You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tabular queries and tabular synthetic data are amenable to attack by the "Leave One Out" idealized attack in [1]. This can be used in conjunction with the Bayesian empirical privacy estimation utility at [2].
Effectiveness of LOO attack depends on choosing the best candidates to allow singling out while being maximally mutually distinguishable. We could provide a utility to choose these candidates and run the MIA attack.
Desiderata:
P0: Enable strongest possible LOO attack
P1: Enable LOO attack with slightly relaxed assumptions about how distinguishable the candidates are
P1: Enable LOO attack with candidates chosen uniformly at random (show average success rate of adversary)
P2: Enable LOO attack based on metadata about which columns are considered more or less public, and what portion of population the adversary is assumed to have auxiliary information about.
Tabular queries and tabular synthetic data are amenable to attack by the "Leave One Out" idealized attack in [1]. This can be used in conjunction with the Bayesian empirical privacy estimation utility at [2].
Effectiveness of LOO attack depends on choosing the best candidates to allow singling out while being maximally mutually distinguishable. We could provide a utility to choose these candidates and run the MIA attack.
Desiderata:
P0: Enable strongest possible LOO attack
P1: Enable LOO attack with slightly relaxed assumptions about how distinguishable the candidates are
P1: Enable LOO attack with candidates chosen uniformly at random (show average success rate of adversary)
P2: Enable LOO attack based on metadata about which columns are considered more or less public, and what portion of population the adversary is assumed to have auxiliary information about.
[1] https://arxiv.org/abs/2111.09679
[2] https://github.com/microsoft/responsible-ai-toolbox-privacy
The text was updated successfully, but these errors were encountered: