Trade-offs and Guarantees in Adversarial Representation Learning for Attribute Obfuscation and Inference
With the prevalence of machine learning services, crowdsourced data might carry sensitive information about attributes that users do not want to share. Various methods have been proposed to minimize the potential information leakage of sensitive attributes while preserving target accuracy simultaneously. However, little is known about the theory behind. In light of this gap, we develop a novel theoretical framework for attribute obfuscation. Under our framework, we propose a minimax optimization formulation to protect the given attribute and analyze its inference guarantees against worst-case adversaries. On the other hand, it is clear that there is a tension between minimizing information leakage and maximizing task accuracy. To this end, we also prove an information-theoretic lower bound to precisely characterize the fundamental trade-off between accuracy and information leakage. Empirically, we conduct experiments on two real-world datasets to corroborate the inference guarantees and validate the inherent trade-offs therein. Our experimental results indicate that, among several alternatives, the adversarial learning approach achieves the best trade-off in terms of attribute obfuscation and accuracy maximization.
- David Evans (Chair)
- Yuan Tian (Advisor)
- Yangfeng Ji
- David Wu