Runhua Xu,Nathalie Baracaldo,James Joshi

DOI: https://doi.org/10.48550/arXiv.2108.04417

IF: 5.414

2021-08-10

Machine Learning

Abstract:Machine learning (ML) is increasingly being adopted in a wide variety of application domains. Usually, a well-performing ML model relies on a large volume of training data and high-powered computational resources. Such a need for and the use of huge volumes of data raise serious privacy concerns because of the potential risks of leakage of highly privacy-sensitive information; further, the evolving regulatory environments that increasingly restrict access to and use of privacy-sensitive data add significant challenges to fully benefiting from the power of ML for data-driven applications. A trained ML model may also be vulnerable to adversarial attacks such as membership, attribute, or property inference attacks and model inversion attacks. Hence, well-designed privacy-preserving ML (PPML) solutions are critically needed for many emerging applications. Increasingly, significant research efforts from both academia and industry can be seen in PPML areas that aim toward integrating privacy-preserving techniques into ML pipeline or specific algorithms, or designing various PPML architectures. In particular, existing PPML research cross-cut ML, systems and applications design, as well as security and privacy areas; hence, there is a critical need to understand state-of-the-art research, related challenges and a research roadmap for future research in PPML area. In this paper, we systematically review and summarize existing privacy-preserving approaches and propose a Phase, Guarantee, and Utility (PGU) triad based model to understand and guide the evaluation of various PPML solutions by decomposing their privacy-preserving functionalities. We discuss the unique characteristics and challenges of PPML and outline possible research directions that leverage as well as benefit multiple research communities such as ML, distributed systems, security and privacy.

Bo Liu,Ming Ding,Sina Shaham,Wenny Rahayu,Farhad Farokhi,Zihuai Lin

DOI: https://doi.org/10.48550/arXiv.2011.11819

IF: 5.414

2020-11-24

Machine Learning

Abstract:The newly emerged machine learning (e.g. deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning (ML) is still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This paper surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

Harry Chandra Tanuwidjaja,Rakyong Choi,Seunggeun Baek,Kwangjo Kim

DOI: https://doi.org/10.1109/access.2020.3023084

IF: 3.9

2020-01-01

IEEE Access

Abstract:The exponential growth of big data and deep learning has increased the data exchange traffic in society. Machine Learning as a Service, (MLaaS) which leverages deep learning techniques for predictive analytics to enhance decision-making, has become a hot commodity. However, the adoption of MLaaS introduces data privacy challenges for data owners and security challenges for deep learning model owners. Data owners are concerned about the safety and privacy of their data on MLaaS platforms, while MLaaS platform owners worry that their models could be stolen by adversaries who pose as clients. Consequently, Privacy-Preserving Deep Learning (PPDL) arises as a possible solution to this problem. Recently, several papers about PPDL for MLaaS have been published. However, to the best of our knowledge, no previous paper has summarized the existing literature on PPDL and its specific applicability to the MLaaS environment. In this paper, we present a comprehensive survey of privacy-preserving techniques, starting from classical privacy-preserving techniques to well-known deep learning techniques. Additionally, we present a detailed description of PPDL and address the issue of using PPDL for MLaaS. Furthermore, we undertake detailed comparisons between state-of-the-art PPDL methods. Subsequently, we classify an adversarial model on PPDL by highlighting possible PPDL attacks and their potential solutions. Ultimately, our paper serves as a single point of reference for detailed knowledge on PPDL and its applicability to MLaaS environments for both new and experienced researchers.

Jiliang Zhang,Chen Li,Jing Ye,Gang Qu

DOI: https://doi.org/10.1145/3386263.3407599

2020-01-01

Abstract:With the improvement of computing power and storage level, Machine Learning (ML), especially Deep Learning (DL), has shown its capabilities beyond humans in areas such as image recognition, speech processing, and content recommendation. However, the data collected to build ML models often contains sensitive information, and models may have high commercial value. Compared with the security problem of model prediction errors caused by malicious external influences, privacy threats have not attracted widespread attention, and they have characteristics that are difficult to define and detect. This article reviews recent research progress on ML privacy. First, the privacy threats on data and models in different scenarios are described in detail. Then, typical privacy protection methods are introduced. Finally, the limitations and future development trends of ML privacy research are discussed.

