Electrical and Electronic Engineering - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/362

Filters

2020 - 2021 8
Reset filters

Settings
Statistics
Citations
End date: 2022 × Start date: 2020 × Type: Conference Paper × Author: Farokhi, Farhad ×

Search Results

Now showing 1 - 8 of 8
  • Item
    Thumbnail Image
    Measuring Information Leakage in Non-stochastic Brute-Force Guessing
    Farokhi, F ; Ding, N (IEEE, 2021)
    We propose an operational measure of information leakage in a non-stochastic setting to formalize privacy against a brute-force guessing adversary. We use uncertain variables, non-probabilistic counterparts of random variables, to construct a guessing framework in which an adversary is interested in determining private information based on uncertain reports. We consider brute-force trial-and-error guessing in which an adversary can potentially check all the possibilities of the private information that are compatible with the available outputs to find the actual private realization. The ratio of the worst-case number of guesses for the adversary in the presence of the output and in the absence of it captures the reduction in the adversary's guessing complexity and is thus used as a measure of private information leakage. We investigate the relationship between the newly-developed measure of information leakage with maximin information and stochastic maximal leakage that are shown to arise in one-shot guessing.
  • Item
    Thumbnail Image
    Non-Stochastic Private Function Evaluation
    Farokhi, F ; Nair, G (IEEE, 2021-04-11)
    We consider private function evaluation to provide query responses based on private data of multiple untrusted entities in such a way that each cannot learn something substantially new about the data of others. First, we introduce perfect non-stochastic privacy in a two-party scenario. Perfect privacy amounts to conditional unrelatedness of the query response and the private uncertain variable of other individuals conditioned on the uncertain variable of a given entity. We show that perfect privacy can be achieved for queries that are functions of the common uncertain variable, a generalization of the common random variable. We compute the closest approximation of the queries that do not take this form. To provide a trade-off between privacy and utility, we relax the notion of perfect privacy. We define almost perfect privacy and show that this new definition equates to using conditional disassociation instead of conditional unrelatedness in the definition of perfect privacy. Then, we generalize the definitions to multi-party function evaluation (more than two data entities). We prove that uniform quantization of query responses, where the quantization resolution is a function of privacy budget and sensitivity of the query (cf., differential privacy), achieves function evaluation privacy.
  • Item
    Thumbnail Image
    Measuring Information Leakage in Non-stochastic Brute-Force Guessing
    Farokhi, F ; Ding, N (IEEE, 2021-04-11)
    We propose an operational measure of information leakage in a non-stochastic setting to formalize privacy against a brute-force guessing adversary. We use uncertain variables, non-probabilistic counterparts of random variables, to construct a guessing framework in which an adversary is interested in determining private information based on uncertain reports. We consider brute-force trial-and-error guessing in which an adversary can potentially check all the possibilities of the private information that are compatible with the available outputs to find the actual private realization. The ratio of the worst-case number of guesses for the adversary in the presence of the output and in the absence of it captures the reduction in the adversary’s guessing complexity and is thus used as a measure of private information leakage. We investigate the relationship between the newly-developed measure of information leakage with maximin information and stochastic maximal leakage that are shown to arise in one-shot guessing.
  • Item
    Thumbnail Image
    Using Renyi-divergence and Arimoto-Renyi Information to Quantify Membership Information Leakage
    Farokhi, F (IEEE, 2021)
    Membership inference attacks, i.e., adversarial attacks inferring whether a data record is used for training a machine learning model, has been recently shown to pose a legitimate privacy risk in machine learning literature. In this paper, we propose two measures of information leakage for investigating membership inference attacks backed by results on binary hypothesis testing in information theory literature. The first measure of information leakage is defined using Rényi α-divergence of the distribution of output of a machine learning model for data records that are in and out of the training dataset. The second measure of information leakage is based on Arimoto-Rényi α-information between the membership random variable (whether the data record is in or out of the training dataset) and the output of the machine learning model. These measures of leakage are shown to be related to each other. We compare the proposed measures of information leakage with α-leakage from the information-theoretic privacy literature to establish some useful properties. We establish an upper bound for α-divergence information leakage as a function of the privacy budget for differentially-private machine learning models.
