| CPC G06N 3/084 (2013.01) [G06N 3/045 (2023.01); G06N 3/088 (2013.01); G06N 5/04 (2013.01)] | 18 Claims |
|
1. A computer-implemented method, comprising:
iteratively training a machine learning model using a computing device comprising one or more processors and one or more memories storing instructions that, when executed by the one or more processors, cause the computing device to perform operations comprising, for each iteration:
transforming training data into transformed training data using a differential privacy mechanism;
determining a classifier loss of the machine learning model using the transformed training data, wherein determining the classifier loss comprises:
generating a class prediction loss using a classifier of the machine learning model based on a predicted class for the transformed training data produced by the classifier and an actual class for the training data;
generating a membership inference loss using an adversary membership inference model based on an inference produced by the adversary membership inference model that a given record in the transformed training data is a member of the training data and an actual membership of the given record; and
combining the class prediction loss and the membership inference loss to generate the classifier loss;
training the adversary membership inference model, comprising:
determining a first membership inference loss based on class prediction output of the classifier for the transformed training data;
determining a second membership inference loss based on class prediction output of the classifier for a test data set; and
determining an adversary loss based on a combination of the first membership inference loss and the second membership inference loss;
updating the classifier of the machine learning model using the classifier loss; and
updating a confidence parameter of the differential privacy mechanism using the classifier loss, wherein the confidence parameter defines a privacy budget for transforming the training data into the transformed training data,
wherein the iterative training continues until the classifier loss is less than a specified threshold or a specified maximum number of iterations has been performed.
|