Summary of Demem: Privacy-enhanced Robust Adversarial Learning Via De-memorization, by Xiaoyu Luo et al.
DeMem: Privacy-Enhanced Robust Adversarial Learning via De-Memorization
by Xiaoyu Luo, Qiongxiu Li
First submitted to arxiv on: 8 Dec 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper tackles the pressing issue of ensuring machine learning models are trustworthy by developing a novel approach to balance privacy protection with model robustness. The researchers analyzed previous studies showing that improving adversarial robustness through training increases vulnerability to privacy attacks, and that differential privacy can mitigate these attacks but often compromises robustness against both natural and adversarial samples. They found that differential privacy disproportionately impacts low-risk samples, causing an unintended performance drop. To address this, they propose DeMem, a method that selectively targets high-risk samples, achieving a better balance between privacy protection and model robustness. DeMem is shown to be effective in reducing privacy leakage while maintaining robustness against both natural and adversarial samples across multiple training methods and datasets. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Machine learning models are important for making predictions and decisions, but they can be tricked into giving wrong answers if the data they use is not trustworthy. One way to make sure the data is good is by using something called differential privacy. This makes it harder for someone to figure out who a piece of data belongs to. But sometimes this makes the model less good at understanding normal data too. The researchers in this paper looked into how to make models better at both keeping data private and being good at what they’re supposed to do. |
Keywords
* Artificial intelligence * Machine learning
