ABSTRACT
We study the role of information complexity in privacy leakage about an attribute of an adversary's interest, which is not known a priori to the system designer. Considering the supervised representation learning setup and using neural networks to parameterize the variational bounds of information quantities, we study the impact of the following factors on the amount of information leakage: information complexity regularizer weight, latent space dimension, the cardinalities of the known utility and unknown sensitive attribute sets, the correlation between utility and sensitive attributes, and a potential bias in a sensitive attribute of adversary's interest. We conduct extensive experiments on Colored-MNIST and CelebA datasets to evaluate the effect of information complexity on the amount of intrinsic leakage.
- Martín Abadi et al. 2016. TensorFlow: A System for Large-Scale Machine Learning. In 12th USENIX Conference on Operating Systems Design and Implementation. 265--283.Google Scholar
- Thomas Andre, Marc Antonini, Michel Barlaud, and Robert M Gray. 2006. Entropy-based distortion measure for image coding. In 2006 International Conference on Image Processing. IEEE, 1157--1160.Google ScholarCross Ref
- Yuksel Ozan Basciftci, Ye Wang, and Prakash Ishwar. 2016. On privacy-utility tradeoffs for constrained data release mechanisms. In 2016 Information Theory and Applications Workshop (ITA). IEEE, 1--6.Google ScholarCross Ref
- Matthias Bauer and Andriy Mnih. 2019. Resampled priors for variational autoencoders. In Int'l Conference on Artificial Intelligence and Statistics. 66--75.Google Scholar
- Mohamed Ishmael Belghazi, Aristide Baratin, Sai Rajeshwar, Sherjil Ozair, Yoshua Bengio, Aaron Courville, and Devon Hjelm. 2018. Mutual information neural estimation. In International Conference on Machine Learning. 531--540.Google Scholar
- Nicolo Cesa-Bianchi and Gábor Lugosi. 2006. Prediction, learning, and games. Cambridge university press.Google Scholar
- Peter Harremoës and Naftali Tishby. 2007. The information bottleneck revisited or how to choose a good distortion measure. In 2007 IEEE International Symposium on Information Theory. IEEE, 566--570.Google ScholarCross Ref
- Hsiang Hsu, Shahab Asoodeh, and Flavio P. Calmon. 2019. Obfuscation via Information Density Estimation. In Int'l Conf. on Artificial Int. and Stat. (AISTATS).Google Scholar
- Chong Huang, Peter Kairouz, Xiao Chen, Lalitha Sankar, and Ram Rajagopal. 2017. Context-aware generative adversarial privacy. Entropy 19, 12 (2017), 656.Google ScholarCross Ref
- Ibrahim Issa, Aaron B Wagner, and Sudeep Kamath. 2019. An operational approach to information leakage. IEEE Trans. Info. Theory 66, 3 (2019), 1625--1657.Google ScholarCross Ref
- Durk P Kingma, Tim Salimans, Rafal Jozefowicz, Xi Chen, Ilya Sutskever, and Max Welling. 2016. Improved variational inference with inverse autoregressive flow. In Advances in neural information processing systems. 4743--4751.Google Scholar
- Diederik P Kingma and Max Welling. 2014. Auto-encoding variational bayes. In International Conference on Learning Representations (ICLR).Google Scholar
- Yann LeCun and Corinna Cortes. 2010. MNIST handwritten digit database. http://yann.lecun.com/exdb/mnist/. (2010). http://yann.lecun.com/exdb/mnist/Google Scholar
- Z. Liu, P. Luo, X. Wang, and X. Tang. 2015. Deep Learning Face Attributes in the Wild. In International Conference on Computer Vision (ICCV).Google Scholar
- Ali Makhdoumi, Salman Salamatian, Nadia Fawaz, and Muriel Médard. 2014. From the information bottleneck to the privacy funnel. In IEEE Info. Theory Workshop. IEEE, 501--505.Google ScholarCross Ref
