy, thereby achieving data anonymization and enabling third parties to benefit from it. Specifically, the authors explored a simple but non - traditional method. By stimulating neurons in a trained deep neural network to generate synthetic data (i.e., stimuli), they aimed to overcome the problem of being unable to share datasets in sensitive areas such as healthcare due to privacy regulations. This method not only allows the creation of customized classification models but also ensures that the identity information of participants will not be leaked. In addition, the paper also evaluated whether the new models trained with these synthetic stimuli can successfully generalize on the same tasks as the original models and tested the resistance of these stimuli to adversarial association and membership inference attacks. In summary, this research aims to solve two core problems: 1. How to share valuable training data without violating privacy regulations. 2. How to ensure that the models trained with synthetic data have good generalization ability and security. ### Key Technologies and Methods Involved - **Neuronal Excitation (NE)**: Generate synthetic stimuli by activating specific neurons. - **Activation Maximization (AM)**: Look for input patterns that can maximize the activation of a hidden or output unit. - **Data Anonymization**: Protect the privacy of participants by suppressing representations related to specific individuals. - **Model Generalization Ability**: Ensure that the performance of the new model on real data is close to that of the model trained with the original data. ### Main Contributions - Verified the feasibility of learning from stimuli generated by AM and successfully generalizing on new data. - Explored the applicability of customized training using generated stimuli under different architectures and compared it with existing generation methods. - Demonstrated the potential of this method in generating anonymous data and evaluated its defense effect against multiple attack means. ### Conclusion The research shows that the synthetic data generated by this method can provide strong privacy protection while maintaining good performance, providing new ideas for solving the problem of sharing sensitive data.

Learning Realistic Patterns from Unrealistic Stimuli: Generalization and Data Anonymization

Anonymization Through Data Synthesis Using Generative Adversarial Networks (ADS-GAN)

Medical Image Synthesis for Data Augmentation and Anonymization using Generative Adversarial Networks

Evaluating Differentially Private Synthetic Data Generation in High-Stakes Domains

AnonyNoise: Anonymizing Event Data with Smart Noise to Outsmart Re-Identification and Preserve Privacy

Domain randomization using synthetic electrocardiograms for training neural networks

Generating high-fidelity synthetic patient data for assessing machine learning healthcare software

Anonymizing Machine Learning Models

SoK: Wildest Dreams: Reproducible Research in Privacy-preserving Neural Network Training

Privacy Risk Assessment for Synthetic Longitudinal Health Data

Wildest Dreams: Reproducible Research in Privacy-preserving Neural Network Training

Controllable Synthetic Clinical Note Generation with Privacy Guarantees

Adversarial Machine Learning-Enabled Anonymization of OpenWiFi Data

Are Neuromorphic Architectures Inherently Privacy-preserving? An Exploratory Study

Artificial Intelligence in Basic and Clinical Neuroscience: Opportunities and Ethical Challenges

Training neural networks with synthetic electrocardiograms

Many tasks make light work: Learning to localise medical anomalies from multiple synthetic tasks

My Health Sensor, my Classifier: Adapting a Trained Classifier to Unlabeled End-User Data

Generating synthetic personal health data using conditional generative adversarial networks combining with differential privacy

Synthetic Event Time Series Health Data Generation