Yanjiao Chen,Xin Tian,Qian Wang,Minghui Li,Minxin Du,Qi Li

DOI: https://doi.org/10.1109/tmc.2018.2875910

IF: 6.075

2019-01-01

IEEE Transactions on Mobile Computing

Abstract:Dynamic spectrum allocation via auction is an effective solution to spectrum shortage. Combinatorial spectrum auction enables buyers to express diversified preferences towards different combinations of channels. Despite the effort to ensure truthfulness and maximize social welfare, spectrum auction also faces potential security risks. The leakage of sensitive information such as true valuation and location of bidders may incur severe economic damage. However, there is a lack of works that can provide sufficient protection against such security risks in combinatorial spectrum auction. In this paper, we propose ARMOR, to enable combinatorial auction for heterogeneous spectrum with privacy, which can preserve bidders' privacy while guaranteeing the economic-robustness of the combinatorial auction. We leverage the cryptographic methods, including homomorphic encryption, order-preserving encryption, and garbled circuits, to shield the bid and location information of buyers from the auctioneer. We design a novel location protection algorithm, which allows the auctioneer to exploit spectrum reuse opportunities without knowing the exact locations of buyers. Furthermore, we propose a verifiable payment scheme based on digital signature to prevent the auctioneer from forging the payment. The extensive experiments confirm that ARMOR maintains the good performance of the combinatorial spectrum auction, in terms of buyer satisfactory ratio and social welfare, and achieves privacy preservation with acceptable computation and communication costs.

Feng Hu,Bing Chen,Jingyi Wang,Ming Li,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/globecom38437.2019.9013917

2019-01-01

Abstract:The auction mechanism is deemed to be an effective method to address the problem of spectrum scarcity. Numerous spectrum auction mechanisms can alleviate spectrum shortage under the consideration of truthfulness, social welfare maximization and spectrum reusability, while the privacy preservation and preferences of primary/secondary users have not been fully discussed. In this paper, we propose a matching based double auction mechanism for spectrum trading with differential privacy (MastDP) to protect the privacy of buyers/sellers from the untrustworthy auctioneer, other buyers/sellers and other potential parties. Each participant adds distributed differential private noise following Geom(α) distribution to his bid value and encrypts the noisy bid value. The auctioneer can decrypt only the sum of all uploaded noisy bid values and determines the clearing price by using its private key. Based on the clearing price, the matching theory is adopted to maximize the winning participants' revenue while fully considering their preferences and spectrum reuse. Simulation results show that MastDP achieves satisfactory performance in terms of economic properties' privacy preservation and spectrum trading efficiency.

Tianjiao Ni,Zhili Chen,Lin Chen,Hong Zhong,Shun Zhang,Yan Xu

DOI: https://doi.org/10.48550/arXiv.2001.00694

2020-01-03

Abstract:Cloud service providers typically provide different types of virtual machines (VMs) to cloud users with various requirements. Thanks to its effectiveness and fairness, auction has been widely applied in this heterogeneous resource allocation. Recently, several strategy-proof combinatorial cloud auction mechanisms have been proposed. However, they fail to protect the bid privacy of users from being inferred from the auction results. In this paper, we design a differentially private combinatorial cloud auction mechanism (DPCA) to address this privacy issue. Technically, we employ the exponential mechanism to compute a clearing unit price vector with a probability proportional to the corresponding revenue. We further improve the mechanism to reduce the running time while maintaining high revenues, by computing a single clearing unit price, or a subgroup of clearing unit prices at a time, resulting in the improved mechanisms DPCA-S and its generalized version DPCA-M, respectively. We theoretically prove that our mechanisms can guarantee differential privacy, approximate truthfulness and high revenue. Extensive experimental results demonstrate that DPCA can generate near-optimal revenues at the price of relatively high time complexity, while the improved mechanisms achieve a tunable trade-off between auction revenue and running time.

Cryptography and Security

Emily Diana,Hadi Elzayn,Michael Kearns,Aaron Roth,Saeed Sharifi-Malvajerdi,Juba Ziani

DOI: https://doi.org/10.48550/arXiv.2002.05699

2020-02-14

Abstract:We propose and analyze differentially private (DP) mechanisms for call auctions as an alternative to the complex and ad-hoc privacy efforts that are common in modern electronic markets. We prove that the number of shares cleared in the DP mechanisms compares favorably to the non-private optimal and provide a matching lower bound. We analyze the incentive properties of our mechanisms and their behavior under natural no-regret learning dynamics by market participants. We include simulation results and connections to the finance literature on market impact.

