Regression Model Fitting under Differential Privacy and Model Inversion Attack

Differential privacy preserving regression models guarantee protection against attempts to infer whether a subject was included in the training set used to derive a model. It is not designed to protect attribute privacy of a target individual when model inversion attacks are launched. In model inversion attacks, an adversary uses the released model to make predictions of sensitive attributes (used as input to the model) of a target individual when some background information about the target individual is available. Previous research showed that existing differential privacy mechanisms cannot effectively prevent model inversion attacks while retaining model efficacy. In this paper, we develop a novel approach which leverages the functional mechanism to perturb coefficients of the polynomial representation of the objective function but effectively balances the privacy budget for sensitive and non-sensitive attributes in learning the differential privacy preserving regression model. Theoretical analysis and empirical evaluations demonstrate our approach can effectively prevent model inversion attacks and retain model utility.