Path7.Mod1.f - Responsible AI Dashboard - Privacy and Security, Differential Privacy

Question 1

Two open source packages to enable Privacy and Security

Answer 1

• SmartNoise: contains components for building differentially private systems
• Counterfit: lets developers simulate cyberattacks against AI systems using available adversarial frameworks (or create your own)

Question 2

Describe Differential Privacy and how Azure uses it

Answer 2

Azure implements differential privacy by randomizing data and adding noise to conceal PII from data scientists

Question 3

Explain what Epsilon ∈ is in the Differential Privacy equation and how affects the result

Answer 3

The common form of Differential Privacy is ∈-Differential Privacy. The ∈ value is a non-negative value that measures the privacy loss in the data.

Lower ∈ Values: More Privacy (i.e. more Noise added) / Less Accuracy
Higher ∈ Values: Less Privacy (i.e. less Noise added) / More Accuracy

Accuracy refers to the accuracy of your Model, which gets trained with higher degrees of “noise” when Epsilon is lower.

Question 4

PB NAI PATo MQ

How Epsilon ∈ is used in Differential Privacy

Answer 4

1. Privacy Budget: You set an ∈ value as your privacy budget before running queries or training models
2. Noise Addition/Injection: Based on the ∈ value, a calculated amount of noise is added to the query results or model outputs. Common noise-generating distributions used are Laplace and Gaussian distributions.
3. Privacy-Accuracy Trade-off: Adjust ∈ to control the trade-off between privacy and accuracy.
4. Multiple Queries: If multiple queries are run on the data, the ∈ values for each query are typically summed to get the total privacy budget spent.

Accuracy refers to the accuracy of your Model. The more noise added, the less accurate your Model will be since it’s training on “noisy” data.

Question 5

Explain what your Privacy Budget represents and how you use it up

Answer 5

Privacy Budget is the amount of privacy loss that is “acceptable”. When you run multiple queries against a data set, total privacy loss accumulates. The accumulation is measured by summing up the Epsilon value per query.

Question 6

Ta At BA RA

How Counterfit is used

Answer 6

1. Select a Target
2. Select an Attack
3. Build the Attack against the Target
4. Run the Attack

Example code:

import counterfit
import counterfit.targets as targets

target = targets.CreditFraud()
target.load()
attack_name = 'hop_skip_jump'
new_attack = counterfit.Counterfit.build_attack(target, attack_name)
results = counterfit.Counterfit.run_attack(new_attack)

Question 7

Te Im Ta

The three supported Target Types in Counterfit

Answer 7

Text, Image and Tabular

Question 8

Attacks can be configured to work against any Target, though they have default compatible types (T/F)

Answer 8

False. An Attack is compatible with specifc Target types. They cannot work on just any type.