Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Chernoff Information as a Privacy Constraint for Adversarial Classification (2403.10307v2)

Published 15 Mar 2024 in cs.IT and math.IT

Abstract: This work inspects a privacy metric based on Chernoff information, \textit{Chernoff differential privacy}, due to its significance in characterization of the optimal classifier's performance. Adversarial classification, as any other classification problem is built around minimization of the (average or correct detection) probability of error in deciding on either of the classes in the case of binary classification. Unlike the classical hypothesis testing problem, where the false alarm and mis-detection probabilities are handled separately resulting in an asymmetric behavior of the best error exponent, in this work, we focus on the Bayesian setting and characterize the relationship between the best error exponent of the average error probability and $\varepsilon\textrm{-}$differential privacy \cite{D06}. Accordingly, we re-derive Chernoff differential privacy in terms of $\varepsilon\textrm{-}$differential privacy using the Radon-Nikodym derivative and show that it satisfies the composition property for sequential composition. Subsequently, we present numerical evaluation results, which demonstrates that Chernoff information outperforms Kullback-Leibler divergence as a function of the privacy parameter $\varepsilon$, the impact of the adversary's attack and global sensitivity for the problem of adversarial classification in Laplace mechanisms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (29)
  1. Differential Privacy: On the Trade-Off between Utility and Information Leakage. In Formal Aspects of Security and Trust. Springer Berlin Heidelberg, Berlin, Heidelberg, 39–54.
  2. G. Barthe and B. Köpf. 2011. Information-theoretic Bounds for Differentially Private Mechanisms. In Computer Security Foundations Symposium (Cernay-la-Ville, France). IEEE, New York, NY, USA, 191–204.
  3. P. Billingsley. 1995. Probability and Measure. Wiley, New York.
  4. H. Chernoff. 1952. A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Annals of Mathematical Statistics 23 (1952), 493–507.
  5. T.M. Cover and J. A. Thomas. 1991. Elements of Information Theory. Wiley Series in Telecommunications.
  6. P. Cuff and L. Yu. 2016. Differential Privacy as a Mutual Information Constraint. In CCS 2016, Vienna, Austria. Association for Computing Machinery, New York, NY, United States, 43–54.
  7. Information Measures, Experiments, Multi-category Hypothesis Tests, and Surrogate Losses. ArXiv abs/1603.00126 (2016). https://api.semanticscholar.org/CorpusID:13582051
  8. C. Dwork. 2006. Differential Privacy. In Automata, Languages and Programming. Springer, Berlin, Heidelberg, 1–12.
  9. Our Data, Ourselves: Privacy Via Distributed Noise Generation. In Advances in Cryptology - EUROCRYPT 2006, Serge Vaudenay (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 486–503.
  10. Calibrating Noise to Sensitivity in Private Data Analysis. In Theory of Cryptography Conference. International Association for Cryptologic Research, 265–284.
  11. C. Dwork and A. Roth. 2014. The Algorithmic Foundations of Differential Privacy. Foundations and Trends in Theoretical Computer Science 2014 9 (2014), 211–407.
  12. Adversarial Classification Under Differential Privacy. In NDSS 2020, Network and Distributed Systems Security Symposium, San Diego, CA, USA.
  13. Alpha-Divergence for Classification, Indexing and Retrieval (Revised 2). https://api.semanticscholar.org/CorpusID:12727488
  14. Information-Theoretic Analysis of Neural Coding. Journal of Computational Neuroscience 10 (2001), 47–69.
  15. Don Johnson and Sinan Sinanovic. 2003. Symmetrizing the Kullback-Leibler Distance. (02 2003).
  16. Adversarial Machine Learning. Cambridge University Press, Cambridge.
  17. The Composition Theorem for Differential Privacy. In 32nd International Conference on Machine Learning. JMLR, Inc. and Microtome Publishing (United States), 4037–4049.
  18. S. Kullback. 1959. Information Theory and Statistics. Wiley, New York.
  19. S Kullback and R.A. Leibler. 1951. On Information and Sufficiency. Annals of Mathematical Statistics 22 (1951).
  20. D.J. Mir. 2012. Information Theoretic Foundations of Differential Privacy. In International Symposium of Foundations on Practice of Security. Springer, Berlin, Heidelberg, 374–381.
  21. Ilya Mironov. 2017. Renyi Differential Privacy. (02 2017).
  22. A Kullback-Leibler divergence based kernel for SVM classification in multimedia applications. In Proceedings of the 16th International Conference on Neural Information Processing Systems (Whistler, British Columbia, Canada) (NIPS’03). MIT Press, Cambridge, MA, USA, 1385–1392.
  23. F. Nielsen. 2013. An Information-Geometric Characterization of Chernoff Information. IEEE Signal Processing Letters 20 (Mar. 2013). Issue 3.
  24. Frank Nielsen. 2022. Revisiting Chernoff Information with Likelihood Ratio Exponential Families. Entropy 24, 10 (2022). https://doi.org/10.3390/e24101400
  25. Otton Nikodym. 1930. Sur une généralisation des intégrales de M. J. Radon. Fundamenta Mathematicae 15, 1 (1930), 131–179. http://eudml.org/doc/212339
  26. Nicola Novello and Andrea M. Tonello. 2024. f𝑓fitalic_f-Divergence Based Classification: Beyond the Use of Cross-Entropy. arXiv:2401.01268 [cs.LG]
  27. Ayşe Ünsal and Melek Önen. 2021. A Statistical Threshold for Adversarial Classification in Laplace Mechanisms. In 2021 IEEE Information Theory Workshop (ITW). 1–6. https://doi.org/10.1109/ITW48936.2021.9611472
  28. Ayse Ünsal and Melek Önen. 2022. Calibrating the attack to sensitivity in differentially private mechanisms. Journal of Cybersecurity and Privacy 2, 4 (October 2022).
  29. On the Relation Between Identifiability, Differential Privacy and Mutual Information Privacy. IEEE Transactions on Information Theory 62 (Sep. 2016), 5018–5029. Issue 9.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now