Timezone: »

 
Poster
Alleviating Privacy Attacks via Causal Learning
Shruti Tople · Amit Sharma · Aditya Nori

Wed Jul 15 08:00 AM -- 08:45 AM & Wed Jul 15 09:00 PM -- 09:45 PM (PDT) @
in Poster Session 22 »

Machine learning models, especially deep neural networks have been shown to be susceptible to privacy attacks such as membership inference where an adversary can detect whether a data point was used for training a black-box model. Such privacy risks are exacerbated when a model's predictions are used on an unseen data distribution. To alleviate privacy attacks, we demonstrate the benefit of predictive models that are based on the causal relationship between input features and the outcome. We first show that models learnt using causal structure generalize better to unseen data, especially on data from different distributions than the train distribution. Based on this generalization property, we establish a theoretical link between causality and privacy: compared to associational models, causal models provide stronger differential privacy guarantees and are more robust to membership inference attacks. Experiments on simulated Bayesian networks and the colored-MNIST dataset show that associational models exhibit up to 80% attack accuracy under different test distributions and sample sizes whereas causal models exhibit attack accuracy close to a random guess.

Keywords: Causality · Privacy-preserving Statistics and Machine Learning

Author Information

Shruti Tople (Microsoft Research)
Amit Sharma (Microsoft Research)
Aditya Nori (Microsoft Research Cambridge)

More from the Same Authors