There is a known tension between the need to analyze personal data to drive business and privacy concerns. Many data protection regulations, including the EU General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA), set out strict restrictions and obligations on the collection and processing of personal data. Moreover, machine learning models themselves can be used to derive personal information, as demonstrated by recent membership and attribute inference attacks. Anonymized data, however, is exempt from the obligations set out in these regulations. It is therefore desirable to be able to create models that are anonymized, thus also exempting them from those obligations, in addition to providing better protection against attacks. Learning on anonymized data typically results in significant degradation in accuracy. In this work, we propose a method that is able to achieve better model accuracy by using the knowledge encoded within the trained model, and guiding our anonymization process to minimize the impact on the model's accuracy, a process we call accuracy-guided anonymization. We demonstrate that by focusing on the model's accuracy rather than generic information loss measures, our method outperforms state of the art k-anonymity methods in terms of the achieved utility, in particular with high values of k and large numbers of quasi-identifiers. We also demonstrate that our approach has a similar, and sometimes even better ability to prevent membership inference attacks as approaches based on differential privacy, while averting some of their drawbacks such as complexity, performance overhead and model-specific implementations. This makes model-guided anonymization a legitimate substitute for such methods and a practical approach to creating privacy-preserving models.
翻译:许多数据保护条例,包括欧盟一般数据保护条例(GDPR)和加利福尼亚消费者保护法(CCPA),对收集和处理个人数据规定了严格的限制和义务;此外,机器学习模式本身可以用来获取个人信息,如最近的会员身份和属性推断攻击所显示的那样;匿名数据不受这些条例所规定义务的约束;因此,最好能够创建匿名化模式,从而除提供更好的防范攻击保护外,还免除这些义务;学习匿名化数据通常导致对收集和处理个人数据的严格限制和义务;此外,在这项工作中,我们提出一种方法,通过使用经过训练的模型所编码的知识,可以提高模型准确性,指导我们的匿名化进程,以尽量减少对模型准确性的影响,我们称之为以模型为指南的匿名化过程。我们通过侧重于模型的准确性而不是一般信息损失措施,我们的方法通常会大大降低攻击的准确性;我们提出的一种方法,通过使用经过训练的模型的精细的精细度和精确性方法,也能够以高的精确性方法来提高模型的准确性;我们有时通过注重模型的精确性,我们的方法比一般信息损失措施的精确性,我们的方法超越了成本的精确性方法,同时以类似的推测方法也展示了我们的精确性方法。