Computer Science and Game Theory,Computational Engineering, Finance, and Science

Joon Suk Huh

DOI: https://doi.org/10.48550/arXiv.2305.11362

2023-10-29

Abstract:This work addresses the problem of revenue maximization in a repeated, unlimited supply item-pricing auction while preserving buyer privacy. We present a novel algorithm that provides differential privacy with respect to the buyer's input pair: item selection and bid. Notably, our algorithm is the first to offer a sublinear $O(\sqrt{T}\log{T})$ regret with a privacy guarantee. Our method is based on an exponential weights meta-algorithm, and we mitigate the issue of discontinuities in revenue functions via small random perturbations. As a result of its structural similarity to the exponential mechanism, our method inherently secures differential privacy. We also extend our algorithm to accommodate scenarios where buyers strategically bid over successive rounds. The inherent differential privacy allows us to adapt our algorithm with minimal modification to ensure a sublinear regret in this setting.

Computer Science and Game Theory,Cryptography and Security,Machine Learning

Taeho Jung,Xiang-Yang Li,Lan Zhang,He Huang

2013-01-01

Abstract:We propose a construction to efficiently and securely compute a combinatorial auction (also referred as combinational auction) which is able to forbid participants (both auctioneer and the bidders) from learning unnecessary information except those implied in the output of the auction. The auctioneer and bidders are assumed to be untrusted, and they may misbehave throughout the protocol to illegally increase their own benefit. Therefore, we need to either prevent the misbehavior or detect the misbehavior. We achieve this goal by introducing a payment mechanism to control bidders' behaviors game-theoretically, and we further introduce a blind signature scheme to let bidders ver- ify the authenticity of their payment reported by the auctioneer. Although a third-party signer is involved, he only signs a value blindly (i.e. without knowing the value) and is also untrusted. Moreover, our construction requires at most O(mn 2 ) rounds of the communication between bidders and the auctioneer where m is the total number of goods and n is the total number of bidders, and the extra computation overhead incurred by our design is very efficient.

Sankarshan Damle,Boi Faltings,Sujit Gujar

DOI: https://doi.org/10.48550/arXiv.1906.06567

2019-06-15

Abstract:The emergence of e-commerce and e-voting platforms has resulted in the rise in the volume of sensitive information over the Internet. This has resulted in an increased demand for secure and private means of information computation. Towards this, the Yao's Millionaires' problem, i.e., to determine the richer among two millionaires' securely, finds an application. In this work, we present a new solution to the Yao's Millionaires' problem namely, Privacy Preserving Comparison (PPC). We show that PPC achieves this comparison in constant time as well as in one execution. PPC uses semi-honest third parties for the comparison who do not learn any information about the values. Further, we show that PPC is collusion-resistance. To demonstrate the significance of PPC, we present a secure, approximate single-minded combinatorial auction, which we call TPACAS, i.e., Truthful, Privacy-preserving Approximate Combinatorial Auction for Single-minded bidders. We show that TPACAS, unlike previous works, preserves the following privacies relevant to an auction: agent privacy, the identities of the losing bidders must not be revealed to any other agent except the auctioneer (AU), bid privacy, the bid values must be hidden from the other agents as well as the AU and bid-topology privacy, the items for which the agents are bidding must be hidden from the other agents as well as the AU. We demonstrate the practicality of TPACAS through simulations. Lastly, we also look at TPACAS' implementation over a publicly distributed ledger, such as the Ethereum blockchain.

