Saved in:
Bibliographic Details
Main Authors: Liu, Terrance, Boglioni, Matteo, Fu, Yiwei, Hu, Shengyuan, Thaker, Pratiksha, Wu, Zhiwei Steven
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.15349
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912438051405824
author Liu, Terrance
Boglioni, Matteo
Fu, Yiwei
Hu, Shengyuan
Thaker, Pratiksha
Wu, Zhiwei Steven
author_facet Liu, Terrance
Boglioni, Matteo
Fu, Yiwei
Hu, Shengyuan
Thaker, Pratiksha
Wu, Zhiwei Steven
contents Differential privacy (DP) auditing aims to provide empirical lower bounds on the privacy guarantees of DP mechanisms like DP-SGD. While some existing techniques require many training runs that are prohibitively costly, recent work introduces one-run auditing approaches that effectively audit DP-SGD in white-box settings while still being computationally efficient. However, in the more practical black-box setting where gradients cannot be manipulated during training and only the last model iterate is observed, prior work shows that there is still a large gap between the empirical lower bounds and theoretical upper bounds. Consequently, in this work, we study how incorporating approaches for stronger membership inference attacks (MIA) can improve one-run auditing in the black-box setting. Evaluating on image classification models trained on CIFAR-10 with DP-SGD, we demonstrate that our proposed approach, which utilizes quantile regression for MIA, achieves tighter bounds while crucially maintaining the computational efficiency of one-run methods.
format Preprint
id arxiv_https___arxiv_org_abs_2506_15349
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Enhancing One-run Privacy Auditing with Quantile Regression-Based Membership Inference
Liu, Terrance
Boglioni, Matteo
Fu, Yiwei
Hu, Shengyuan
Thaker, Pratiksha
Wu, Zhiwei Steven
Machine Learning
Cryptography and Security
Differential privacy (DP) auditing aims to provide empirical lower bounds on the privacy guarantees of DP mechanisms like DP-SGD. While some existing techniques require many training runs that are prohibitively costly, recent work introduces one-run auditing approaches that effectively audit DP-SGD in white-box settings while still being computationally efficient. However, in the more practical black-box setting where gradients cannot be manipulated during training and only the last model iterate is observed, prior work shows that there is still a large gap between the empirical lower bounds and theoretical upper bounds. Consequently, in this work, we study how incorporating approaches for stronger membership inference attacks (MIA) can improve one-run auditing in the black-box setting. Evaluating on image classification models trained on CIFAR-10 with DP-SGD, we demonstrate that our proposed approach, which utilizes quantile regression for MIA, achieves tighter bounds while crucially maintaining the computational efficiency of one-run methods.
title Enhancing One-run Privacy Auditing with Quantile Regression-Based Membership Inference
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2506.15349