Survey: Leakage and Privacy at Inference Time

Jegorova, Marija; Kaul, Chaitanya; Mayor, Charlie; O’Neil, Alison Q.; Weir, Alexander; Murray-Smith, Roderick; Tsaftaris, Sotirios A.

doi:10.48550/arxiv.2107.01614

Cited by 9 publications

(8 citation statements)

References 112 publications

(206 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, they can be used to train attacker models that learn to identify both demographic features (implicitly present in the data) and blood test features (explicitly present) that highly correlate with certain diseases. It is then possible to use this trained model to re-identify some patients based on their demographic features and possible combination of diseases (Jegorova et al, 2021).…”

Section: Privacy Attacks In Machine Learning and Healthcarementioning

confidence: 99%

Privacy-aware Early Detection of COVID-19 through Adversarial Training

Rohanian¹,

Kouchaki²,

Soltan³

et al. 2022

Preprint

View full text Add to dashboard Cite

Early detection of COVID-19 is an ongoing area of research that can help with triage, monitoring and general health assessment of potential patients and may reduce operational strain on hospitals that cope with the coronavirus pandemic. Different machine learning techniques have been used in the literature to detect potential cases of coronavirus using routine clinical data (blood tests, and vital signs measurements). Data breaches and information leakage when using these models can bring reputational damage and cause legal issues for hospitals. In spite of this, protecting healthcare models against leakage of potentially sensitive information is an understudied research area. In this work, we examine two machine learning approaches, intended to predict a patient's COVID-19 status using routinely collected and readily available clinical data. We employ adversarial training to explore robust deep learning architectures that protect attributes related to demographic information about the patients. The two models we examine in this work are intended to preserve sensitive information against adversarial attacks and information leakage. In a series of experiments using datasets from the Oxford University Hospitals (OUH), Bedfordshire Hospitals NHS Foundation Trust (BH), University Hospitals Birmingham NHS Foundation Trust (UHB), and Portsmouth Hospitals University NHS Trust (PUH) we train and test two neural networks that predict PCR test results using information from basic laboratory blood tests, and vital signs performed on a patients' arrival to hospital. We assess the level of privacy each one of the models can provide and show the efficacy and robustness of our proposed architectures against a comparable baseline. One of our main contributions is that we specifically target the development of effective COVID-19 detection models with built-in mechanisms in order to selectively protect sensitive attributes against adversarial attacks.

show abstract

Section: Privacy Attacks In Machine Learning and Healthcarementioning

confidence: 99%

Privacy-aware Early Detection of COVID-19 through Adversarial Training

Rohanian¹,

Kouchaki²,

Soltan³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…DRL has just started to be leveraged for maintaining privacy by becoming invariant to private features [130,196,197]. Considering that the privacy issues in machine learning have attracted significant attention [198], we believe that there is a new, emerging domain for learning privacy-preserved disentangled representations. As for every new domain, it will be challenging to connect and exploit the existing concepts, such as the differential privacy [199] and the federated learning [200], with the disentanglement paradigm.…”

Section: Opportunities and Open Challengesmentioning

confidence: 99%

Learning Disentangled Representations in the Imaging Domain

Liu,

Sanchez,

Thermos

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Disentangled representation learning has been proposed as an approach to learning general representations. This can be done in the absence of, or with limited, annotations. A good general representation can be readily fine-tuned for new target tasks using modest amounts of data, or even be used directly in unseen domains achieving remarkable performance in the corresponding task. This alleviation of the data and annotation requirements offers tantalising prospects for tractable and affordable applications in computer vision and healthcare. Finally, disentangled representations can offer model explainability and can help us understand the underlying causal relations of the factors of variation, increasing their suitability for real-world deployment. In this tutorial paper, we will offer an overview of the disentangled representation learning, its building blocks and criteria, and discuss applications in computer vision and medical imaging. We conclude our tutorial by presenting the identified opportunities for the integration of recent machine learning advances into disentanglement, as well as the remaining challenges.

show abstract

“…In Natural Language Understanding (NLU) applications, the input text often contain sensitive personal information, e.g., racial or ethnic origins, religious or philosophical beliefs, etc [13]. Such information can be directly or indirectly used to identify a specific person, leading to potential privacy leakage that impedes privacyconscious users from releasing data to NLU service providers [3,4,28].…”

Section: Introductionmentioning

confidence: 99%

A Customised Text Privatisation Mechanism with Differential Privacy

Chen¹,

Mo²,

Chen³

et al. 2022

Preprint

View full text Add to dashboard Cite

In Natural Language Understanding (NLU) applications, training an effective model often requires a massive amount of data. However, text data in the real world are scattered in different institutions or user devices. Directly sharing them with the NLU service provider brings huge privacy risks, as text data often contains sensitive information, leading to potential privacy leakage. A typical way to protect privacy is to directly privatize raw text and leverage Differential Privacy (DP) to quantify the privacy protection level. However, existing text privatization mechanisms that privatize text by applying 𝑑 𝜒 -privacy are not applicable for all similarity metrics and fail to achieve a good privacy-utility trade-off. This is primarily because (1) 𝑑 𝜒 -privacy's strict requirements for similarity metrics; (2) these methods privatize each token in the text equally by providing the same and excessively large output set. Bad utility-privacy trade-off performance impedes the adoption of current text privatization mechanisms in real-world applications. In this paper, we propose a Customized differentially private Text privatization mechanism (CusText) that assigns each input token a customized output set to provide more advanced adaptive privacy protection at the token-level. It also overcomes the limitation for the similarity metrics caused by 𝑑 𝜒 -privacy notion, by turning the mechanism to satisfy 𝜖-DP. Furthermore, we provide two new text privatization strategies to boost the utility of privatized text without compromising privacy and design a new attack strategy for further evaluating the protection level of our mechanism empirically from a new attack's view. We also conduct extensive experiments on two widely used datasets to demonstrate that our proposed mechanism CusText can achieve a better privacy-utility trade-off and better practical application value than the existing methods.

show abstract

Survey: Leakage and Privacy at Inference Time

Cited by 9 publications

References 112 publications

Privacy-aware Early Detection of COVID-19 through Adversarial Training

Privacy-aware Early Detection of COVID-19 through Adversarial Training

Learning Disentangled Representations in the Imaging Domain

A Customised Text Privatisation Mechanism with Differential Privacy

Contact Info

Product

Resources

About