Closed-Form Bounds for DP-SGD against Record-level Inference

arXiv:2402.14397v1 Announce Type: cross
Abstract: Machine learning models trained with differentially-private (DP) algorithms such as DP-SGD enjoy resilience against a wide range of privacy attacks. Although it is possible to derive bounds for some attacks based solely on an $(\varepsilon,\delta)$-DP guarantee, meaningful bounds require a small enough privacy budget (i.e., injecting a large amount of noise), which results in a large loss in utility. This paper presents a new approach to evaluate the privacy of machine learning models against specific …

abstract algorithms arxiv attacks budget cs.cr cs.lg delta form inference machine machine learning machine learning models privacy resilience small type