Cryptography and Security

Chengkun Wei,Minghu Zhao,Zhikun Zhang,Min Chen,Wenlong Meng,Bo Liu,Yuan Fan,Wenzhi Chen

DOI: https://doi.org/10.1145/3576915.3616593

2023-01-01

Abstract:Differential privacy (DP), as a rigorous mathematical definition quantifying privacy leakage, has become a well-accepted standard for privacy protection. Combined with powerful machine learning (ML) techniques, differentially private machine learning (DPML) is increasingly important. As the most classic DPML algorithm, DP-SGD incurs a significant loss of utility, which hinders DPML's deployment in practice. Many studies have recently proposed improved algorithms based on DP-SGD to mitigate utility loss. However, these studies are isolated and cannot comprehensively measure the performance of improvements proposed in algorithms. More importantly, there is a lack of comprehensive research to compare improvements in these DPML algorithms across utility, defensive capabilities, and generalizability. We fill this gap by performing a holistic measurement of improved DPML algorithms on utility and defense capability against membership inference attacks (MIAs) on image classification tasks. We first present a taxonomy of where improvements are located in the ML life cycle. Based on our taxonomy, we jointly perform an extensive measurement study of the improved DPML algorithms, over twelve algorithms, four model architectures, four datasets, two attacks, and various privacy budget configurations. We also cover state-of-the-art label differential privacy (Label DP) algorithms in the evaluation. According to our empirical results, DP can effectively defend against MIAs, and sensitivity-bounding techniques such as per-sample gradient clipping play an important role in defense. We also explore some improvements that can maintain model utility and defend against MIAs more effectively. Experiments show that Label DP algorithms achieve less utility loss but are fragile to MIAs. ML practitioners may benefit from these evaluations to select appropriate algorithms. To support our evaluation, we implement a modular re-usable software, DPMLBench,(1) which enables sensitive data owners to deploy DPML algorithms and serves as a benchmark tool for researchers and practitioners.

Ameya Anjarlekar,Rasoul Etesami,R. Srikant

2024-10-17

Abstract:We address the challenge of solving machine learning tasks using data from privacy-sensitive sellers. Since the data is private, we design a data market that incentivizes sellers to provide their data in exchange for payments. Therefore our objective is to design a mechanism that optimizes a weighted combination of test loss, seller privacy, and payment, striking a balance between building a good privacy-preserving ML model and minimizing payments to the sellers. To achieve this, we first propose an approach to solve logistic regression with known heterogeneous differential privacy guarantees. Building on these results and leveraging standard mechanism design theory, we develop a two-step optimization framework. We further extend this approach to an online algorithm that handles the sequential arrival of sellers.

Machine Learning,Computer Science and Game Theory

Donghe Li,Chunlin Hu,Qingyu Yang,Yuhao Ma,Feiye Zhang,Dou An

DOI: https://doi.org/10.1109/tase.2024.3496869

IF: 6.636

2024-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Auction mechanism, as a fair and efficient resource allocation method, has been widely used in varieties trading scenarios, such as advertising, crowdsensoring and spectrum. However, in addition to obtaining higher profits and satisfaction, the privacy concerns have attracted researchers’ attention. In this paper, we mainly study the privacy preserving issue in the double auction market against the indirect inference attack. Most of the existing works apply differential privacy theory to defend against the inference attack, but there exists two problems. First‘, indistinguishability’ of differential privacy (DP) cannot prevent the disclosure of continuous valuations in the auction market. Second, the privacy-utility trade-off (PUT) in differential privacy deployment has not been resolved. To this end, we proposed an attack-defense game-based reinforcement learning privacy-preserving method to provide practically privacy protection in double auction. First, the auctioneer acts as defender, adds noise to the bidders’ valuations, and then acts as adversary to launch inference attack. After that the auctioneer uses the attack results and auction results as a reference to guide the next deployment. The above process can be regarded as a Markov Decision Process (MDP). The state is the valuations of each bidders under the current steps. The action is the noise added to each bidders. The reward is composed of privacy, utility and training speed, in which attack success rate and social welfare are taken as measures of privacy and utility, a delay penalty term is used to reduce the training time. Utilizing the deep deterministic policy gradient (DDPG) algorithm, we establish an actor-critic network to solve the problem of MDP. Finally, we conducted extensive evaluations to verify the performance of our proposed method. The results show that compared with other existing DP-based double auction privacy preserving mechanisms, our method can achieve better results in both privacy and utility. We can reduce the attack success rate from nearly 100% to less than 20%, and the utility deviation is less than 5%. Note to Practitioners —Privacy protection in trading markets, such as advertising, crowdsensing, and spectrum, is crucial. Traditional approaches like differential privacy have been unable to entirely guard sensitive data against inference attacks. To address this, we introduce a novel privacy-preserving mechanism for double auction markets. Our approach employs an attack-defense game model, where noise is added to bidders’ valuations and then used to launch an inference attack. This process allows for the evaluation of the noise’s effectiveness and iteratively refines the privacy protection method. Transformed into a reinforcement learning model and optimized through a DDPG network, our mechanism reduces computational complexity. It has been shown to significantly diminish the success rate of inference attacks, while maintaining a minimal utility deviation. Practitioners in auction-based markets can leverage our approach to enhance privacy protection without negatively impacting market performance. By integrating our mechanism into their operations, auctioneers can foster a safer and more efficient trading environment.

