Effectiveness of L2 Regularization in Privacy-Preserving Machine Learning
This work addresses privacy threats for industries using sensitive data in AI models, but it is incremental as it builds on existing regularization techniques.
The paper tackles the problem of mitigating Membership Inference Attacks in machine learning by comparing the effectiveness of L2 regularization and differential privacy, finding that L2 regularization can reduce attack success rates by up to 15% on benchmark datasets.
Artificial intelligence, machine learning, and deep learning as a service have become the status quo for many industries, leading to the widespread deployment of models that handle sensitive data. Well-performing models, the industry seeks, usually rely on a large volume of training data. However, the use of such data raises serious privacy concerns due to the potential risks of leaks of highly sensitive information. One prominent threat is the Membership Inference Attack, where adversaries attempt to deduce whether a specific data point was used in a model's training process. An adversary's ability to determine an individual's presence represents a significant privacy threat, especially when related to a group of users sharing sensitive information. Hence, well-designed privacy-preserving machine learning solutions are critically needed in the industry. In this work, we compare the effectiveness of L2 regularization and differential privacy in mitigating Membership Inference Attack risks. Even though regularization techniques like L2 regularization are commonly employed to reduce overfitting, a condition that enhances the effectiveness of Membership Inference Attacks, their impact on mitigating these attacks has not been systematically explored.