Alejandro Guerra-Manzanares,L. Julian Lechuga Lopez,Michail Maniatakos,Farah E. Shamout

DOI: https://doi.org/10.1007/978-3-031-39539-0_3

2023-03-28

Abstract:Machine Learning (ML) has recently shown tremendous success in modeling various healthcare prediction tasks, ranging from disease diagnosis and prognosis to patient treatment. Due to the sensitive nature of medical data, privacy must be considered along the entire ML pipeline, from model training to inference. In this paper, we conduct a review of recent literature concerning Privacy-Preserving Machine Learning (PPML) for healthcare. We primarily focus on privacy-preserving training and inference-as-a-service, and perform a comprehensive review of existing trends, identify challenges, and discuss opportunities for future research directions. The aim of this review is to guide the development of private and efficient ML models in healthcare, with the prospects of translating research efforts into real-world settings.

Machine Learning,Cryptography and Security

Emiliano De Cristofaro

DOI: https://doi.org/10.48550/arXiv.2005.08679

IF: 5.414

2020-05-18

Machine Learning

Abstract:Over the past few years, providers such as Google, Microsoft, and Amazon have started to provide customers with access to software interfaces allowing them to easily embed machine learning tasks into their applications. Overall, organizations can now use Machine Learning as a Service (MLaaS) engines to outsource complex tasks, e.g., training classifiers, performing predictions, clustering, etc. They can also let others query models trained on their data. Naturally, this approach can also be used (and is often advocated) in other contexts, including government collaborations, citizen science projects, and business-to-business partnerships. However, if malicious users were able to recover data used to train these models, the resulting information leakage would create serious issues. Likewise, if the inner parameters of the model are considered proprietary information, then access to the model should not allow an adversary to learn such parameters. In this document, we set to review privacy challenges in this space, providing a systematic review of the relevant research literature, also exploring possible countermeasures. More specifically, we provide ample background information on relevant concepts around machine learning and privacy. Then, we discuss possible adversarial models and settings, cover a wide range of attacks that relate to private and/or sensitive information leakage, and review recent results attempting to defend against such attacks. Finally, we conclude with a list of open problems that require more work, including the need for better evaluations, more targeted defenses, and the study of the relation to policy and data protection efforts.

Benyu Zhang,Matei Zaharia,Shouling Ji,Raluca Ada Popa,Guofei Gu

DOI: https://doi.org/10.1145/3372297.3416245

2020-01-01

Abstract:With the rapid development of technology, data is becoming ubiquitous. User privacy and data security are drawing much attention over the recent years, especially with the European Union's General Data Protection Regulation (GDPR) and other laws coming into force. On one hand, from the customers' perspective, how to protect user privacy while making use of customers? data is a challenging task. On the other hand, data silos are becoming one of the most prominent issues for the society. From the business? perspective, how to bridge these isolated data islands to build better AI systems while meeting the data privacy and regulatory compliance requirements has imposed great challenges to the traditional machine learning paradigm. PPMLP will provide an opportunity to connect researchers from both CCS community and machine learning community to tackle these challenges.

Anh-Tu Tran,The-Dung Luong,Van-Nam Huynh

DOI: https://doi.org/10.1016/j.neucom.2024.127345

IF: 6

2024-02-03

Neurocomputing

Abstract:Deep learning (DL) has been shown to be very effective for many application domains of machine learning (ML), including image classification, voice recognition, natural language processing, and bioinformatics. The success of DL techniques is directly related to the availability of large amounts of training data. However, in many cases, the data are sensitive to the users and should be protected to preserve the privacy. Privacy-preserving deep learning (PPDL) has thus become a very active research field to ensure the training process and use of DL models are productive without exposing or leaking information about the data. This paper aims to provide a comprehensive survey of PPDL. We concentrate on the risks that affect data privacy in DL and conduct a detailed investigation into the models that ensure privacy. Finally, we propose a set of evaluation criteria, detailing the advantages and disadvantages of the solutions. Based on the analyzed strengths and weaknesses, the paper has highlighted some important research problems and application cases that have not been studied and these point to certain open research directions.

computer science, artificial intelligence

Deepthy K Bhaskar,B. Minimol,V. P. Binu

DOI: https://doi.org/10.1109/ICSCC59169.2023.10335074

2023-08-17

Abstract:Privacy preserving and secure machine learning (PPSML), has turned into increasingly significant in recent years due to the need to protect sensitive data while enabling data analysis and model training. The study explores various Privacy preserving techniques and evaluate their effectiveness in protecting sensitive data against security threats. The findings suggest that while many privacy preserving techniques can significantly improve data security, there is no common solution which fits all. Different techniques are better suited for different scenarios, depending on the type of attack, nature of the data, and the specific privacy requirements. Therefore, it is crucial to carefully evaluate and select the appropriate privacy preserving technique for each situation to ensure effective protection against security threats while maintaining data utility and performance.