Matthew Jagielski,Michael Kearns,Jieming Mao,Alina Oprea,Aaron Roth,Saeed Sharifi-Malvajerdi,Jonathan Ullman

DOI: https://doi.org/10.48550/arXiv.1812.02696

2019-06-01

Abstract:Motivated by settings in which predictive models may be required to be non-discriminatory with respect to certain attributes (such as race), but even collecting the sensitive attribute may be forbidden or restricted, we initiate the study of fair learning under the constraint of differential privacy. We design two learning algorithms that simultaneously promise differential privacy and equalized odds, a 'fairness' condition that corresponds to equalizing false positive and negative rates across protected groups. Our first algorithm is a private implementation of the equalized odds post-processing approach of [Hardt et al., 2016]. This algorithm is appealingly simple, but must be able to use protected group membership explicitly at test time, which can be viewed as a form of 'disparate treatment'. Our second algorithm is a differentially private version of the oracle-efficient in-processing approach of [Agarwal et al., 2018] that can be used to find the optimal fair classifier, given access to a subroutine that can solve the original (not necessarily fair) learning problem. This algorithm is more complex but need not have access to protected group membership at test time. We identify new tradeoffs between fairness, accuracy, and privacy that emerge only when requiring all three properties, and show that these tradeoffs can be milder if group membership may be used at test time. We conclude with a brief experimental evaluation.

Machine Learning,Data Structures and Algorithms,Computer Science and Game Theory

Lei Xu,Chunxiao Jiang,Yi Qian,Jianhua Li,Youjian Zhao,Yong Ren

DOI: https://doi.org/10.1109/tbdata.2017.2777968

2017-01-01

IEEE Transactions on Big Data

Abstract:Nowadays the privacy issue arising in data mining applications has attracted much attention. In the context of distributed data mining, a major concern of the participant is that its privacy may be disclosed to other participants or a third party. To protect privacy, one can apply a differential privacy approach to perturb the data before sharing them with others, which generally causes a negative effect on the mining result. Thus there is a trade-off between privacy and the mining result. In this paper, we study a distributed classification scenario where a mediator builds a classifier based on the perturbed query results returned by a number of users. We propose a game theoretical approach to analyze how users choose their privacy budgets. Specifically, interactions among users are modeled as a game in satisfaction form. And an algorithm is proposed for users to learn the satisfaction equilibrium (SE) of the game. Experimental results demonstrate that, when the differences among users’ expectations are not significant, the proposed learning algorithm can converge to an SE, at which every user achieves a balance between the accuracy of the classifier and the preserved privacy.

Bargav Jayaraman,David Evans

DOI: https://doi.org/10.48550/arXiv.1902.08874

IF: 5.414

2019-02-24

Machine Learning

Abstract:Differential privacy is a strong notion for privacy that can be used to prove formal guarantees, in terms of a privacy budget, $\epsilon$, about how much information is leaked by a mechanism. However, implementations of privacy-preserving machine learning often select large values of $\epsilon$ in order to get acceptable utility of the model, with little understanding of the impact of such choices on meaningful privacy. Moreover, in scenarios where iterative learning procedures are used, differential privacy variants that offer tighter analyses are used which appear to reduce the needed privacy budget but present poorly understood trade-offs between privacy and utility. In this paper, we quantify the impact of these choices on privacy in experiments with logistic regression and neural network models. Our main finding is that there is a huge gap between the upper bounds on privacy loss that can be guaranteed, even with advanced mechanisms, and the effective privacy loss that can be measured using current inference attacks. Current mechanisms for differentially private machine learning rarely offer acceptable utility-privacy trade-offs with guarantees for complex learning tasks: settings that provide limited accuracy loss provide meaningless privacy guarantees, and settings that provide strong privacy guarantees result in useless models. Code for the experiments can be found here: https://github.com/bargavj/EvaluatingDPML

