학술논문
DP-Sniper: Black-Box Discovery of Differential Privacy Violations using Classifiers
Document Type
Conference
Source
2021 IEEE Symposium on Security and Privacy (SP) SP Security and Privacy (SP), 2021 IEEE Symposium on. :391-409 May, 2021
Subject
Language
ISSN
2375-1207
Abstract
We present DP-Sniper, a practical black-box method that automatically finds violations of differential privacy.DP-Sniper is based on two key ideas: (i) training a classifier to predict if an observed output was likely generated from one of two possible inputs, and (ii) transforming this classifier into an approximately optimal attack on differential privacy.Our experimental evaluation demonstrates that DP-Sniper obtains up to 12.4 times stronger guarantees than state-of-the-art, while being 15.5 times faster. Further, we show that DP-Sniper is effective in exploiting floating-point vulnerabilities of naively implemented algorithms: it detects that a supposedly 0.1-differentially private implementation of the Laplace mechanism actually does not satisfy even 0.25-differential privacy.