Privacy Risks and Memorization of Spurious Correlated Data
Track: regular paper (up to 6 pages)
Keywords: spurious correlation, privacy, membership inference attacks
Abstract: Neural networks are vulnerable to privacy attacks aimed at stealing sensitive data.
The risks are amplified in real-world scenario when models are trained on limited and biased data.
In this work, we investigate the impact of spurious correlation bias on privacy vulnerability.
We introduce _spurious privacy leakage_, a phenomenon where spurious groups are more vulnerable to privacy attacks compared to other groups.
Through empirical analysis, we counterintuitively demonstrate that reducing spurious correlation fails to address the privacy disparity between groups.
This leads us to introduce a new perspective on privacy disparity based on data memorization. We show that mitigating spurious correlation does not reduce the degree of data memorization, and therefore, neither the privacy risks.
Our findings highlight the need to rethink privacy with spurious learning.
Anonymization: This submission has been anonymized for double-blind review via the removal of identifying information such as names, affiliations, and identifying URLs.
Presenter: ~Chenxiang_Zhang1
Format: Yes, the presenting author will attend in person if this work is accepted to the workshop.
Funding: No, the presenting author of this submission does *not* fall under ICLR’s funding aims, or has sufficient alternate funding.
Submission Number: 7
Loading