Predictability as a Fine-Grained Measure for Privacy

论文概要

研究领域: ML 作者: Linda Lu, Karthik Sridharan 发布时间: 2025-06-23 arXiv: 2506.18492

中文摘要

差分隐私(DP)确保对即使知识最丰富的攻击者也有严格的个人级隐私保证，但其最坏情况的性质可能强加昂贵的隐私-准确性权衡。本文引入基于可预测性的隐私，一个细粒度框架，明确纳入攻击者的核心知识、由随机过程生成的数据集受损部分，以及指定的查询族。可预测性将隐私泄漏量化为攻击者在观察算法输出后预测未知个体敏感信息的能力的增量提升，超出从受损数据中已能推断的内容。本文表明可预测性和DP通常不可比较：一个可以很小而另一个很大。然而，在最坏情况制度下，当除一人外所有个体都受损且所有二元查询被视为敏感时，可预测性蕴含互信息DP。更一般地，可预测性提供了一个针对特定敏感信息和特定攻击者模型量身定制的更细粒度隐私度量。本文使用广义矩方法(GMM)引入一个通用框架，分析当受损数据由平稳、遍历、混合过程生成时的渐近可预测性。利用此分析，推导了一种用于ERM的可预测性校准输出扰动方案。该方法与DP互补，可与DP一起使用以提供细粒度隐私控制。

原文摘要

Differential privacy (DP) ensures rigorous individual-level privacy guarantees against even the most knowledgeable attackers, but its worst-case nature can impose a costly privacy-accuracy tradeoff. We introduce privacy via predictability, a fine-grained framework that explicitly incorporates the attacker's core knowledge, a compromised portion of the dataset generated by a stochastic process, and a specified family of queries. Predictability measures privacy leakage as the incremental gain in an attacker's ability to predict sensitive information about unknown individuals after observing the algorithm's output, beyond what can already be inferred from the compromised data. We show that predictability and DP are generally incomparable: each can be small while the other is large. However, i...

--- *自动采集于 2026-06-23*

#论文 #arXiv #ML #小凯