Jiancong Zhang,Changhao Wang,Shining Li

DOI: https://doi.org/10.1016/j.knosys.2023.111356

IF: 8.139

2024-01-04

Knowledge-Based Systems

Abstract:In vehicular differentially private federated learning , the personalized differential privacy mechanism allows vehicles to customize their local privacy budget. However, it leads to uneven utility across datasets. Therefore, model owners must consider the unevenness in utility within the incentive mechanisms to enhance learning performance. Due to limitations in system resources, servers in the Internet of Vehicles should prioritize the selection of high-utility datasets before initiating the learning process. Since existing utility evaluation schemes are costly and inefficient, we propose a knowledge trading framework based on prior utility evaluation and contract theory. Specifically, we first derive a utility evaluation function that captures the functional relationship between utility and privacy elements, such as privacy cost, sensitivity, and learning rounds. These elements are shared as hyperparameters among vehicles and servers for utility evaluation. In the presence of information asymmetry , we utilize the self-revealing property of contract theory to mitigate dishonest behavior. The learning process is modeled as an optimization function that incorporates utility and privacy costs. The complexity is further reduced by utilizing the monotonicity of the utility function. Experimental results based on multiple models and datasets illustrate that our scheme outperforms existing schemes in terms of convergence and accuracy.

computer science, artificial intelligence

S. Micali,J. Chen

2008-01-01

Abstract:We put forward a new mechanism achieving a high benchmark for (both revenue and) the sum of revenue and efficiency in truly combinatorial auctions. Notably, our mechanism guarantees its performance • in a very adversarial collusion model; • for any profile of strategies surviving the iterated elimination of dominated strategies; and • by leveraging the knowledge that the players have about each other (in a non-Bayesian setting). Our mechanism also is computationally efficient, and preserves the players’ privacy to an unusual extent.

Peng Sun,Liantao Wu,Zhibo Wang,Jinfei Liu,Juan Luo,Wenqiang Jin

DOI: https://doi.org/10.1145/3677127

2024-01-01

Abstract:The proliferation of machine learning (ML) applications has given rise to a new and popular data marketplace paradigm. These marketplaces facilitate ML model requesters in obtaining data from data owners to train their desired models. To mitigate the privacy concerns of data owners, federated learning (FL) has been introduced, enabling collaborative model training without raw data trading. Furthermore, researchers have incorporated differential privacy (DP) techniques into FL, resulting in differentially private federated learning (DPFL) to enhance privacy preservation. However, existing designs of DPFL-based data marketplaces consider a simplified but unrealistic scenario where the model requester holds dominant market power, and data owners cannot set their own prices. In this work, we propose a novel DPFL-based data marketplace that accommodates both price-taking and price-setting data owners. We model the interactions among the model requester and these two types of data owners as a three-stage Stackelberg game, focusing on maximizing the model requester's profit. We rigorously establish that the formulated game is a convex game with a unique subgame perfect equilibrium. Moreover, we devise iterative algorithms to determine the equilibrium strategies for the model requester and price-setting data owners. Notably, our algorithms allow data owners to operate without requiring complete information about the model requester or other data owners. Numerical experiments demonstrate the superiority of our proposed three-stage framework in terms of the model requester's profitability compared to scenarios where only price-taking data owners are involved. Furthermore, we reveal that price competition among price-setting data owners reduces equilibrium market prices.

Donghe Li,Qingyu Yang,Chen Li,Dou An,Yi Shi

DOI: https://doi.org/10.1109/TASE.2022.3181570

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Due to high convenience and efficiency, electronic auction technology has been developed rapidly and has been applied to many online trading market applications. As more attention has been paid to information security, the privacy issues in the electronic auction have been widely studied. Differential privacy, as a lightweight privacy protection method, is an important direction in privacy preserving auction mechanism designing. However, most of the existing researches on differential privacy-based auction mechanism have not proposed a theoretical privacy inference attack method against the auction market. Therefore, the existence of privacy attacks is questionable, and the necessity and privacy protection performance of the existing differential privacy auction mechanism cannot be verified. To this end, in this paper we addressed the privacy attack issue and privacy protection issue in the auction market simultaneously. First, a Bayesian-based inference attack method against the double auction market was proposed from the perspective of the adversary. Theoretical analysis and evaluation results showed that the proposed inference attack method can effectively infer the bidding information of the target bidders, and attack success rate achieved approximately 95%. Second, an individual differential privacy-based auction mechanism was proposed from the perspective of the auction platform. Since not all the bidders will be attacked, we introduced the concept of individual differential privacy to provide targeted defense for specific bidders. Theoretical analysis demonstrated that the proposed auction mechanism satisfies 2(pi)-individual differential privacy. And the extensive evaluation results showed that, compared with the existing differential privacy-based auction mechanism, our proposed mechanism provided the best privacy protection performance, that is, reduced the attack success rate to 20%, and ensured better auction performance, such as social welfare and satisfaction ratio, than the other mechanisms.

