Machine-learning models contain information about the data they were trained on. This information leaks either through the model itself or through predictions made by the model. Consequently, when the training data contains sensitive attributes, assessing the amount of information leakage is paramount. We propose a method to quantify this leakage using the Fisher information of the model about the data. Unlike the worst-case a priori guarantees of differential privacy, Fisher information loss measures leakage with respect to specific examples, attributes, or sub-populations within the dataset. We motivate Fisher information loss through the Cram\'{e}r-Rao bound and delineate the implied threat model. We provide efficient methods to compute Fisher information loss for output-perturbed generalized linear models. Finally, we empirically validate Fisher information loss as a useful measure of information leakage.
翻译:机学模型包含关于它们所培训的数据的信息。这种信息要么通过模型本身,要么通过模型作出的预测泄漏。因此,当培训数据包含敏感属性时,评估信息泄漏的数量至关重要。我们建议了一种方法,利用关于数据模型的渔业者信息来量化这种渗漏。不同于预先保障不同隐私的最坏情况,渔业信息损失措施是对数据集内的具体例子、属性或亚人口进行渗漏。我们通过Cram\{{e}r-Rao约束和描述隐含的威胁模型来刺激渔业信息流失。我们提供了有效的方法,用以计算渔业者信息损失与产出渗透的通用线性模型之间的数值。最后,我们从经验上确认渔业信息损失是有用的信息渗漏量。