Computer Science

Martín Abadi,Úlfar Erlingsson,Ian Goodfellow,H. Brendan McMahan,Ilya Mironov,Nicolas Papernot,Kunal Talwar,Li Zhang

DOI: https://doi.org/10.48550/arXiv.1708.08022

IF: 5.414

2017-08-26

Machine Learning

Abstract:The recent, remarkable growth of machine learning has led to intense interest in the privacy of the data on which machine learning relies, and to new techniques for preserving privacy. However, older ideas about privacy may well remain valid and useful. This note reviews two recent works on privacy in the light of the wisdom of some of the early literature, in particular the principles distilled by Saltzer and Schroeder in the 1970s.

Tanveer Khan,Mindaugas Budzys,Khoa Nguyen,Antonis Michalas

DOI: https://doi.org/10.56553/popets-2024-0072

2024-07-01

Proceedings on Privacy Enhancing Technologies

Abstract:Machine Learning (ML), addresses a multitude of complex issues in multiple disciplines, including social sciences, finance, and medical research. ML models require substantial computing power and are only as powerful as the data utilized. Due to the high computational cost of ML methods, data scientists frequently use Machine Learning-as-a-Service (MLaaS) to outsource computation to external servers. However, when working with private information, like financial data or health records, outsourcing the computation might result in privacy issues. Recent advances in Privacy-Preserving Techniques (PPTs) have enabled ML training and inference over protected data through the use of Privacy-Preserving Machine Learning (PPML). However, these techniques are still at a preliminary stage and their application in real-world situations is demanding. In order to comprehend the discrepancy between theoretical research suggestions and actual applications, this work examines the past and present of PPML, focusing on Homomorphic Encryption (HE) and Secure Multi-party Computation (SMPC) applied to ML. This work primarily focuses on the ML model's training phase, where maintaining user data privacy is of utmost importance. We provide a solid theoretical background that eases the understanding of current approaches and their limitations. We also provide some preliminaries of SMPC, HE, and ML. In addition, we present a systemization of knowledge of the most recent PPML frameworks for model training and provide a comprehensive comparison in terms of the unique properties and performances on standard benchmarks. Also, we reproduce the results for some of the surveyed papers and examine at what level existing works in the field provide support for open science. We believe our work serves as a valuable contribution by raising awareness about the current gap between theoretical advancements and real-world applications in PPML, specifically regarding open-source availability, reproducibility, and usability.

Tanveer Khan,Mindaugas Budzys,Khoa Nguyen,Antonis Michalas

2024-03-06

Abstract:Machine Learning (ML), addresses a multitude of complex issues in multiple disciplines, including social sciences, finance, and medical research. ML models require substantial computing power and are only as powerful as the data utilized. Due to high computational cost of ML methods, data scientists frequently use Machine Learning-as-a-Service (MLaaS) to outsource computation to external servers. However, when working with private information, like financial data or health records, outsourcing the computation might result in privacy issues. Recent advances in Privacy-Preserving Techniques (PPTs) have enabled ML training and inference over protected data through the use of Privacy-Preserving Machine Learning (PPML). However, these techniques are still at a preliminary stage and their application in real-world situations is demanding. In order to comprehend discrepancy between theoretical research suggestions and actual applications, this work examines the past and present of PPML, focusing on Homomorphic Encryption (HE) and Secure Multi-party Computation (SMPC) applied to ML. This work primarily focuses on the ML model's training phase, where maintaining user data privacy is of utmost importance. We provide a solid theoretical background that eases the understanding of current approaches and their limitations. In addition, we present a SoK of the most recent PPML frameworks for model training and provide a comprehensive comparison in terms of the unique properties and performances on standard benchmarks. Also, we reproduce the results for some of the papers and examine at what level existing works in the field provide support for open science. We believe our work serves as a valuable contribution by raising awareness about the current gap between theoretical advancements and real-world applications in PPML, specifically regarding open-source availability, reproducibility, and usability.

