Path7.Mod1.f - Responsible AI Dashboard - Privacy and Security, Differential Privacy Flashcards
Augmented Learning: Privacy and Security https://learn.microsoft.com/en-us/azure/machine-learning/concept-responsible-ai?view=azureml-api-2 Differential privacy https://github.com/opendp/smartnoise-core Counterfit https://github.com/Azure/counterfit/#Getting-Started
Two open source packages to enable Privacy and Security
- SmartNoise: contains components for building differentially private systems
- Counterfit: lets developers simulate cyberattacks against AI systems using available adversarial frameworks (or create your own)
Describe Differential Privacy and how Azure uses it
Azure implements differential privacy by randomizing data and adding noise to conceal PII from data scientists
Explain what Epsilon ∈ is in the Differential Privacy equation and how affects the result
The common form of Differential Privacy is ∈-Differential Privacy. The ∈ value is a non-negative value that measures the privacy loss in the data.
Lower ∈ Values: More Privacy (i.e. more Noise added) / Less Accuracy
Higher ∈ Values: Less Privacy (i.e. less Noise added) / More Accuracy
Accuracy refers to the accuracy of your Model, which gets trained with higher degrees of “noise” when Epsilon is lower.
PB NAI PATo MQ
How Epsilon ∈ is used in Differential Privacy
- Privacy Budget: You set an ∈ value as your privacy budget before running queries or training models
- Noise Addition/Injection: Based on the ∈ value, a calculated amount of noise is added to the query results or model outputs. Common noise-generating distributions used are Laplace and Gaussian distributions.
- Privacy-Accuracy Trade-off: Adjust ∈ to control the trade-off between privacy and accuracy.
- Multiple Queries: If multiple queries are run on the data, the ∈ values for each query are typically summed to get the total privacy budget spent.
Accuracy refers to the accuracy of your Model. The more noise added, the less accurate your Model will be since it’s training on “noisy” data.
Explain what your Privacy Budget represents and how you use it up
Privacy Budget is the amount of privacy loss that is “acceptable”. When you run multiple queries against a data set, total privacy loss accumulates. The accumulation is measured by summing up the Epsilon value per query.
Ta At BA RA
How Counterfit is used
- Select a Target
- Select an Attack
- Build the Attack against the Target
- Run the Attack
Example code:
import counterfit import counterfit.targets as targets target = targets.CreditFraud() target.load() attack_name = 'hop_skip_jump' new_attack = counterfit.Counterfit.build_attack(target, attack_name) results = counterfit.Counterfit.run_attack(new_attack)
Te Im Ta
The three supported Target Types in Counterfit
Text, Image and Tabular
Attacks can be configured to work against any Target, though they have default compatible types (T/F)
False. An Attack is compatible with specifc Target types. They cannot work on just any type.
