如何评估模型的隐私性.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.I N V 5 1 6Can your model keep a secret?How to assess the privacy of your modelMartin BertranHe/Him/HisRongting ZhangHe/Him/His 2025,Amazon Web Services,Inc.or its a

2、ffiliates.All rights reserved.AgendaWhy privacy mattersPotential risksWhat is a privacy leakTypes of privacy leaksCase Study Defenses and Mitigations 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Why Privacy mattersPrivacy builds trustShow measurable protection to earn user and

3、partner confidence.Privacy regulationsPrivacy laws regulate the usage of data 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Potential RisksReproductionModels may occasionally reproduce uncommon patterns from their training data.Model sharingAPIs or shared weights introduce acces

4、s points that require careful managementInference leakageModel signals(e.g.,logits,embeddings)can sometimes enable membership inference.Generative driftFine-tuning or updates can shift outputs and bring earlier patterns back to the surface.2025,Amazon Web Services,Inc.or its affiliates.All rights re

5、served.What is a Privacy Leak?Membership inferenceCan an external party tell whether someones data contributed to training?Could sharing data allow others to infer participation?Reconstruction AttacksTo what extent could someone derive detailed data from model outputs?Attribute InferenceCould someon

6、e draw conclusions about sensitive attributes that were not explicitly shared?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Membership inferenceUser shares a data record with a model provider:Can an external party infer that this record was included?Could participation create un