Cryptography and Security,Artificial Intelligence

DOI: https://doi.org/10.34104/ajeit.024.0930103

2024-10-11

Canadian Journal of Business and Information Studies

Abstract:In the era of rapid technological advancements, machine learning (ML) and big data analytics have become pivotal in harnessing vast amounts of data for insights, efficiency, and innovation across various sectors. However, the widespread collection and analysis of data raise significant privacy concerns, highlighting the delicate balance between leveraging technology for societal benefits and safeguarding individual privacy. This article delves into the complexities of data collection and analysis practices, emphasizing the potential for privacy breaches through methods such as location tracking, browsing habits analysis, and the creation of detailed personal profiles. It discusses the implications of ML algorithms capable of de-anonymizing data, despite measures like data anonymization and encryption aimed at protecting privacy. The article also examines the existing legal frameworks, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), designed to enhance privacy protection, alongside the ethical considerations for developers and companies in using ML and big data. Furthermore, it explores future outlooks, including developments in technologies like federated learning and differential privacy, that promise enhanced privacy protection. The conclusion calls for a concerted effort among policymakers, technologists, and the public to engage in ongoing dialogue and develop solutions that ensure the ethical use of ML and big data while upholding privacy rights.

Mengmeng Yang,Ming Ding,Youyang Qu,Wei Ni,David Smith,Thierry Rakotoarivelo

2024-04-15

Abstract:The worldwide adoption of machine learning (ML) and deep learning models, particularly in critical sectors, such as healthcare and finance, presents substantial challenges in maintaining individual privacy and fairness. These two elements are vital to a trustworthy environment for learning systems. While numerous studies have concentrated on protecting individual privacy through differential privacy (DP) mechanisms, emerging research indicates that differential privacy in machine learning models can unequally impact separate demographic subgroups regarding prediction accuracy. This leads to a fairness concern, and manifests as biased performance. Although the prevailing view is that enhancing privacy intensifies fairness disparities, a smaller, yet significant, subset of research suggests the opposite view. In this article, with extensive evaluation results, we demonstrate that the impact of differential privacy on fairness is not monotonous. Instead, we observe that the accuracy disparity initially grows as more DP noise (enhanced privacy) is added to the ML process, but subsequently diminishes at higher privacy levels with even more noise. Moreover, implementing gradient clipping in the differentially private stochastic gradient descent ML method can mitigate the negative impact of DP noise on fairness. This mitigation is achieved by moderating the disparity growth through a lower clipping threshold.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society

Zhanglong Ji,Zachary C. Lipton,Charles Elkan

DOI: https://doi.org/10.48550/arXiv.1412.7584

IF: 5.414

2014-12-24

Machine Learning

Abstract:The objective of machine learning is to extract useful information from data, while privacy is preserved by concealing information. Thus it seems hard to reconcile these competing interests. However, they frequently must be balanced when mining sensitive data. For example, medical research represents an important application where it is necessary both to extract useful information and protect patient privacy. One way to resolve the conflict is to extract general characteristics of whole populations without disclosing the private information of individuals. In this paper, we consider differential privacy, one of the most popular and powerful definitions of privacy. We explore the interplay between machine learning and differential privacy, namely privacy-preserving machine learning algorithms and learning-based data release mechanisms. We also describe some theoretical results that address what can be learned differentially privately and upper bounds of loss functions for differentially private algorithms. Finally, we present some open questions, including how to incorporate public data, how to deal with missing data in private datasets, and whether, as the number of observed samples grows arbitrarily large, differentially private machine learning algorithms can be achieved at no cost to utility as compared to corresponding non-differentially private algorithms.