- XuanLong Nguyen, Martin J Wainwright, and Michael I Jordan. 2010. Estimating divergence functionals and the likelihood ratio by convex risk minimization. IEEE Transactions on Information Theory 56, 11 (2010), 5847--5861.Google ScholarDigital Library
- Flavio P. Calmon, Ali Makhdoumi, and Muriel Médard. 2015. Fundamental limits of perfect privacy. In IEEE Int'l Symp. Info. Theory. 1796--1800.Google Scholar
- Borzoo Rassouli and Deniz Gündüz. 2019. Optimal utility-privacy trade-off with total variation distance as a privacy measure. IEEE Transactions on Information Forensics and Security 15 (2019), 594--603.Google ScholarDigital Library
- Borzoo Rassouli and Deniz Gündüz. 2021. On perfect privacy. In to appear in IEEE Journal on Selected Areas in Information Theory (JSAIT). IEEE.Google Scholar
- Borzoo Rassouli, Fernando Rosas, and Deniz Gündüz. 2019. Data Disclosure under Perfect Sample Privacy. IEEE Trans. Inform. Forensics and Security (2019).Google Scholar
- Behrooz Razeghi, Flavio P. Calmon, Deniz Gündüz, and Slava Voloshynovskiy. 2020. On Perfect Obfuscation: Local Information Geometry Analysis. In 2020 IEEE International Workshop on Information Forensics and Security (WIFS). 1--6.Google Scholar
- Danilo Jimenez Rezende and Shakir Mohamed. 2015. Variational inference with normalizing flows. In Int'l Conf. on Machine Learning. 1530--1538.Google Scholar
- Borja Rodríguez-Gálvez, Ragnar Thobaben, and Mikael Skoglund. 2020. A Variational Approach to Privacy and Fairness. arXiv preprint arXiv:2006.06332 (2020).Google Scholar
- Mihaela Rosca, Balaji Lakshminarayanan, and Shakir Mohamed. 2018. Distribution matching in variational inference. arXiv preprint arXiv:1802.06847 (2018).Google Scholar
- Sreejith Sreekumar and Deniz Gündüz. 2019. Optimal Privacy-Utility Trade-off under a Rate Constraint. In IEEE Int'l Symp. Info. Theory. IEEE, 2159--2163.Google Scholar
- Masashi Sugiyama, Taiji Suzuki, and Takafumi Kanamori. 2012. Density-ratio matching under the Bregman divergence: A unified framework of density-ratio estimation. Annals of the Inst. of Statistical Mathematics 64, 5 (2012), 1009--1044.Google ScholarCross Ref
- Naftali Tishby, Fernando C Pereira, and William Bialek. 2000. The information bottleneck method. In IEEE Allerton.Google Scholar
- Jakub Tomczak and Max Welling. 2018. VAE with a VampPrior. In International Conference on Artificial Intelligence and Statistics. 1214--1223.Google Scholar
- Ardhendu Tripathy, Ye Wang, and Prakash Ishwar. 2019. Privacy-preserving adversarial networks. In Allerton Conf. on Comm., Control, and Comp. 495--505.Google ScholarDigital Library
Index Terms
- Variational Leakage: The Role of Information Complexity in Privacy Leakage
Recommendations
On the leakage of personally identifiable information via online social networks
WOSN '09: Proceedings of the 2nd ACM workshop on Online social networksFor purposes of this paper, we define "Personally identifiable information" (PII) as information which can be used to distinguish or trace an individual's identity either alone or when combined with other information that is linkable to a specific ...
The purpose driven privacy preservation for accelerometer-based activity recognition
Accelerometer-based activity recognition (AAR) attracted a lot of attentions due to the wide spread of smartphones with energy-efficiency. However, since accelerometer data contains individual characteristics; AAR might raise privacy concerns. Although ...
On the leakage of personally identifiable information via online social networks
For purposes of this paper, we define "Personally identifiable information" (PII) as information which can be used to distinguish or trace an individual's identity either alone or when combined with other information that is linkable to a specific ...
Comments