The remarkable proliferation of deep learning across various industries has underscored the importance of data privacy and security in AI pipelines. As the evolution of sophisticated Membership Inference Attacks (MIAs) threatens the secrecy of individual-specific information used for training deep learning models, Differential Privacy (DP) raises as one of the most utilized techniques to protect models against malicious attacks. However, despite its proven theoretical properties, DP can significantly hamper model performance and increase training time, turning its use impractical in real-world scenarios. Tackling this issue, we present Discriminative Adversarial Privacy (DAP), a novel learning technique designed to address the limitations of DP by achieving a balance between model performance, speed, and privacy. DAP relies on adversarial training based on a novel loss function able to minimise the prediction error while maximising the MIA's error. In addition, we introduce a novel metric named Accuracy Over Privacy (AOP) to capture the performance-privacy trade-off. Finally, to validate our claims, we compare DAP with diverse DP scenarios, providing an analysis of the results from performance, time, and privacy preservation perspectives.

翻译：深度学习在各行各业的显著普及，凸显了AI流程中数据隐私与安全的重要性。随着精密成员推断攻击（MIA）的演进威胁到训练深度学习模型所使用的个人特定信息的保密性，差分隐私（DP）成为保护模型免受恶意攻击的最常用技术之一。然而，尽管DP具有经过验证的理论特性，它可能显著降低模型性能并增加训练时间，使其在实际场景中难以应用。针对这一问题，我们提出了判别性对抗隐私（DAP），这是一种新颖的学习技术，旨在通过平衡模型性能、速度和隐私来克服DP的局限性。DAP依赖于基于新型损失函数的对抗训练，该损失函数能够在最小化预测误差的同时最大化MIA的误差。此外，我们引入了一种名为“准确性与隐私权衡比”（AOP）的新指标来捕捉性能-隐私之间的权衡。最后，为了验证我们的主张，我们将DAP与多种DP场景进行比较，从性能、时间和隐私保护角度对结果进行分析。