Ben Stoddard,Yan Chen,Ashwin Machanavajjhala

DOI: https://doi.org/10.48550/arXiv.1411.5428

IF: 5.414

2014-11-20

Machine Learning

Abstract:An important use of private data is to build machine learning classifiers. While there is a burgeoning literature on differentially private classification algorithms, we find that they are not practical in real applications due to two reasons. First, existing differentially private classifiers provide poor accuracy on real world datasets. Second, there is no known differentially private algorithm for empirically evaluating the private classifier on a private test dataset. In this paper, we develop differentially private algorithms that mirror real world empirical machine learning workflows. We consider the private classifier training algorithm as a blackbox. We present private algorithms for selecting features that are input to the classifier. Though adding a preprocessing step takes away some of the privacy budget from the actual classification process (thus potentially making it noisier and less accurate), we show that our novel preprocessing techniques significantly increase classifier accuracy on three real-world datasets. We also present the first private algorithms for empirically constructing receiver operating characteristic (ROC) curves on a private test set.

Ermis Soumalias,Jakob Weissteiner,Jakob Heiss,Sven Seuken

DOI: https://doi.org/10.1609/aaai.v38i9.28850

2024-03-28

Abstract:We study the design of iterative combinatorial auctions (ICAs). The main challenge in this domain is that the bundle space grows exponentially in the number of items. To address this, several papers have recently proposed machine learning (ML)-based preference elicitation algorithms that aim to elicit only the most important information from bidders. However, from a practical point of view, the main shortcoming of this prior work is that those designs elicit bidders' preferences via value queries (i.e., ``What is your value for the bundle $\{A,B\}$?''). In most real-world ICA domains, value queries are considered impractical, since they impose an unrealistically high cognitive burden on bidders, which is why they are not used in practice. In this paper, we address this shortcoming by designing an ML-powered combinatorial clock auction that elicits information from the bidders only via demand queries (i.e., ``At prices $p$, what is your most preferred bundle of items?''). We make two key technical contributions: First, we present a novel method for training an ML model on demand queries. Second, based on those trained ML models, we introduce an efficient method for determining the demand query with the highest clearing potential, for which we also provide a theoretical foundation. We experimentally evaluate our ML-based demand query mechanism in several spectrum auction domains and compare it against the most established real-world ICA: the combinatorial clock auction (CCA). Our mechanism significantly outperforms the CCA in terms of efficiency in all domains, it achieves higher efficiency in a significantly reduced number of rounds, and, using linear prices, it exhibits vastly higher clearing potential. Thus, with this paper we bridge the gap between research and practice and propose the first practical ML-powered ICA.

Computer Science and Game Theory,Artificial Intelligence,Machine Learning

Fred Lu,Joseph Munoz,Maya Fuchs,Tyler LeBlond,Elliott Zaresky-Williams,Edward Raff,Francis Ferraro,Brian Testa

DOI: https://doi.org/10.48550/arXiv.2210.08643

2023-01-07

Abstract:We present a framework to statistically audit the privacy guarantee conferred by a differentially private machine learner in practice. While previous works have taken steps toward evaluating privacy loss through poisoning attacks or membership inference, they have been tailored to specific models or have demonstrated low statistical power. Our work develops a general methodology to empirically evaluate the privacy of differentially private machine learning implementations, combining improved privacy search and verification methods with a toolkit of influence-based poisoning attacks. We demonstrate significantly improved auditing power over previous approaches on a variety of models including logistic regression, Naive Bayes, and random forest. Our method can be used to detect privacy violations due to implementation errors or misuse. When violations are not present, it can aid in understanding the amount of information that can be leaked from a given dataset, algorithm, and privacy specification.

Machine Learning,Cryptography and Security