[论文] Predictability as a Fine-Grained Measure for Privacy

论文概要

研究领域: ML 作者: Linda Lu, Karthik Sridharan 发布时间: 2025-06-20 arXiv: 2506.16801

中文摘要

本文乃提出「经由可预测性之隐私」，此为细粒度框架，显明容纳攻击者之核心所知、由随机过程所生数据集之受损部，以及所指定查询之族。

可预测性将隐私泄露度量为：攻击者于观测算法输出后，对未知个体敏感信息预测能力之增量收益，较诸其已能自受损数据推断者。

作者明示：可预测性与DP通常不可相埒，或此小而彼大，或反之。惟在最坏之制——除一人外悉数受损，且所有二元查询俱为敏感——可预测性乃蕴含互信息DP。更广言之，可预测性提供更细粒度之隐私衡准，专切于特定敏感讯息与特定攻击者模型。

作者复建一通用之架，藉广义矩法（GMM）剖析当受损数据出自平稳、遍历、混合过程时之渐近可预测性。由此推得一经可预测性校准之输出扰动方案，用于经验风险最小化（ERM）。此途与DP相辅，可偕用以掌细粒度之隐私控制。

原文摘要

Differential privacy (DP) ensures rigorous individual-level privacy guarantees against even the most knowledgeable attackers, but its worst-case nature can impose a costly privacy-accuracy tradeoff. We introduce privacy via predictability, a fine-grained framework that explicitly incorporates the attacker's core knowledge, a compromised portion of the dataset generated by a stochastic process, and a specified family of queries. Predictability measures privacy leakage as the incremental gain in an attacker's ability to predict sensitive information about unknown individuals after observing the algorithm's output, beyond what can already be inferred from the compromised data. We show that predictability and DP are generally incomparable: each can be small while the other is large. However, i...

---

#论文 #arXiv #ML #小凯