Tesi etd-02062024-020120 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
JORNEA, ION
URN
etd-02062024-020120
Titolo
Privacy issues in AI: testing the effectiveness of differential privacy on black box and explainable AI models
Dipartimento
INFORMATICA
Corso di studi
DATA SCIENCE AND BUSINESS INFORMATICS
Relatori
relatore Prof.ssa Monreale, Anna
relatore Dott.ssa Naretto, Francesca
relatore Dott.ssa Naretto, Francesca
Parole chiave
- black box
- differential privacy
- explainable AI
- machine learning
- membership inference
- privacy exposure
Data inizio appello
23/02/2024
Consultabilità
Non consultabile
Data di rilascio
23/02/2094
Riassunto
The usage of machine learning models is spreading at incredibly fast rates over all fields of human endeavour. The decisions taken by these systems however are not always easily understandable by humans, which prompted the development of the field of explainable AI (XAI) to ensure transparency and trustworthiness of such systems. Growing concerns are also rising for the level of privacy protection these models are able to ensure when they are faced by malicious attackers.
This thesis assesses the privacy risk of both opaque black box models as well as more transparent XAI models when threatened by the class of membership inference attacks. Subsequently, it employs and tests the effectiveness of differential privacy, a widespread framework for privacy risk mitigation, when defending against such attacks. The empirical results provide insights for future developments of privacy-preserving techniques, highlighting strengths and weaknesses of differential privacy.
This thesis assesses the privacy risk of both opaque black box models as well as more transparent XAI models when threatened by the class of membership inference attacks. Subsequently, it employs and tests the effectiveness of differential privacy, a widespread framework for privacy risk mitigation, when defending against such attacks. The empirical results provide insights for future developments of privacy-preserving techniques, highlighting strengths and weaknesses of differential privacy.
File
Nome file | Dimensione |
---|---|
Tesi non consultabile. |