Path7.Mod1.f - Responsible AI Dashboard - Privacy and Security, Differential Privacy Flashcards

Augmented Learning: Privacy and Security https://learn.microsoft.com/en-us/azure/machine-learning/concept-responsible-ai?view=azureml-api-2 Differential privacy https://github.com/opendp/smartnoise-core Counterfit https://github.com/Azure/counterfit/#Getting-Started

1
Q

Two open source packages to enable Privacy and Security

A
  • SmartNoise: contains components for building differentially private systems
  • Counterfit: lets developers simulate cyberattacks against AI systems using available adversarial frameworks (or create your own)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe Differential Privacy and how Azure uses it

A

Azure implements differential privacy by randomizing data and adding noise to conceal PII from data scientists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain what Epsilon ∈ is in the Differential Privacy equation and how affects the result

A

The common form of Differential Privacy is ∈-Differential Privacy. The ∈ value is a non-negative value that measures the privacy loss in the data.

Lower ∈ Values: More Privacy (i.e. more Noise added) / Less Accuracy
Higher ∈ Values: Less Privacy (i.e. less Noise added) / More Accuracy

Accuracy refers to the accuracy of your Model, which gets trained with higher degrees of “noise” when Epsilon is lower.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PB NAI PATo MQ

How Epsilon ∈ is used in Differential Privacy

A
  1. Privacy Budget: You set an value as your privacy budget before running queries or training models
  2. Noise Addition/Injection: Based on the value, a calculated amount of noise is added to the query results or model outputs. Common noise-generating distributions used are Laplace and Gaussian distributions.
  3. Privacy-Accuracy Trade-off: Adjust to control the trade-off between privacy and accuracy.
  4. Multiple Queries: If multiple queries are run on the data, the values for each query are typically summed to get the total privacy budget spent.

Accuracy refers to the accuracy of your Model. The more noise added, the less accurate your Model will be since it’s training on “noisy” data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain what your Privacy Budget represents and how you use it up

A

Privacy Budget is the amount of privacy loss that is “acceptable”. When you run multiple queries against a data set, total privacy loss accumulates. The accumulation is measured by summing up the Epsilon value per query.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ta At BA RA

How Counterfit is used

A
  1. Select a Target
  2. Select an Attack
  3. Build the Attack against the Target
  4. Run the Attack

Example code:

import counterfit
import counterfit.targets as targets

target = targets.CreditFraud()
target.load()
attack_name = 'hop_skip_jump'
new_attack = counterfit.Counterfit.build_attack(target, attack_name)
results = counterfit.Counterfit.run_attack(new_attack)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Te Im Ta

The three supported Target Types in Counterfit

A

Text, Image and Tabular

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attacks can be configured to work against any Target, though they have default compatible types (T/F)

A

False. An Attack is compatible with specifc Target types. They cannot work on just any type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly