Why Does Differential Privacy with Large Epsilon Defend Against Practical Membership Inference Attacks?

arXiv:2402.09540v1 Announce Type: new
Abstract: For small privacy parameter $\epsilon$, $\epsilon$-differential privacy (DP) provides a strong worst-case guarantee that no membership inference attack (MIA) can succeed at determining whether a person's data was used to train a machine learning model. The guarantee of DP is worst-case because: a) it holds even if the attacker already knows the records of all but one person in the data set; and b) it holds uniformly over all data sets. In practical applications, such …

arxiv attack attacks can case cs.ai cs.cr cs.lg data differential privacy guarantee large machine machine learning parameter privacy train