Differential privacy (DP) allows the quantification of privacy loss when the data of individuals is subjected to algorithmic processing such as machine learning, as well as the provision of objective privacy guarantees. However, while techniques such as individual R\'enyi DP (RDP) allow for granular, per-person privacy accounting, few works have investigated the impact of each input feature on the individual's privacy loss. Here we extend the view of individual RDP by introducing a new concept we call partial sensitivity, which leverages symbolic automatic differentiation to determine the influence of each input feature on the gradient norm of a function. We experimentally evaluate our approach on queries over private databases, where we obtain a feature-level contribution of private attributes to the DP guarantee of individuals. Furthermore, we explore our findings in the context of neural network training on synthetic data by investigating the partial sensitivity of input pixels on an image classification task.
翻译:在个人数据受到机器学习等算法处理以及提供客观的隐私保障时,不同的隐私允许对隐私损失进行量化;然而,虽然个人R\'enyi DP(RDP)等技术允许对个人隐私进行颗粒式、个人隐私核算,但很少有作品调查每个输入特征对个人隐私损失的影响;在这里,我们通过引入我们称之为部分敏感性的新概念来扩展个人RDP的观点,我们称之为部分敏感概念,利用象征性的自动区分来确定每个输入特征对功能梯度规范的影响;我们实验评估了我们对私人数据库查询的方法,我们从中获得了个人属性对DP保障的特色贡献;此外,我们通过调查图像分类任务中输入像素的部分敏感性,探索了我们在合成数据神经网络培训方面的调查结果。