Yuanming Zhang,Jing Tao,Shuo Zhang,Yuchao Zhang,Pinghui Wang

DOI: https://doi.org/10.1007/s12083-020-01068-0

2021-03-09

Abstract:With the development of Internet technology, service providers can provide users with personalized services to enrich user experience, however, this often requires a large number of users' private data. Meanwhile, the protection of their private data and the evaluation of the risk of leaked datasets become a matter of great concern to many people. To resolve these issues, in this paper, we develop a machine learning-based approach in online social networks (OSNs) to efficiently correlate the leaked datasets and accurately learn millions of users' confidential information. Moreover, a trust evaluation model is developed in OSNs to identify malicious service providers and secure users' social activities via direct trust computing and indirect trust computing. Extensive experiments are conducted by using real-world leaked datasets, and the results show that the efficiency and effectiveness of the proposed approach in terms of user privacy protection and accuracy of privacy leakage evaluation.

computer science, information systems,telecommunications

Andy Wang,Chen Wang,Meng Bi,Jian Xu

DOI: https://doi.org/10.1007/978-3-030-00015-8_58

2018-01-01

Abstract:Machine Learning (ML) Classification has already become one of the most commonly used techniques in many areas such as banking, medicine, spam detection and data mining applications. Often, the training of models require massive data which may contain sensitive information and the classification phase may expose the train models and the inputs from the users. Neither the models nor the train datasets and inputs should expose private information. Addressing this goal, several schemes have been proposed for privacy preserving classification. In this paper, we review those privacy preserving techiniques which applied for different machine learning classification algorithms. These algorithms conclude k-NN, SVM, Bayesian, neural networks, decision tree and etc. we sum up the comparison protocols. Finally, this work comes up with some correlative problems which are worthy to study in the future.

Mohammad Al-Rubaie,J. Morris Chang

DOI: https://doi.org/10.48550/arXiv.1804.11238

2018-03-27

Abstract:For privacy concerns to be addressed adequately in current machine learning systems, the knowledge gap between the machine learning and privacy communities must be bridged. This article aims to provide an introduction to the intersection of both fields with special emphasis on the techniques used to protect the data.

Cryptography and Security,Machine Learning

Soumia Zohra El Mestari,Gabriele Lenzini,Huseyin Demirci

DOI: https://doi.org/10.1016/j.cose.2023.103605

IF: 5.105

2023-11-01

Computers & Security

Abstract:The wide adoption of Machine Learning to solve a large set of real-life problems came with the need to collect and process large volumes of data, some of which are considered personal and sensitive, raising serious concerns about data protection. Privacy-enhancing technologies (PETs) are often indicated as a solution to protect personal data and to achieve a general trustworthiness as required by current EU regulations on data protection and AI. However, an off-the-shelf application of PETs is insufficient to ensure a high-quality of data protection, which one needs to understand. This work systematically discusses the risks against data protection in modern Machine Learning systems taking the original perspective of the data owners, who are those who hold the various data sets, data models, or both, throughout the machine learning life cycle and considering the different Machine Learning architectures. It argues that the origin of the threats, the risks against the data, and the level of protection offered by PETs depend on the data processing phase, the role of the parties involved, and the architecture where the machine learning systems are deployed. By offering a framework in which to discuss privacy and confidentiality risks for data owners and by identifying and assessing privacy-preserving countermeasures for machine learning, this work could facilitate the discussion about compliance with EU regulations and directives. We discuss current challenges and research questions that are still unsolved in the field. In this respect, this paper provides researchers and developers working on machine learning with a comprehensive body of knowledge to let them advance in the science of data protection in machine learning field as well as in closely related fields such as Artificial Intelligence.

computer science, information systems

Hengzhu Liu,Ping Xiong,Tianqing Zhu,Philip S. Yu

2024-06-10

Abstract:The explosive growth of machine learning has made it a critical infrastructure in the era of artificial intelligence. The extensive use of data poses a significant threat to individual privacy. Various countries have implemented corresponding laws, such as GDPR, to protect individuals' data privacy and the right to be forgotten. This has made machine unlearning a research hotspot in the field of privacy protection in recent years, with the aim of efficiently removing the contribution and impact of individual data from trained models. The research in academia on machine unlearning has continuously enriched its theoretical foundation, and many methods have been proposed, targeting different data removal requests in various application scenarios. However, recently researchers have found potential privacy leakages of various of machine unlearning approaches, making the privacy preservation on machine unlearning area a critical topic. This paper provides an overview and analysis of the existing research on machine unlearning, aiming to present the current vulnerabilities of machine unlearning approaches. We analyze privacy risks in various aspects, including definitions, implementation methods, and real-world applications. Compared to existing reviews, we analyze the new challenges posed by the latest malicious attack techniques on machine unlearning from the perspective of privacy threats. We hope that this survey can provide an initial but comprehensive discussion on this new emerging area.

Cryptography and Security