Abstract
In the era of digitization, the importance of data is increasing rapidly. This presents chal-lenges for organizations seeking to share or process them securely. Machine Learning (ML) presents a potential solution by transforming raw data into analyzable models. However, this approach is not without risks, as evidenced by instances of attacks resulting in the compromise of sensitive information. These kinds of attack can, for example, result in the leakage of personal data.Within the European Union (EU), the General Data Protection Regulation (GDPR) is cre-ated to protect the privacy and of Data subjects (DSs) within the EU. This requires or-ganizations to protect their data so that privacy breaches should not occur. A potential safeguard against such ML attacks are Privacy Enhancing Technologies (PETs) and Privacy Preserving Mechanisms (PPMs) which have been proposed to guarantee data protection. This includes the technology called Differential Privacy (DP), which has emerged rapidly in the last decade. However, the efficacy of these measures in aligning with the stringent requirements of the GDPR remains uncertain. This study investigates the limitations and benefits of using DP to protect the privacy of DSs against ML attacks. An extensive liter-ature review establishes the conceptual framework and elucidates key methodologies and regulatory provisions under the GDPR. Subsequently, an experimental approach is used, first to assess the vulnerability of a non-DP image classification model to Membership In-ference Attacks (Membership Inference Attacks) and then to assess the effectiveness of DP in mitigating such risks. Combining these results, a clear understanding is established of whether DP has an impact on the privacy of data subjects and whether this could comply with the GDPR. In addition, steps have been taken to audit such implementation in light of the GDPR.
The findings reveal that while DP introduces noise and decreases the accuracy of the model, it does not completely eliminate vulnerabilities to attacks (which leads to information leak-age). Despite this result, the study shows that DP can provide a degree of protection against certain types of attack. However, it also highlights the ongoing challenges in achieving comprehensive GDPR compliance, particularly from the point of view of an adversary. This study shows that it does not meet the GDPR requirements. The experiment, con-ducted using Convolutional Neural Network architectures, with Fashion_MNIST and CI-FAR10 datasets and various DP parameters, consistently yielded results indicating the per-sistence of vulnerabilities despite privacy measures. It is important to note that this re-search focuses on specific models and the implementation of DP, and further investigation is warranted in different contexts. In addition, this research takes the point of view of the adversary in combination with the interpretation that even one leak is to many. If other researchers finds this point of view valuable, processes should be formed toward audit-ing implementations. In conclusion, while the study underscores the potential of DP to enhance model privacy, it emphasizes the need for continued research and refinement of techniques to meet the evolving regulatory landscape and ensure robust data protection standards considering the GDPR.
Date of Award | 17 Dec 2024 |
---|---|
Original language | English |
Supervisor | Mina Sheikh Alishahi (Examiner) & Clara Maathuis (Co-assessor) |
Master's Degree
- Master Software Engineering