  • Item
    Thumbnail Image
    An Explicit Formula for the Zero-Error Feedback Capacity of a Class of Finite-State Additive Noise Channels
    Saberi, A ; Farokhi, F ; Nair, GN (IEEE, 2020)
    It is known that for a discrete channel with correlated additive noise, the ordinary capacity with or without feedback both equal log q−H(Z), where H(Z)is the entropy rate of the noise process Z and q is the alphabet size. In this paper, a class of finite-state additive noise channels is introduced. It is shown that the zero-error feedback capacity of such channels is either zero or C 0 f = log q - h(Z), where h(Z) is the topological entropy of the noise process. Moreover, the zero-error capacity without feedback is lower-bounded by log q - 2h(Z). We explicitly compute the zero-error feedback capacity for several examples, including channels with isolated errors and a Gilbert-Elliot channel.
  • Item
    Thumbnail Image
    Non-Stochastic Hypothesis Testing with Application to Privacy Against Hypothesis-Testing Adversaries
    Farokhi, F (IEEE, 2020-03-12)
    We consider privacy against hypothesis-testing adversaries within a non-stochastic framework. We develop a theory of non-stochastic hypothesis testing by borrowing the notion of uncertain variables from non-stochastic information theory. We define tests as binary-valued mappings on uncertain variables and prove a fundamental bound on the performance of tests in non-stochastic hypothesis testing. We use this bound to develop a measure of privacy. We then construct reporting policies with prescribed privacy and utility guarantees. The utility of a reporting policy is measured by the distance between reported and original values. We illustrate the effects of using such privacy-preserving reporting polices on a publicly- available practical dataset of preferences and demographics of young individuals with Slovakian nationality.
  • Item
    Thumbnail Image
    Temporally discounted differential privacy for evolving datasets on an infinite horizon
    Farokhi, F (IEEE, 2020-05-19)
    We define discounted differential privacy, as an alternative to (conventional) differential privacy, to investigate privacy of evolving datasets, containing time series over an unbounded horizon. We use privacy loss as a measure of the amount of information leaked by the reports at a certain fixed time. We observe that privacy losses are weighted equally across time in the definition of differential privacy, and therefore the magnitude of privacy-preserving additive noise must grow without bound to ensure differential privacy over an infinite horizon. Motivated by the discounted utility theory within the economics literature, we use exponential and hyperbolic discounting of privacy losses across time to relax the definition of differential privacy under continual observations. This implies that privacy losses in distant past are less important than the current ones to an individual. We use discounted differential privacy to investigate privacy of evolving datasets using additive Laplace noise and show that the magnitude of the additive noise can remain bounded under discounted differential privacy. We illustrate the quality of privacy-preserving mechanisms satisfying discounted differential privacy on smart-meter measurement time-series of real households, made publicly available by Ausgrid (an Australian electricity distribution company).
  • Item
    No Preview Available
    The Value of Collaboration in Convex Machine Learning with Differential Privacy
    Wu, N ; Farokhi, F ; Smith, D ; Kaafar, MA (IEEE, 2020)
    In this paper, we apply machine learning to distributed private data owned by multiple data owners, entities with access to non-overlapping training datasets. We use noisy, differentially-private gradients to minimize the fitness cost of the machine learning model using stochastic gradient descent. We quantify the quality of the trained model, using the fitness cost, as a function of privacy budget and size of the distributed datasets to capture the trade-off between privacy and utility in machine learning. This way, we can predict the outcome of collaboration among privacy-aware data owners prior to executing potentially computationally-expensive machine learning algorithms. Particularly, we show that the difference between the fitness of the trained machine learning model using differentially-private gradient queries and the fitness of the trained machine model in the absence of any privacy concerns is inversely proportional to the size of the training datasets squared and the privacy budget squared. We successfully validate the performance prediction with the actual performance of the proposed privacy-aware learning algorithms, applied to: financial datasets for determining interest rates of loans using regression; and detecting credit card frauds using support vector machines.