Privacy-Preserving Adversarial Networks
This work addresses privacy concerns in data sharing for applications like machine learning, but it is incremental as it builds on adversarial training and mutual information concepts.
The paper tackles the problem of optimizing privacy-preserving data release mechanisms to achieve an information-theoretically optimal tradeoff between minimizing distortion of useful data and concealing sensitive information, with results showing that their model-agnostic approach achieves tradeoff points close to analytically-derived optimal tradeoffs on synthetic data and demonstrates a learned tradeoff on MNIST data.
We propose a data-driven framework for optimizing privacy-preserving data release mechanisms to attain the information-theoretically optimal tradeoff between minimizing distortion of useful data and concealing specific sensitive information. Our approach employs adversarially-trained neural networks to implement randomized mechanisms and to perform a variational approximation of mutual information privacy. We validate our Privacy-Preserving Adversarial Networks (PPAN) framework via proof-of-concept experiments on discrete and continuous synthetic data, as well as the MNIST handwritten digits dataset. For synthetic data, our model-agnostic PPAN approach achieves tradeoff points very close to the optimal tradeoffs that are analytically-derived from model knowledge. In experiments with the MNIST data, we visually demonstrate a learned tradeoff between minimizing the pixel-level distortion versus concealing the written digit.