Differentially private online active learning with applications to anomaly detection

TY - GEN

T1 - Differentially private online active learning with applications to anomaly detection

AU - Ghassemi, Mohsen

AU - Sarwate, Anand D.

AU - Wright, Rebecca N.

N1 - Funding Information: This material is based upon work supported by the U.S. Department of Homeland Security under Award Number 2009-ST-061-CCI002, by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, Pacific (SSC Pacific) under contract No. N66001-15-C-4070, and by the National Science Foundation under award 1453432. Publisher Copyright: © 2016 ACM.

PY - 2016/10/28

Y1 - 2016/10/28

N2 - In settings where data instances are generated sequentially or in streaming fashion, online learning algorithms can learn predictors using incremental training algorithms such as stochastic gradient descent. In some security applications such as training anomaly detectors, the data streams may consist of private information or transactions and the output of the learning algorithms may reveal information about the training data. Differential privacy is a framework for quantifying the privacy risk in such settings. This paper proposes two differentially private strategies to mitigate privacy risk when training a classifier for anomaly detection in an online setting. The first is to use a randomized active learning heuristic to screen out uninformative data points in the stream. The second is to use mini-batching to improve classifier performance. Experimental results show how these two strategies can trade off privacy, label complexity, and generalization performance.

AB - In settings where data instances are generated sequentially or in streaming fashion, online learning algorithms can learn predictors using incremental training algorithms such as stochastic gradient descent. In some security applications such as training anomaly detectors, the data streams may consist of private information or transactions and the output of the learning algorithms may reveal information about the training data. Differential privacy is a framework for quantifying the privacy risk in such settings. This paper proposes two differentially private strategies to mitigate privacy risk when training a classifier for anomaly detection in an online setting. The first is to use a randomized active learning heuristic to screen out uninformative data points in the stream. The second is to use mini-batching to improve classifier performance. Experimental results show how these two strategies can trade off privacy, label complexity, and generalization performance.

KW - Active learning

KW - Anomaly detection

KW - Differential privacy

KW - Online learning

KW - Stochastic gradient descent

UR - http://www.scopus.com/inward/record.url?scp=85002235360&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85002235360&partnerID=8YFLogxK

U2 - https://doi.org/10.1145/2996758.2996766

DO - https://doi.org/10.1145/2996758.2996766

M3 - Conference contribution

T3 - AISec 2016 - Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2016

SP - 117

EP - 128

BT - AISec 2016 - Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2016

PB - Association for Computing Machinery, Inc

T2 - 9th ACM Workshop on Artificial Intelligence and Security, AISec 2016

Y2 - 28 October 2016

ER -